Warning logged when logging in with an email address and password.

[badmintonkid]

Steps to reproduce

1. Login with a user's email address and password.

Expected behaviour

Successful login and no warning should appear in the logs.

Actual behaviour

Successful login and a warning appears in the logs about a failed login with the email address.

Server configuration

Operating system:
Ubuntu 16.04.1 LTS

Web server:
Apache

Database:
MariaDB

PHP version:
7

Nextcloud version: (see Nextcloud admin page)
10.0.2

Updated from an older Nextcloud/ownCloud or fresh install:
Upgraded from ownCloud 9.0.2

Where did you install Nextcloud from:
Archive file

Signing status:

Signing status

``` Login as admin user into your Nextcloud and access http://example.com/index.php/settings/integrity/failed paste the results here. ```

No errors have been found.

List of activated apps:

App list

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder

Enabled: - activity: 2.3.2 - admin_audit: 1.0.0 - comments: 1.0.0 - dav: 1.0.1 - documents: 0.13.1 - federatedfilesharing: 1.0.1 - federation: 1.0.1 - files: 1.5.2 - files_pdfviewer: 0.8.1 - files_sharing: 1.0.0 - files_texteditor: 2.1 - files_trashbin: 1.0.0 - files_versions: 1.3.0 - files_videoplayer: 0.9.8 - firstrunwizard: 1.1 - gallery: 15.0.1 - notifications: 0.3.0 - password_policy: 1.0.0 - provisioning_api: 1.0.0 - serverinfo: 1.1.1 - survey_client: 0.1.5 - systemtags: 1.0.2 - templateeditor: 0.1 - theming: 1.0.1 - twofactor_totp: 0.4.1 - updatenotification: 1.0.1 - workflowengine: 1.0.1 Disabled: - encryption - external - files_accesscontrol - files_automatedtagging - files_external - files_retention - user_external - user_ldap - user_saml

The content of config/config.php:

Config report

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

or 

Insert your config.php content here
(Without the database password, passwordsalt and secret)

{ "system": { "instanceid": "oco6qyaqh8lg", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "***REMOVED SENSITIVE VALUE***", "***REMOVED SENSITIVE VALUE***" ], "datadirectory": "\/owncloud", "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "9.1.2.2", "dbname": "ocdb", "dbhost": "localhost", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "logtimezone": "UTC", "installed": true, "memcache.local": "\\OC\\Memcache\\Redis", "filelocking.enabled": "true", "memcache.distributed": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "redis": { "host": "localhost", "port": 6379, "timeout": 0, "dbindex": 0 }, "mail_smtpmode": "smtp", "mail_smtpauthtype": "LOGIN", "mail_smtpauth": 1, "mail_smtphost": "smtp.gmail.com", "mail_smtpport": "465", "mail_smtpsecure": "ssl", "mail_from_address": "server", "mail_domain": "owncloud.com", "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "preview_libreoffice_path": "\/usr\/bin\/soffice", "log_rotate_size": 20000000, "maintenance": false, "loglevel": 2, "appstore.experimental.enabled": false } }

Are you using external storage, if yes which one: local/smb/sftp/...
No
Are you using encryption: yes/no
No
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
No

LDAP configuration (delete this part if not used)

LDAP config

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your Nextcloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration

Browser:
Firefox, Chrome
Operating system:
Windows

Logs

Web server error log

Web server error log

``` Insert your webserver log here ```

Nextcloud log (data/nextcloud.log)

Nextcloud log

``` Insert your Nextcloud log here ```

Browser log

Browser log

``` Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...

</details>

[badmintonkid]

I verified this is still an issue with Nextcloud 11.

[MorrisJobke]

Still the case with master:

{"reqId":"RocAxcNuO9vmwr8ZSktt","remoteAddr":"192.168.99.1","app":"core","message":"Login failed: 'test@example.org' (Remote IP: '192.168.99.1')","level":2,"time":"2017-04-07T01:21:59+00:00","method":"POST","url":"\/server\/login","user":"--","userAgent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/602.4.8 (KHTML, like Gecko) Version\/10.0.3 Safari\/602.4.8","version":"12.0.0.13"}

@LukasReschke @nickvergessen @ChristophWurst Any idea why this is logged even if the login succeeds?

[badmintonkid]

@MorrisJobke Is it because the code checks the password first and only checks for the email if that login attempt fails?
https://github.com/nextcloud/server/blob/master/core/Controller/LoginController.php#L227
I remember seeing the checkPassword function logging the error message when I skimmed the code in the past. Adding a flag as the 3rd parameter for checkPassword so you can control if the message is logged would be a quick fix for this particular case.

[MorrisJobke]

Right - thanks. We have this also reported in #3038. So let's close this here and check out the PR in #3043.