Skip to content

fix(updater): Stop expiring secret prematurely #49578

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
come-nc merged 2 commits into from
Oct 21, 2025
Merged

fix(updater): Stop expiring secret prematurely #49578

come-nc merged 2 commits into from
Oct 21, 2025

Conversation

@joshtrichards
Copy link
Member

@joshtrichards joshtrichards commented Dec 1, 2024
edited
Loading

Summary

#43967 introduced a regression in the handling of the expiration of updater.secret. The result is that updater.secret is expired at the next job interval (~10 minutes). If the web Updater takes >10 minutes this prevents it from continuing.

  • Fixed expiration handling
  • Added logging when we expire the secret
  • Added cleanup of the updater.secret.created value when we expire a secret
  • Added handling for config_is_read_only in the AdminController
  • Changed ResetToken background job unit tests to catch the scenario addressed by this PR
  • Expanded ResetToken background job unit test coverage in general
  • Expanded AdminController unit test coverage in general

TODO

  • Tests: Confirm new tests are working (I eliminated the static used in the ResetToken test since it didn't seem to serve a purpose but I may have broken it so may require another look)

Checklist

@joshtrichards joshtrichards mentioned this pull request Dec 1, 2024
Closed
@joshtrichards joshtrichards force-pushed the fix-updater-secret branch 2 times, most recently from 9e53b31 to 232970e Compare December 1, 2024 20:06
@joshtrichards joshtrichards added this to the Nextcloud 31 milestone Dec 1, 2024
@joshtrichards
Copy link
Member Author

joshtrichards commented Dec 1, 2024

/backport to stable30

@joshtrichards joshtrichards force-pushed the fix-updater-secret branch 8 times, most recently from 6ee7f8c to b77688a Compare December 1, 2024 21:18
@joshtrichards joshtrichards marked this pull request as ready for review December 1, 2024 21:24
@joshtrichards joshtrichards added the 3. to review Waiting for reviews label Dec 1, 2024
nickvergessen
nickvergessen previously requested changes Dec 1, 2024
View reviewed changes
@blizzz blizzz mentioned this pull request Jan 8, 2025
Merged
This was referenced Jan 14, 2025
Merged
Merged
@Altahrim Altahrim mentioned this pull request Jan 21, 2025
Merged
@nextcloud-bot nextcloud-bot mentioned this pull request Sep 27, 2025
Merged
@skjnldsv skjnldsv modified the milestones: Nextcloud 32, Nextcloud 33 Sep 28, 2025
@artonge artonge force-pushed the fix-updater-secret branch from 5769ac9 to 4624eb3 Compare October 17, 2025 16:17
@artonge artonge force-pushed the fix-updater-secret branch from 4624eb3 to a5a65dd Compare October 21, 2025 09:27
@artonge
Copy link
Contributor

artonge commented Oct 21, 2025
edited
Loading

  • Rebased
  • Fixed php-cs error
  • Fixed unit test error

@artonge artonge requested a review from nickvergessen October 21, 2025 09:31
@artonge artonge force-pushed the fix-updater-secret branch 2 times, most recently from e53025b to 32de00b Compare October 21, 2025 09:53
@artonge @nickvergessen
refactor: adjust updater code to match code style
7f3ef27 
Co-authored-by: Joas Schilling <[email protected]>
Signed-off-by: Ferdinand Thiessen <[email protected]>
Signed-off-by: Louis Chmn <[email protected]>
@artonge artonge force-pushed the fix-updater-secret branch from 32de00b to 7f3ef27 Compare October 21, 2025 10:20
@come-nc come-nc merged commit 30b5f00 into master Oct 21, 2025
232 of 250 checks passed
@come-nc come-nc deleted the fix-updater-secret branch October 21, 2025 14:26
This was referenced Oct 21, 2025
Draft
Closed
@artonge
Copy link
Contributor

artonge commented Oct 21, 2025

/backport to stable32

@backportbot backportbot bot mentioned this pull request Oct 21, 2025
Merged
@SystemKeeper
Copy link
Contributor

SystemKeeper commented Nov 23, 2025

Looks like this will now log a warning on each run, as the default value from getValueInt was removed and no check for non-zero values was added. https://help.nextcloud.com/t/warning-updatenotification-cleared-old-updater-secret-that-was-created-1763885703-seconds-ago-every-hour/236299

This was referenced Nov 24, 2025
Open
Open
@gvanteylingen
Copy link

gvanteylingen commented Nov 25, 2025

Experiencing same log issue Cleared old updater.secret that was created xxxxxx seconds ago, twice every 65 minutes after updating to 32.0.2.

@come-nc come-nc mentioned this pull request Nov 25, 2025
Merged
6 tasks
This was referenced Dec 4, 2025
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@susnux susnux susnux approved these changes

@come-nc come-nc come-nc approved these changes

@blizzz blizzz Awaiting requested review from blizzz

@artonge artonge Awaiting requested review from artonge artonge is a code owner automatically assigned from nextcloud/server-backend

@skjnldsv skjnldsv Awaiting requested review from skjnldsv skjnldsv is a code owner automatically assigned from nextcloud/server-backend

@sorbaugh sorbaugh Awaiting requested review from sorbaugh sorbaugh is a code owner automatically assigned from nextcloud/server-backend

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

Assignees

No one assigned

Labels

3. to review Waiting for reviews bug feature: authentication feature: install and update regression

Projects

None yet

Milestone

Nextcloud 33

Development

Successfully merging this pull request may close these issues.

Web update cannot continue after long backup Log updater.secret creation and expiration