[Bug]: Encryption app. Emails not sent when files encrypted with per-user keys due to error in apps/encryption/templates/mail.php

[RichardJRL]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• Nextcloud Server is running on 64bit capable CPU, PHP and OS.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

Using the encryption app, when setting up per-user keys, Nextcloud fails to send emails to all users when the occ php occ encryption:encrypt-all command is issued, with the file apps/encryption/templates/mail.php generating an error on line 10 as the php command there cannot find the image logo-mail.png.

The file does exist at core/img/logo/logo-mail.png.

The error produced is

php occ encryption:encrypt-all


You are about to encrypt all files stored in your Nextcloud installation.
Depending on the number of available files, and their size, this may take quite some time.
Please ensure that no user accesses their files during this time!
Note: The encryption module you use determines which files get encrypted.

Do you really want to continue? (y/n) y


Encrypt all files with the Default encryption module
====================================================


Create key-pair for every user
------------------------------

This module will encrypt all files in the users files folder initially.
Already existing versions and files in the trash bin will not be encrypted.



 Key-pair created for all users 
 [============================]

Generated encryption key passwords
----------------------------------

+---------------+----------------------+
| Username      | Private key password |
+---------------+----------------------+
| [REDACTED] | [REDACTED]     |
| [REDACTED] | [REDACTED]     |
+---------------+----------------------+

A list of all newly created passwords was written to data/oneTimeEncryptionPasswords.csv

Each of these users need to login to the web interface, go to the
personal settings section "basic encryption module" and
update the private key password to match the login password again by
entering the one-time password into the "old log-in password" field
and their current login password

Do you want to send the passwords directly to the users by mail? (y/n) y

 1/1 [============================] 100%
In URLGenerator.php line 265:
                                                                          
  image not found: image:logo-mail.png webroot: serverroot:/var/www/html  
                                                                          
encryption:encrypt-all

If mail.php is edited to remove the php and add the full web address of logo-mail.php e.g.:
<img src="https://nextcloud.example.com/core/img/logo/logo-mail.png" alt="<?php p($theme->getName()); ?>"/>
then the mail.php file executes without error and emails are correctly sent to all users.

Steps to reproduce

I'm using a set of docker containers with the nextcloud version nextcloud:25.0.2-fpm-alpine.
I appear to have no other issues with missing images in the web interface.

php occ encryption:enable
php occ app:enable encryption
php occ encryption:set-default-module OC_DEFAULT_MODULE
php occ encryption:disable-master-key
php occ encryption:encrypt-all (select 'y' in response to both questions)

Expected behavior

Emails derived from the template apps/encryption/templates/mail.php should be sent to all users, containing their auto-generated private key password and instructions on how to change it to their current login password in the nextcloud web interface.

Installation method

Community Docker image

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.1

Web server

Nginx

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Fresh Nextcloud Server install

Are you using the Nextcloud Server Encryption module?

Encryption is Enabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

{
    "system": {
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "overwriteprotocol": "https",
        "overwrite.cli.url": "https:\/\/nextcloud.example.com",
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpsecure": "tls",
        "mail_smtpauth": true,
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "nextcloud.example.com"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "25.0.2.3",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "default_language": "en",
        "default_locale": "en_GB",
        "default_phone_region": "GB",
        "maintenance": false
    }
}

List of activated Apps

Enabled:
  - activity: 2.17.0
  - admin_audit: 1.15.0
  - bruteforcesettings: 2.5.0
  - circles: 25.0.0
  - cloud_federation_api: 1.8.0
  - comments: 1.15.0
  - contactsinteraction: 1.6.0
  - dashboard: 7.5.0
  - dav: 1.24.0
  - encryption: 2.13.0
  - federatedfilesharing: 1.15.0
  - federation: 1.15.0
  - files: 1.20.1
  - files_external: 1.17.0
  - files_pdfviewer: 2.6.0
  - files_rightclick: 1.4.0
  - files_sharing: 1.17.0
  - files_trashbin: 1.15.0
  - files_versions: 1.18.0
  - firstrunwizard: 2.14.0
  - logreader: 2.10.0
  - lookup_server_connector: 1.13.0
  - nextcloud_announcements: 1.14.0
  - notifications: 2.13.1
  - oauth2: 1.13.0
  - password_policy: 1.15.0
  - photos: 2.0.1
  - privacy: 1.9.0
  - provisioning_api: 1.15.0
  - recommendations: 1.4.0
  - related_resources: 1.0.3
  - serverinfo: 1.15.0
  - settings: 1.7.0
  - sharebymail: 1.15.0
  - support: 1.8.0
  - survey_client: 1.13.0
  - suspicious_login: 4.3.0
  - systemtags: 1.15.0
  - text: 3.6.0
  - theming: 2.0.1
  - twofactor_backupcodes: 1.14.0
  - twofactor_totp: 7.0.0
  - updatenotification: 1.15.0
  - user_status: 1.5.0
  - viewer: 1.9.0
  - weather_status: 1.5.0
  - workflowengine: 2.7.0
Disabled:
  - user_ldap

