[Bug]: Cannot login after upgrade to 24.0.7

[dell-mic]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• Nextcloud Server is running on 64bit capable CPU, PHP and OS.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

After upgrading from 24.0.6 to 24.0.7 (via web-based updater / no errors reported) no user can login any more to the instance. The browser gets returned a 500 error response without content. In the logs there is only a single entry which seems to be related:

{"reqId":"Y2-i4yhbavWqbiwugt_ZLAAADhg","level":3,"time":"2022-11-12T13:42:59+00:00","remoteAddr":"109.250.134.113","user":"xxx","app":"PHP","method":"POST","url":"/index.php/login","message":"Nesting level too deep - recursive dependency? at /www/htdocs/wxxx/nextcloud/lib/private/Log/ExceptionSerializer.php#220","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36","version":"24.0.7.1","data":{"app":"PHP"}}

For existing sessions everything seems to work fine.

I tried already disabling all authentication related apps without success.

After I downgrade to 24.0.6 login is working again.

Steps to reproduce

1. Upgrade to 24.0.7
2. Log in via browser / mobile client

Expected behavior

Can still log in

Installation method

Community Web installer on a VPS or web space

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.1

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Updated from a minor version (ex. 22.2.3 to 22.2.4)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "xxx.yyy.org"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "24.0.7.1",
        "overwrite.cli.url": "http:\/\/xxx.yyyy.org",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "pTZW3_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "tempdirectory": "\/www\/htdocs\/xxx\/tmp\/",
        "mail_smtpmode": "sendmail",
        "mail_sendmailmode": "pipe",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "theme": "",
        "loglevel": 0,
        "app_install_overwrite": [
            "occweb",
            "files_external_dropbox",
            "suspicious_login"
        ],
        "trashbin_retention_obligation": "30, 90",
        "twofactor_enforced": "true",
        "twofactor_enforced_groups": [],
        "twofactor_enforced_excluded_groups": [],
        "updater.release.channel": "stable",
        "default_phone_region": "DE",
        "enabledPreviewProviders": [
            "OC\\Preview\\PNG",
            "OC\\Preview\\JPEG",
            "OC\\Preview\\GIF",
            "OC\\Preview\\BMP",
            "OC\\Preview\\XBitmap",
            "OC\\Preview\\MP3",
            "OC\\Preview\\TXT",
            "OC\\Preview\\MarkDown",
            "OC\\Preview\\OpenDocument",
            "OC\\Preview\\Krita",
            "OC\\Preview\\HEIC"
        ],
        "updater.secret": "***REMOVED SENSITIVE VALUE***"
    }
}

List of activated Apps

Enabled:
  - accessibility: 1.10.0
  - activity: 2.16.0
  - bruteforcesettings: 2.4.0
  - calendar: 3.5.2
  - circles: 24.0.1
  - cloud_federation_api: 1.7.0
  - comments: 1.14.0
  - contactsinteraction: 1.5.0
  - dashboard: 7.4.0
  - dav: 1.22.0
  - deck: 1.7.2
  - federatedfilesharing: 1.14.0
  - federation: 1.14.0
  - files: 1.19.0
  - files_downloadactivity: 1.15.0
  - files_external: 1.16.1
  - files_linkeditor: 1.1.12
  - files_markdown: 2.3.6
  - files_pdfviewer: 2.5.0
  - files_rightclick: 1.3.0
  - files_sharing: 1.16.2
  - files_trashbin: 1.14.0
  - files_versions: 1.17.0
  - files_videoplayer: 1.13.0
  - firstrunwizard: 2.13.0
  - logreader: 2.9.0
  - lookup_server_connector: 1.12.0
  - nextcloud_announcements: 1.13.0
  - notifications: 2.12.1
  - oauth2: 1.12.0
  - password_policy: 1.14.0
  - photos: 1.6.0
  - polls: 3.8.3
  - privacy: 1.8.0
  - provisioning_api: 1.14.0
  - ransomware_protection: 1.14.0
  - recommendations: 1.3.0
  - serverinfo: 1.14.0
  - settings: 1.6.0
  - sharebymail: 1.14.0
  - spreed: 14.0.6
  - survey_client: 1.12.0
  - systemtags: 1.14.0
  - text: 3.5.1
  - theming: 1.15.0
  - twofactor_backupcodes: 1.13.0
  - twofactor_nextcloud_notification: 3.4.0
  - twofactor_totp: 6.4.1
  - updatenotification: 1.14.0
  - user_status: 1.4.0
  - viewer: 1.8.0
  - workflowengine: 2.6.0
Disabled:
  - admin_audit
  - encryption
  - support: 1.4.0
  - user_ldap

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

No response

Additional info

No response

[corsac-s]

I might have a similar issue. I went from 24.0.6 to 25.0.1.1 but I seem to experience a similar behavior which might make sense if a change that went in 24.0.7 also went in 25.0.1.1.

