Nextcloud thinks it is logged out if KWallet is locked

[phoerious]

Expected behaviour

When using the Nextcloud client on KDE with a GPG-encrypted KWallet, it should wait for the KWallet to unlock.

Actual behaviour

I have Nextcloud in my autostart. When I start my session, GnuPG asks me to insert my security key to unlock the KWallet which has the Nextcloud password in it. Instead of waiting for the unlock, though, Nextcloud thinks it is logged out and shows the login dialogue (which isn't working anyway, because FIDO does not work with its browser wrapper). So in order to use Nextcloud, I have to restart Nextcloud after unlocking the KWallet, because it does not register me opening it (and it should not have shown the login dialogue in the first place, because it isn't really "logged out").

The issue has existed for quite a while, but wasn't always there (but at least 2.4 had it as well).

Steps to reproduce

1. Install Nextcloud on KDE and use a password- or PGP-encrypted KWallet to save its password
2. Add Nextcloud to autostart and start a new KDE session
3. Decrypt the KWallet

This issue may be related to #912, but I only experience when my KWallet is not open.

Client configuration

Client version: 2.5.1 b37cbe

Operating system: Arch Linux

OS language: en_GB

Qt version used by client package (Linux only, see also Settings dialog): 5.12.0

Client package (From Nextcloud or distro) (Linux only): distro

Installation path of client: /usr/bin/nextcloud

[blipp]

I experience the same problem with a password-protected KWallet under NixOS, Nextcloud desktop client version is 2.5.1 as well.

[BloodyAltair]

2.5.2git - the same issue

I've also encounterd a problem with network manager - i've tried the first(commented) version of bash workaround and the problem persisted, despite that nextcloud was started staight after kwallet unlock event.
Maybe it is caused by chained NM connections (firstly WiFi connection, then OpenVPN connection).
Reaching full global network connectivity takes about 15 seconds.

Workaround:

So, I've found a kludge solution for this problem. Ensure that you have installed dbus-monitor and have nextcloud executable in your $PATH
Just place this script to KDE startup:

$ cat nextcloud_runner.sh
#!/bin/bash
# ###############################################################################
# This issue also includes kwallet unlocking problem, 
# but if we can connect to wifi and VPN network - we successfully unlocked the kwallet
# ( IN MY CASE: i'm using NetworkManager)
# ###############################################################################
# If you DO NOT store network credentials in kwallet store 
# (e.g using `systemd-networkd` system wide configuration), monitor should look like that:
#
# dbus-monitor --session "sender='org.kde.kwalletd', path=/modules/kwalletd, member='walletOpened'" |
#   while read x; do
#      echo $x | grep -E '.*string "kdewallet".*' && nohup nextcloud >> /dev/null 2>&1
#   done
#
# ###############################################################################
dbus-monitor --system "sender='org.freedesktop.NetworkManager', path=/org/freedesktop/NetworkManager, member='StateChanged'" |
   while read x; do
      echo $x | grep -E '.*uint32\s+70.*' && nohup nextcloud >> /dev/null 2>&1
   done

[PhilippWoelfel]

Here is a script that is independent of network manager (inspired by @BloodyAltair). It tries to open the wallet, and only runs the nextcloud-client if the wallet is open.

#!/bin/bash
#
# See https://github.com/nextcloud/desktop/issues/1011
#
############################################
# Adjust the following to suit your needs
WALLET="kdewallet"   # Name of wallet storing nextcloud client password
MAX_TRIES=2          # Max. number of tries to ask for password
############################################
i=0
while [ $i -lt $MAX_TRIES ]; do
  ((i++))
  open=`qdbus org.kde.kwalletd5 /modules/kwalletd5 isOpen "$WALLET"`
  if [ "$open" = "true" ]; then
    break
  fi
  qdbus org.kde.kwalletd5 /modules/kwalletd5 open "$WALLET" 0 "nextcloud-client-starter" > /dev/null
done
nohup nextcloud >> /dev/null 2>&1

[raabf]

@PhilippWoelfel Nice script, but it seems to that the line

qdbus org.kde.kwalletd5 /modules/kwalletd5 open kdewallet 0 "nextcloud-client-starter" > /dev/null

have to be replaced by (variable $WALLET missing and hardcoded to kdewallet)

qdbus org.kde.kwalletd5 /modules/kwalletd5 open $WALLET 0 "nextcloud-client-starter" > /dev/null

[PhilippWoelfel]

@raabf yes, you are right. I updated the script.

[phoerious]

Works perfectly, thanks. However, I did replace the last line with

exec nextcloud

and then added this thing as a script to my session startup.

[enygmator]

Yup, I'm still facing this issue. I'm using the flatpak "com.nextcloud.desktopclient.nextcloud"

[TeaDrinkingProgrammer]

I edited the following script for Flatpak. It is the same script as @PhilippWoelfel, but it calls the desktop file from flatpak with KIOclient instead.

#!/bin/bash
#
# See https://github.com/nextcloud/desktop/issues/1011
#
############################################
# Adjust the following to suit your needs
WALLET="kdewallet"   # Name of wallet storing nextcloud client password
MAX_TRIES=2          # Max. number of tries to ask for password
############################################
i=0
while [ $i -lt $MAX_TRIES ]; do
  ((i++))
  open=`qdbus org.kde.kwalletd5 /modules/kwalletd5 isOpen "$WALLET"`
  if [ "$open" = "true" ]; then
    break
  fi
  qdbus org.kde.kwalletd5 /modules/kwalletd5 open "$WALLET" 0 "nextcloud-client-starter" > /dev/null
done
kioclient exec /var/lib/flatpak/exports/share/applications/com.nextcloud.desktopclient.nextcloud.desktop

[JohannesWiesner]

Here is a script that is independent of network manager (inspired by @BloodyAltair). It tries to open the wallet, and only runs the nextcloud-client if the wallet is open.

