2FA on Roundcube

@necrevistonnezr Completely agree with you. Boggles my mind. I too think features like 2FA and Captcha should be built-in.

@jdaviescoates Yep, essentially I do the following (I've added 5-6 plugins, not sure why they are not added by default by Cloudron devs):

1. Open terminal for RoundCube
2. git clone ....
3. chown -R www-data:www-data PLUGIN_DIR_NAME
4. Open File Manager for RoundCube
5. Edit "customconfig.php" and add the plugin in there similar to:
   array_push($config['plugins'], 'twofactor_gauthenticator');

@necrevistonnezr Thank you for your advice! Wouldn't think about ownership change, but will keep in mind from now on.

One "good" thing about RoundCube plugins is that they are not updated, it seems, ever So, may not need to update those plugins ever, haha.

Wasn't aware git was available in the terminal for each application. Once I cloned the repo directly into RoundCube filesystem and then followed the instructions, everything was easy and simple.

Hi everyone,

In this day and age I feel uneasy not having 2FA on my apps. I realize this could be more of a "feel good" rather than real security measure (the app being protected should be secure in general, not just the login experience).

I've just switched from Rainloop after being ignorant and learning that it's no longer being maintained.

2FA is implemented as a plug-in for Rounbcube. The plugin I see mentioned the most is https://github.com/alexandregz/twofactor_gauthenticator . The instructions on https://docs.cloudron.io/apps/roundcube/ (Plugin section) says I need a tar archive which needs to be extracted into "/app/data/plugins" directory. I cannot find tar for that 2FA plugin anywhere.

I've never done PHP, so not sure if copying the whole repo content advisable, secure, etc.

Would appreciate if anyone shares their experience or advice on this subject.

Thanks!

@joseph said in Filters after migration from Rainloop:

I moved from Snappy to Roundcube though

Have you setup 2FA for Roundcube? And if you have, which plugin and where did you get the tarball (I'm basing this on Cloudron doc about Roundcube - https://docs.cloudron.io/apps/roundcube/)? I cannot find a tar for https://github.com/alexandregz/twofactor_gauthenticator

@jdaviescoates Wasn't sure if I could get to the source of those filters, as in Rainloop I was using UI controls to define them. But it seems there is a way to get those via SnappyMail. Shall see.

So, I've started disabling/enabling NextCloud apps in the cloud. After I disabled "Antivirus for files" app, Notes sync started working. Completely random thought...

@joseph said in Nextcloud Notes no longer synchronizes:

One angle I did not consider is the android variant and various mobile OS . I am on stock Android and use Google Play Store and use a fairly old motorola

I'm on very close to "stock" Android too. GrapheneOS isn't a big deviation.

Don't think this has anything to do with Android though. Something with authentication.

So, I've looked at Notes app description in NextCloud, where there is this sentence:

Furthermore, a separate REST API allows for an easy integration into third-party apps (currently, there are notes apps for Android, iOS and the console which allow convenient access to your Nextcloud notes).

Then looked at NextCloud Notes app documentation on GitHub. Specifically looked at "Authentication" section here: https://github.com/nextcloud/notes/blob/main/docs/api/README.md#authentication .

If I'm not blind and not crazy it looks like the API does basic authentication and does not support any token based authentication. If that is correct - then W.T.F.!?!

But then I don't understand why Notes integrates with NC client app. The whole point there would be for NC client app to deal with authentication and Notes app just using NC app as comms channel.

@jdaviescoates Agreed. To me SnappyMail has more errors than Rainloop had (never had a single issue with Rainloop).

However it seems one of the problems with RoundCube is that there is no 2FA built in and it seems 2FA plugin has issues (few reports I've seen online). Plus my hope was that Snappy would work fine with Rainloop filters, but not sure if RC will keep applying Rainloop based filters. And I have a lot of those, so would have to manually re-type them all. Sigh.

For me it all fails regardless of how I authenticate.

0. Remove cache and data for all apps. Optionally - reinstall apps (tried many times, didn't help).
1. Open NextCloud app on my phone.
2. Connect and authenticate with OIDC. This opens my browser, I login with Cloudron.
   2.1. Optionally authenticate with NC app password / QR code it generates.
3. NC client app gets the files, I can sync both ways.
4. Open Notes and select "Choose Account". In a popup select the one from NextCloud app.
5. Notes "downloads" (or uses NC client to obtain) all notes.
6. Trying to add a new note or edit an existing one results in a failure. "Synchronization failed" message with a "More" link which opens a window with Java exception details. The exception is "Runtime Exception" and the stacktrace talks about "NotesServerSyncTask.pushLocalChanges()". So, local changes cannot be pushed to the cloud is how I interpret this.

@joseph Ah, crap.. That's a very unfortunate news. I can only hope that Snappy would understand Rainloop's filters definitions as it is based on Rainloop.

@jdaviescoates said in Nextcloud Notes no longer synchronizes:

It's also not just Notes, it's Talk too afaict

I don't use Talk often, and have no way to test it, unfortunately. But I doubt this issue has nothing to do with whatever happened during OIDC integration and NC updates.

@nebulon As far as reporting upstream. I presume you're talking about you guys doing that as you have all the knowledge about how NC is integrated, what is done to it, etc? And I presume your staff should be testing and looking into issues like this?

@nebulon said in Nextcloud Notes no longer synchronizes:

sounds very much like a notes or nextcloud bug

Worked just fine before OIDC upgrade with Cloudron.

Considering I couldn't find any reports of similar nature unrelated to Cloudron's hosting of NextCloud the chances of it being just NC-Notes issue are even lower. Not impossible, of course, but I'd expect people report on issues like this. The issues reported over the past 6-12 months are all related to tokens or similar.

Hi everyone,

I haven't paid attention to Rainloop for so long and just realized I need to move to SnappyMail. I have a lot of filters configured via Rainloop. Installing SnappyMail I see those filters appearing under Settings -> Filters -> Click on "Simple" entry and a popup with my Rainloop filters comes up.

My question is - will these filters survive removal of Rainloop or some sort of cleanup will be run when Rainloop is removed? Essentially I want to keep my filters when moving to another mail client.

Thanks.

@BrutalBirdie said in Nextcloud Notes no longer synchronizes:

What mobile OS are you using?

I've got GrapheneOS on a Pixel Pro. I've messed around with various per-app security settings that GrapheneOS provides, but none of that helped.

@jdaviescoates said in Nextcloud Notes no longer synchronizes:

Somewhat bizarrely, whilst the first quick tests I did this morning both worked fine, now they've both stopped working again.

For me - it works for the initial sync, after that doesn't work - eg. Notes on my phone gets all 150+ notes entries/files, seems to be good. Go and edit one or create a new one and that starts throwing errors and never works.

Re-installing apps, clearing caches/storage/etc. doesn't help.

Using app passwords or using OIDC for NextCloud client (main app) auth doesn't make a difference.

@BrutalBirdie Yes, you can. And FYI - all previously existing app passwords no longer work after OIDC migration. I can create new ones.

Cleared caches, uninstalled everything and re-installed. Notes still fails to sync up to the cloud.