[Bug]:

[Jakobimatrix]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

Hey there,

I have just set up an instance of nextcloud (latest Version, copied from here: latest as of 12.01.2025 into var/www/*). I am able to log in as admin inside the gui. But when I want to change settings e.g. adding an external drive the admin password is not accepted anymore (restart wont help).
If I have a look at the error logs (/var/www/html/data/nextcloud.log) I get:

{"reqId":"JC1Rb3wbq3mdhyqsqBUI","level":3,"time":"2025-01-12T16:49:34+00:00","remoteAddr":"192.168.178.20","user":"admin","app":"PHP","method":"POST","url":"/index.php/apps/files_external/globalstorages","message":"Undefined array key 1 at /var/www/html/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php#82","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0","version":"30.0.4.1","data":{"app":"PHP"}}
{"reqId":"JC1Rb3wbq3mdhyqsqBUI","level":2,"time":"2025-01-12T16:49:35+00:00","remoteAddr":"192.168.178.20","user":"admin","app":"core","method":"POST","url":"/index.php/apps/files_external/globalstorages","message":"Login failed: 'admin' (Remote IP: '192.168.178.20')","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0","version":"30.0.4.1","data":{"app":"core"}}

I guess that some information regarding user/password is not passed correctly (the array key seems to be wrong) to the authentification method...

For now I have disabled line 85 in /var/www/html/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php

if ($loginResult === false) {
	#throw new NotConfirmedException();
}

Only for the time where I set things up...

Steps to reproduce

1. I have things running in a proxmox environment But I am pretty sure that this is not a problem caused by the environment (Steps 1-2)
2. Set up a new Container with Debian 12-standard_12.7-1_amd64.tar.zst
3. Install some things:

• apt update && apt upgrade -y && apt autoremove -y && /apt autoclean
• apt install apache2 php8.2 php8.2-gd sqlite3 php8.2-sqlite3 php8.2-curl php8.2-zip php8.2-xml php8.2-mbstring php8.2-imagick net-tools php8.2-intl libapache2-mod-php mariadb-server php8.2-mysql libnet-ssleay-perl libauthen-pam-perl libio-pty-perl apt-show-versions net-tools

4. webmin_2.201_all.deb -> apt install webmin_2.201_all.deb
5. change owner of /var/www to www-data user
6. Copy and unzip latest as of 12.01.2025 into /var/www/
7. set up (MariaDB Mysql) the database via webmin (add password and user)
8. Switch to Gui, set up Admin Account give DB credentials and db name, and let it install
9. Log in as Admin (/) works
10. Change things in the admin Settings pannel that require admin password (X) not working

Expected behavior

That the Admin password (which is correct) works

Nextcloud Server version

30

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "192.168.178.78"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "sqlite3",
        "version": "30.0.4.1",
        "overwrite.cli.url": "http:\/\/192.168.178.78",
        "installed": true,
        "maintenance_window_start": 1,
        "maintenance": false
    }
}

List of activated Apps

Enabled:
  - activity: 3.0.0
  - app_api: 4.0.3
  - bruteforcesettings: 3.0.0
  - circles: 30.0.0
  - cloud_federation_api: 1.13.0
  - comments: 1.20.1
  - contactsinteraction: 1.11.0
  - dashboard: 7.10.0
  - dav: 1.31.1
  - federatedfilesharing: 1.20.0
  - federation: 1.20.0
  - files: 2.2.0
  - files_downloadlimit: 3.0.0
  - files_external: 1.22.0
  - files_pdfviewer: 3.0.0
  - files_reminders: 1.3.0
  - files_sharing: 1.22.0
  - files_trashbin: 1.20.1
  - files_versions: 1.23.0
  - firstrunwizard: 3.0.0
  - logreader: 3.0.0
  - lookup_server_connector: 1.18.0
  - nextcloud_announcements: 2.0.0
  - notifications: 3.0.0
  - oauth2: 1.18.1
  - password_policy: 2.0.0
  - photos: 3.0.2
  - privacy: 2.0.0
  - provisioning_api: 1.20.0
  - recommendations: 3.0.0
  - related_resources: 1.5.0
  - serverinfo: 2.0.0
  - settings: 1.13.0
  - sharebymail: 1.20.0
  - support: 2.0.0
  - survey_client: 2.0.0
  - systemtags: 1.20.0
  - text: 4.1.0
  - theming: 2.5.0
  - twofactor_backupcodes: 1.19.0
  - updatenotification: 1.20.0
  - user_status: 1.10.0
  - viewer: 3.0.0
  - weather_status: 1.10.0
  - webhook_listeners: 1.1.0-dev
  - workflowengine: 2.12.0
Disabled:
  - admin_audit: 1.20.0
  - encryption: 2.18.0
  - suspicious_login: 8.0.0
  - twofactor_nextcloud_notification: 4.0.0
  - twofactor_totp: 12.0.0-dev
  - user_ldap: 1.21.0

Nextcloud Signing status

!!! As I sad before I changed that file as a work around !!!

Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results
=======
- core
	- INVALID_HASH
		- lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php

Raw output
==========
Array
(
    [core] => Array
        (
            [INVALID_HASH] => Array
                (
                    [lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php] => Array
                        (
                            [expected] => 3b1863be180b292dc8cd184251b2b9f1d9706685c6876f9a20581f9c3e0155bf76eb58065881777f94f20af7e1cf8c0bdce1dececa2c6851b25cd5bf5f432fe2
                            [current] => d39fa727c08bb54fe40ab7dc6a60b8a89f95f190da783031d70caf825815d5184fd64573775763e5165e2eb9cbd3ff38816cf936efe53dfa7b4c683001b17df5
                        )

                )

        )

)

Nextcloud Logs

{"reqId":"JC1Rb3wbq3mdhyqsqBUI","level":3,"time":"2025-01-12T16:49:34+00:00","remoteAddr":"192.168.178.20","user":"admin","app":"PHP","method":"POST","url":"/index.php/apps/files_external/globalstorages","message":"Undefined array key 1 at /var/www/html/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php#82","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0","version":"30.0.4.1","data":{"app":"PHP"}}
{"reqId":"JC1Rb3wbq3mdhyqsqBUI","level":2,"time":"2025-01-12T16:49:35+00:00","remoteAddr":"192.168.178.20","user":"admin","app":"core","method":"POST","url":"/index.php/apps/files_external/globalstorages","message":"Login failed: 'admin' (Remote IP: '192.168.178.20')","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0","version":"30.0.4.1","data":{"app":"core"}}

Additional info

No response