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

{"reqId":"MC8gs6PNst2iAeLL2xpL","level":3,"time":"2022-12-17T16:45:18+00:00","remoteAddr":"","user":"richard_admin","app":"PHP","method":"","url":"--","message":"exif_read_data(): File not supported at /var/www/html/lib/private/Metadata/Provider/ExifProvider.php#59","userAgent":"--","version":"25.0.2.3","exception":{"Exception":"Error","Message":"exif_read_data(): File not supported at /var/www/html/lib/private/Metadata/Provider/ExifProvider.php#59","Code":0,"Trace":[{"function":"onError","class":"OC\\Log\\ErrorHandler","type":"::","args":[2,"exif_read_data(): File not supported","/var/www/html/lib/private/Metadata/Provider/ExifProvider.php",59]},{"file":"/var/www/html/lib/private/Metadata/Provider/ExifProvider.php","line":59,"function":"exif_read_data","args":[null,"ANY_TAG",true]},{"file":"/var/www/html/lib/private/Metadata/MetadataManager.php","line":68,"function":"execute","class":"OC\\Metadata\\Provider\\ExifProvider","type":"->","args":[{"__class__":"OC\\Files\\Node\\File"}]},{"file":"/var/www/html/lib/private/Metadata/FileEventListener.php","line":101,"function":"generateMetadata","class":"OC\\Metadata\\MetadataManager","type":"->","args":[{"__class__":"OC\\Files\\Node\\File"},"*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/EventDispatcher/ServiceEventListener.php","line":87,"function":"handle","class":"OC\\Metadata\\FileEventListener","type":"->","args":[{"__class__":"OCP\\Files\\Events\\Node\\NodeWrittenEvent"}]},{"file":"/var/www/html/3rdparty/symfony/event-dispatcher/EventDispatcher.php","line":251,"function":"__invoke","class":"OC\\EventDispatcher\\ServiceEventListener","type":"->","args":[{"__class__":"OCP\\Files\\Events\\Node\\NodeWrittenEvent"},"OCP\\Files\\Events\\Node\\NodeWrittenEvent",{"__class__":"Symfony\\Component\\EventDispatcher\\EventDispatcher"}]},{"file":"/var/www/html/3rdparty/symfony/event-dispatcher/EventDispatcher.php","line":73,"function":"callListeners","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->","args":[[{"__class__":"Closure"}],"OCP\\Files\\Events\\Node\\NodeWrittenEvent",{"__class__":"OCP\\Files\\Events\\Node\\NodeWrittenEvent"}]},{"file":"/var/www/html/lib/private/EventDispatcher/EventDispatcher.php","line":88,"function":"dispatch","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->","args":[{"__class__":"OCP\\Files\\Events\\Node\\NodeWrittenEvent"},"OCP\\Files\\Events\\Node\\NodeWrittenEvent"]},{"file":"/var/www/html/lib/private/EventDispatcher/EventDispatcher.php","line":100,"function":"dispatch","class":"OC\\EventDispatcher\\EventDispatcher","type":"->","args":["OCP\\Files\\Events\\Node\\NodeWrittenEvent",{"__class__":"OCP\\Files\\Events\\Node\\NodeWrittenEvent"}]},{"file":"/var/www/html/lib/private/Files/Node/HookConnector.php","line":118,"function":"dispatchTyped","class":"OC\\EventDispatcher\\EventDispatcher","type":"->","args":[{"__class__":"OCP\\Files\\Events\\Node\\NodeWrittenEvent"}]},{"file":"/var/www/html/lib/private/legacy/OC_Hook.php","line":106,"function":"postWrite","class":"OC\\Files\\Node\\HookConnector","type":"->","args":[["/Nextcloud.png"]]},{"file":"/var/www/html/lib/private/Files/View.php","line":641,"function":"emit","class":"OC_Hook","type":"::","args":["OC_Filesystem","post_write",["/Nextcloud.png"]]},{"file":"/var/www/html/lib/private/Files/View.php","line":692,"function":"emit_file_hooks_post","class":"OC\\Files\\View","type":"->","args":[true,"/richard_admin/files/Nextcloud.png"]},{"file":"/var/www/html/lib/private/Files/Node/File.php","line":71,"function":"file_put_contents","class":"OC\\Files\\View","type":"->","args":["/richard_admin/files/Nextcloud.png",null]},{"file":"/var/www/html/lib/private/legacy/OC_Util.php","line":257,"function":"putContent","class":"OC\\Files\\Node\\File","type":"->","args":[null]},{"file":"/var/www/html/lib/private/legacy/OC_Util.php","line":216,"function":"copyr","class":"OC_Util","type":"::","args":["/var/www/html/core/skeleton",{"__class__":"OC\\Files\\Node\\Folder"}]},{"file":"/var/www/html/lib/private/User/Session.php","line":553,"function":"copySkeleton","class":"OC_Util","type":"::","args":["*** sensitive