I have two log lines but I'm unsure if they're really related (they seem to point to a bruteforce throttling and also it seems either Nextcloud or my reverse proxy setup doesn't handle correctly the X-FORWARDED-FOR header:

{"reqId":"G6y5hWuKDOCAZcyQBsxl","level":3,"time":"2022-11-14T10:21:48+00:00","remoteAddr":"unix:","user":"--","app":"index","method":"GET","url":"/index.php","message":"unpack() expects parameter 2 to be string, null given in file '/srv/www/nextcloud/lib/private/Security/Normalizer/IpAddress.php' line 89","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0","version":"25.0.1.1","exception":{"Exception":"Exception","Message":"unpack() expects parameter 2 to be string, null given in file '/srv/www/nextcloud/lib/private/Security/Normalizer/IpAddress.php' line 89","Code":0,"Trace":[{"file":"/srv/www/nextcloud/lib/private/AppFramework/App.php","line":172,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/srv/www/nextcloud/lib/private/Route/Router.php","line":298,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/srv/www/nextcloud/lib/base.php","line":1047,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/srv/www/nextcloud/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/srv/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","Line":165,"Previous":{"Exception":"TypeError","Message":"unpack() expects parameter 2 to be string, null given","Code":0,"Trace":[{"file":"/srv/www/nextcloud/lib/private/Security/Normalizer/IpAddress.php","line":89,"function":"unpack"},{"file":"/srv/www/nextcloud/lib/private/Security/Normalizer/IpAddress.php","line":150,"function":"getIPv6Subnet","class":"OC\\Security\\Normalizer\\IpAddress","type":"->"},{"file":"/srv/www/nextcloud/lib/private/Security/Bruteforce/Throttler.php","line":241,"function":"getSubnet","class":"OC\\Security\\Normalizer\\IpAddress","type":"->"},{"file":"/srv/www/nextcloud/lib/private/Security/Bruteforce/Throttler.php","line":262,"function":"getAttempts","class":"OC\\Security\\Bruteforce\\Throttler","type":"->"},{"file":"/srv/www/nextcloud/core/Controller/LoginController.php","line":185,"function":"getDelay","class":"OC\\Security\\Bruteforce\\Throttler","type":"->"},{"file":"/srv/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":225,"function":"showLoginForm","class":"OC\\Core\\Controller\\LoginController","type":"->"},{"file":"/srv/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":133,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/srv/www/nextcloud/lib/private/AppFramework/App.php","line":172,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/srv/www/nextcloud/lib/private/Route/Router.php","line":298,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/srv/www/nextcloud/lib/base.php","line":1047,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/srv/www/nextcloud/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/srv/www/nextcloud/lib/private/Security/Normalizer/IpAddress.php","Line":89},"CustomMessage":"--"}}

If it's not the same issue sorry for that but, I do have the error 500 returned.

[corsac-s]

Nevermind, it seems the problem actually lies with the reverse proxy chain and the fact the IP address wasn't correctly handled. With the realip nginx module configured it seems fixed for now.

Sorry for the confusion.

[sjmonson]

I'm having this issue with the stable-apache docker image. Login page shows up, but attempting to log in returns a blank 500 page.

Error in logs is:
[php:error] [pid 63] [client xxx.xxx.xx.xx:0] PHP Fatal error: Nesting level too deep - recursive dependency? in /var/www/html/lib/private/Log/ExceptionSerializer.php on line 220

[ultrasites]

I have the same issue after upgrading the docker container from 24.0.x to 25.0.1. Users cannot login in the web browser. This stays in the docker logs: [php:error] [pid 63] [client xxx.xxx.xx.xx:0] PHP Fatal error: Nesting level too deep - recursive dependency? in /var/www/html/lib/private/Log/ExceptionSerializer.php on line 220. I tried to deactivate the text plugin. It help's sporadically, because the bug is back after some times. I need help! Please fix it in 25.0.2.

[ccoenen]

I am on 24.0.7 right now, and my Oauth logins no longer work. When the remote server tries to access user info (name, email for example) in the OAuth process fails because nextcloud throws a 500 internal server error their way.

[php:error] [pid 174] [client (redacted)] PHP Fatal error:  Nesting level too deep - recursive dependency? in /var/www/html/lib/private/Log/ExceptionSerializer.php on line 220
"GET /ocs/v2.php/cloud/user?format=json HTTP/1.1" 500 1523 "-" "Faraday v1.10.0"

[dell-mic]

I found a possibly related issue here: nextcloud/circles#1197

At least for me I can confirm I had circles enabled while attempting the upgrade. How about you?

Unfortunately my NextCloud Instance in now offering me the version 25.0.1 via the updater. I fear that rolling-back will not be so easy between major versions, thus have not given this another try, yet.

[ArtificialOwl]

You should be able to bypass the issue by running this command:

./occ config:app:set circles route_to_circles --value ''

nextcloud/circles#1189

[dell-mic]

I tried the upgrade (to 25.0.2 by now) with the circles app disabled and the issues does not appear anymore.
Thus, closing this issue here.