Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access to group shares is not granted when adding a user to a group in NC 28 #827

Open
lukasrad02 opened this issue Mar 25, 2024 · 2 comments
Open

Access to group shares is not granted when adding a user to a group in NC 28 #827

lukasrad02 opened this issue Mar 25, 2024 · 2 comments
Labels
bug Something isn't working priority: normal

Comments

@lukasrad02
Copy link

When a user, who already logged in via OIDC once, gets added to a group, the user does not get access to shares granted to these groups.

Steps to reproduce

  1. Set up a nextcloud instance (tested with 28.0.3 using Docker) with this app.
  2. Configure your identity provider. Make sure to enable group provisioning and adjust the groups claim name if necessary.
  3. At your IDP, create two users Alice and Bob. Alice should be a member of "testgroup", Bob not.
  4. Sign in to the Nextcloud both using Alice and Bob one after the other. (We have to sign in as Alice so the "testgroup" will be created in our Nextcloud. We have to sign in as Bob because the bug only occurs if a user already exists before assigning the group membership.)
  5. As Alice, create a folder and share it with the group "testgroup".
  6. At your IDP, add Bob to the "testgroup" group.
  7. Sign in as Bob to the Nextcloud. Bob won't be able to see the folder although he's a member of "testgroup" (membership can be confirmed by visiting /settings/user).
  8. As an administrator, remove and re-add Bob from/to "testgroup"
  9. Sign in as Bob again. Now, Bob is able to see the folder shared by Alice.

Expected behavior

Bob should be able to see the folder in step 7.

Additional context

This bug seems to be caused by some changes in Nextcloud 28. Performing the steps from above using Nextcloud 27.0.0, the behavior is as expected. Other OIDC apps also seem to be affected (e. g. pulsejet/nextcloud-oidc-login#256).
@waza-ari
Copy link

waza-ari commented Apr 1, 2024

Can confirm on NC 28.0.4 in our setup, same behaviour unfortunately.

@sirkrypt0 sirkrypt0 mentioned this issue Sep 3, 2024
Open
8 tasks
@sirkrypt0
Copy link

sirkrypt0 commented Sep 3, 2024
edited
Loading

Same issue appeared to me as well and I created the issue above in Nextcloud server (nextcloud/server#47712) with some more details on the actual bug.

TL;DR: users are granted access to the shares, but they have to accept them manually by visiting the pending shares (https://nextcloud.example.com/apps/files/pendingshares), even though automatic acceptance is configured (as it is by default).

@edward-ly edward-ly added the bug Something isn't working label Sep 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working priority: normal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@waza-ari @edward-ly @sirkrypt0 @lukasrad02