parameters replaced ***",{"__class__":"OC\\Files\\Node\\Folder"}]},{"file":"/var/www/html/lib/private/User/Session.php","line":403,"function":"prepareUserLogin","class":"OC\\User\\Session","type":"->","args":[true,"*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/User/Session.php","line":616,"function":"completeLogin","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/User/Session.php","line":355,"function":"loginWithPassword","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Setup.php","line":433,"function":"login","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/core/Command/Maintenance/Install.php","line":105,"function":"install","class":"OC\\Setup","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/3rdparty/symfony/console/Command/Command.php","line":255,"function":"execute","class":"OC\\Core\\Command\\Maintenance\\Install","type":"->","args":[{"__class__":"Symfony\\Component\\Console\\Input\\ArgvInput"},{"__class__":"Symfony\\Component\\Console\\Output\\ConsoleOutput"}]},{"file":"/var/www/html/3rdparty/symfony/console/Application.php","line":1009,"function":"run","class":"Symfony\\Component\\Console\\Command\\Command","type":"->","args":[{"__class__":"Symfony\\Component\\Console\\Input\\ArgvInput"},{"__class__":"Symfony\\Component\\Console\\Output\\ConsoleOutput"}]},{"file":"/var/www/html/3rdparty/symfony/console/Application.php","line":273,"function":"doRunCommand","class":"Symfony\\Component\\Console\\Application","type":"->","args":[{"__class__":"OC\\Core\\Command\\Maintenance\\Install"},{"__class__":"Symfony\\Component\\Console\\Input\\ArgvInput"},{"__class__":"Symfony\\Component\\Console\\Output\\ConsoleOutput"}]},{"file":"/var/www/html/3rdparty/symfony/console/Application.php","line":149,"function":"doRun","class":"Symfony\\Component\\Console\\Application","type":"->","args":[{"__class__":"Symfony\\Component\\Console\\Input\\ArgvInput"},{"__class__":"Symfony\\Component\\Console\\Output\\ConsoleOutput"}]},{"file":"/var/www/html/lib/private/Console/Application.php","line":213,"function":"run","class":"Symfony\\Component\\Console\\Application","type":"->","args":[{"__class__":"Symfony\\Component\\Console\\Input\\ArgvInput"},{"__class__":"Symfony\\Component\\Console\\Output\\ConsoleOutput"}]},{"file":"/var/www/html/console.php","line":100,"function":"run","class":"OC\\Console\\Application","type":"->","args":[]},{"file":"/var/www/html/occ","line":11,"args":["/var/www/html/console.php"],"function":"require_once"}],"File":"/var/www/html/lib/private/Log/ErrorHandler.php","Line":92,"CustomMessage":"--"}}
{"reqId":"ic1SMCss60nWUQhX2Vci","level":2,"time":"2022-12-17T16:50:25+00:00","remoteAddr":"172.24.0.5","user":"richard_admin","app":"suspicious_login","method":"POST","url":"/login","message":"Could not predict suspiciousness: No models found","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36","version":"25.0.2.3","data":{"app":"suspicious_login"}}
