Skip to content

[CORRUPTED] Synthetic Benchmark PR #49578 - fix(updater): Stop expiring secret prematurely#20

Open
tomerqodo wants to merge 3 commits intobase_pr_49578_20251204_2156from
corrupted_pr_49578_20251204_2156
Open

[CORRUPTED] Synthetic Benchmark PR #49578 - fix(updater): Stop expiring secret prematurely#20
tomerqodo wants to merge 3 commits intobase_pr_49578_20251204_2156from
corrupted_pr_49578_20251204_2156

Conversation

@tomerqodo
Copy link

@tomerqodo tomerqodo commented Dec 4, 2025

Benchmark PR nextcloud#49578

Type: Corrupted (contains bugs)

Original PR Title: fix(updater): Stop expiring secret prematurely
Original PR Description: <!--

  • 🚨 SECURITY INFO
  • Before sending a pull request that fixes a security issue please report it via our HackerOne page (https://hackerone.com/nextcloud) following our security policy (https://nextcloud.com/security/). This allows us to coordinate the fix and release without potentially exposing all Nextcloud servers and users in the meantime.
    -->

Summary

nextcloud#43967 introduced a regression in the handling of the expiration of updater.secret. The result is that updater.secret is expired at the next job interval (~10 minutes). If the web Updater takes >10 minutes this prevents it from continuing.

  • Fixed expiration handling
  • Added logging when we expire the secret
  • Added cleanup of the updater.secret.created value when we expire a secret
  • Added handling for config_is_read_only in the AdminController
  • Changed ResetToken background job unit tests to catch the scenario addressed by this PR
  • Expanded ResetToken background job unit test coverage in general
  • Expanded AdminController unit test coverage in general

TODO

  • Tests: Confirm new tests are working (I eliminated the static used in the ResetToken test since it didn't seem to serve a purpose but I may have broken it so may require another look)

Checklist

Original PR URL: nextcloud#49578

joshtrichards and others added 3 commits October 21, 2025 11:06
@joshtrichards @artonge
fix(updater): Stop expiring secret prematurely
f600f26 
Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
@artonge @nickvergessen
refactor: adjust updater code to match code style
7f3ef27 
Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Signed-off-by: Louis Chmn <louis@chmn.me>
@tomerqodo
Apply changes for benchmark PR
9a6d8dc
@schmidchr
Copy link

schmidchr commented Dec 14, 2025

Not sure if the appropriate place to comment? This is also to give feedback on a notable improvement with the latest upgrade to 32.0.3.
The precise function of this "updater.secret" (as additional password?) in the upgrading process is not precisely clear to me, but I assume some security relevance.
Since Nextcloud 28 (May 2024) each upgrade required to apply a cumbersome procedure to manually set a new updater.secret, as described in https://help.nextcloud.com/t/cant-access-nextcloud-need-updater-secret/62348/6.

Observed in the latest sucessful(!) upgrade to Nextcloud 32.0.3 on Ubuntu 22.04.5 LTS:
-> this requirement vanished, no longer any (additional step to authenticate !?

  • possibly due to an extended lifespan of the "updater.secret", and/or an automatic process to set the corresponding value in the config.php ?

Unfortunately I could not identify a corresponding documentation in the release notes.
Given the presumed security relevance, where can I find a documentation understandable for admins of instances not involved in development?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tomerqodo @schmidchr @joshtrichards @artonge