{"reqId":"ViQfUp4LAjLXbOq1trfn","level":3,"time":"2022-12-17T16:50:56+00:00","remoteAddr":"","user":"--","app":"core","method":"","url":"--","message":"Error while running background job (class: OCA\\Theming\\Jobs\\MigrateBackgroundImages, arguments: Array\n(\n    [stage] => prepare\n)\n)","userAgent":"--","version":"25.0.2.3","exception":{"Exception":"OCP\\Files\\NotFoundException","Message":"/appdata_oc2v0mxrw707/theming/global","Code":0,"Trace":[{"function":"get","class":"OC\\Files\\Node\\Root","type":"->","args":["/appdata_oc2v0mxrw707/theming/global"]},{"file":"/var/www/html/lib/private/Files/Node/LazyFolder.php","line":72,"function":"call_user_func_array","args":[[{"__class__":"OC\\Files\\Node\\Root"},"get"],["appdata_oc2v0mxrw707/theming/global"]]},{"file":"/var/www/html/lib/private/Files/Node/LazyFolder.php","line":149,"function":"__call","class":"OC\\Files\\Node\\LazyFolder","type":"->","args":["get",["appdata_oc2v0mxrw707/theming/global"]]},{"file":"/var/www/html/lib/private/Files/AppData/AppData.php","line":132,"function":"get","class":"OC\\Files\\Node\\LazyFolder","type":"->","args":["appdata_oc2v0mxrw707/theming/global"]},{"file":"/var/www/html/apps/theming/lib/Jobs/MigrateBackgroundImages.php","line":168,"function":"getFolder","class":"OC\\Files\\AppData\\AppData","type":"->","args":["global"]},{"file":"/var/www/html/apps/theming/lib/Jobs/MigrateBackgroundImages.php","line":100,"function":"storeUserIdsToProcess","class":"OCA\\Theming\\Jobs\\MigrateBackgroundImages","type":"->","args":[[]]},{"file":"/var/www/html/apps/theming/lib/Jobs/MigrateBackgroundImages.php","line":79,"function":"runPreparation","class":"OCA\\Theming\\Jobs\\MigrateBackgroundImages","type":"->","args":[]},{"file":"/var/www/html/lib/public/BackgroundJob/Job.php","line":78,"function":"run","class":"OCA\\Theming\\Jobs\\MigrateBackgroundImages","type":"->","args":[["prepare"]]},{"file":"/var/www/html/lib/public/BackgroundJob/QueuedJob.php","line":58,"function":"start","class":"OCP\\BackgroundJob\\Job","type":"->","args":[{"__class__":"OC\\BackgroundJob\\JobList"}]},{"file":"/var/www/html/lib/public/BackgroundJob/QueuedJob.php","line":48,"function":"start","class":"OCP\\BackgroundJob\\QueuedJob","type":"->","args":[{"__class__":"OC\\BackgroundJob\\JobList"}]},{"file":"/var/www/html/cron.php","line":152,"function":"execute","class":"OCP\\BackgroundJob\\QueuedJob","type":"->","args":[{"__class__":"OC\\BackgroundJob\\JobList"},{"__class__":"OC\\Log"}]}],"File":"/var/www/html/lib/private/Files/Node/Root.php","Line":209,"message":"Error while running background job (class: OCA\\Theming\\Jobs\\MigrateBackgroundImages, arguments: Array\n(\n    [stage] => prepare\n)\n)","exception":{},"CustomMessage":"Error while running background job (class: OCA\\Theming\\Jobs\\MigrateBackgroundImages, arguments: Array\n(\n    [stage] => prepare\n)\n)"}}
{"reqId":"KYclU59tEG0ayGavLTHQ","level":3,"time":"2022-12-17T16:55:01+00:00","remoteAddr":"","user":"--","app":"cron","method":"","url":"--","message":"Cannot access offset of type string on string","userAgent":"--","version":"25.0.2.3","exception":{"Exception":"TypeError","Message":"Cannot access offset of type string on string","Code":0,"Trace":[{"file":"/var/www/html/lib/public/BackgroundJob/Job.php","line":78,"function":"run","class":"OCA\\Theming\\Jobs\\MigrateBackgroundImages","type":"->","args":["prepare"]},{"file":"/var/www/html/lib/public/BackgroundJob/QueuedJob.php","line":58,"function":"start","class":"OCP\\BackgroundJob\\Job","type":"->","args":[{"__class__":"OC\\BackgroundJob\\JobList"}]},{"file":"/var/www/html/lib/public/BackgroundJob/QueuedJob.php","line":48,"function":"start","class":"OCP\\BackgroundJob\\QueuedJob","type":"->","args":[{"__class__":"OC\\BackgroundJob\\JobList"}]},{"file":"/var/www/html/cron.php","line":152,"function":"execute","class":"OCP\\BackgroundJob\\QueuedJob","type":"->","args":[{"__class__":"OC\\BackgroundJob\\JobList"},{"__class__":"OC\\Log"}]}],"File":"/var/www/html/apps/theming/lib/Jobs/MigrateBackgroundImages.php","Line":74,"CustomMessage":"--"}}

Additional info

No response

[joshtrichards]

Fixed in #36351 for >=NC26.

The actual PR in #36351 can't be backported as-is to NC25 because mail.php no longer exists.

If you need a manual fix for NC25 you can try applying this one, which looks somewhat similar to your own fix:

#36351 (comment)