#!/bin/bash
#
# See https://github.com/nextcloud/desktop/issues/1011
#
############################################
# Adjust the following to suit your needs
WALLET="kdewallet"   # Name of wallet storing nextcloud client password
MAX_TRIES=2          # Max. number of tries to ask for password
############################################
i=0
while [ $i -lt $MAX_TRIES ]; do
  ((i++))
  open=`qdbus org.kde.kwalletd5 /modules/kwalletd5 isOpen "$WALLET"`
  if [ "$open" = "true" ]; then
    break
  fi
  qdbus org.kde.kwalletd5 /modules/kwalletd5 open "$WALLET" 0 "nextcloud-client-starter" > /dev/null
done
nohup nextcloud >> /dev/null 2>&1

The solution works for me, but now everytime that I open the console, Nextcloud client pops up :(

[bernd-wechner]

I don't even know what kdewallet is and don't have it installed and the latest NextCloud client AppImage when started asks me for a kdewallet password? What's up there?

[BloodyAltair]

@bernd-wechner Do you have KDE? If so - you already have KWallet, it is DE component.
In KDE, kwallet is a secrets provider, that securely stores you account passwords, including Nextcloud, WiFi, CalDAV, etc...
You can read more about kwallet (and about auto-unlocking it on login) here (https://wiki.archlinux.org/title/KDE_Wallet)
If you have another DE - this should not happen, its odd😅
However, Nextcloud client (or any other application) should never ask you for KWallet password, the KDE daemons should.

May you clarify more details about your problem?

[bernd-wechner]

@bernd-wechner Do you have KDE? If so - you already have KWallet, it is DE component. In KDE, kwallet is a secrets provider, that securely stores you account passwords, including Nextcloud, WiFi, CalDAV, etc... You can read more about kwallet (and about auto-unlocking it on login) here (https://wiki.archlinux.org/title/KDE_Wallet) If you have another DE - this should not happen, its odd😅 However, Nextcloud client (or any other application) should never ask you for KWallet password, the KDE daemons should.

May you clarify more details about your problem?

I'm on Linux Mint. I have no knowledge of kdewallet, all I did was log in to the Mint/Wayland setup, the Nextcloud client which I run as a Linux AppImage, notified there was an update. I downloaded the update and stopped my client, replaced the appimage, and then it asked me for a kdewallet login and does so persistently with this popup:

The Cancel button does nothing, the OK button does nothing. I have no password but tried my account password to no avail (as stated, I have no idea what kdewallet is or why this AppImage is asking for a login) Only by clicking the X in the title bar can I make it go away, even then it pops up immediately again, and on a second dismissal stays gone and the Settings show. I can see this any time I attempt to display settings from the sys tray Icon.

I will try logging out and in again on an X11 session to see if it continues.

[BloodyAltair]

@bernd-wechner Got it, according to window decorations i guess you have Linux Mint with KDE desktop environemnt. This is expected, not nextcloud-related behavior.
KWallet is a component of KDE. If you're familliar with GNOME - this is almost the same that GNOME Keyring is (or MacOS keyring, almost every modern OS has such functionality), a secret service provider.

When you start your nexctcloud client - it needs password, or any other secret to access your data on nextcloud server.
So, it asks system secrets provider (KWallet) for it. Secret service provider stores passwords, tokens, etc. in encrypted form, and usually it is encrypted with password/hardware security key/GPG key/smthng else.
Because default wallet "kdewallet" is initially locked after system startup - KDE daemon asks you for password to decrypt it.

If you don't know wallet encryption password - it may be your system password.
If you remove kwallet from system - your applications will not be able to securely save passwords and will ask for them at every startup. (E.g Google Chrome, Nextcloud, Remmina, IntellijIDEA, NetworkManager WiFi/VPN)

You can read about KDE Wallet on ArchWiki (see link above), or google it (https://google.it/search?q=how+to+use+kdewallet)
Usually there is a KDE tool for managing wallets: kwalletmanager

[bernd-wechner]

No, I use cinnamon and haven't touched the KDE desktop. That's what makes it bizarre and a Nextcloud client issue IMHO.

[bernd-wechner]

Switched to X11 and same thing. I have zero KDE, no knowledge no care about it and this latest client thinks I care and I can even dismiss the silly login prompt without a dozen X clicks now. All I can think is the client is broken in some way that is detecting KDE (false positive) and assuming therefore I have a kdewallet. Perhaps I installed some KDE tool once and have forgotten and got some baggage with it (not including kdewallet) and this is triggering the false positive.

[bernd-wechner]

Right I found kcachgrind installed so removed it, and then also found kded5, kpackagetool5, kwayland-data and kwayland-integration installed so removed those now:

$ apt list --installed 'k*'
kbd/noble,noble,now 2.6.4-2ubuntu2 amd64 [installed]
keepass2-plugin-keepasshttp/noble,noble,noble,noble,now 1.8.4.2+dfsg1-2.1 all [installed]
keepass2/noble,noble,noble,noble,now 2.47+dfsg-2 all [installed,automatic]
keepassxc/noble,noble,now 2.7.6+dfsg.1-1build3 amd64 [installed]
kerneloops/noble,noble,now 0.12+git20140509-6ubuntu8 amd64 [installed]
keyboard-configuration/noble,noble,noble,noble,now 1.226ubuntu1 all [installed]
keyboxd/noble,noble,now 2.4.4-2ubuntu17 amd64 [installed,automatic]
keyutils/noble,noble,now 1.6.3-3build1 amd64 [installed]
klibc-utils/noble-updates,noble-security,now 2.0.13-4ubuntu0.1 amd64 [installed]
klogg/now 23.07.0.1541 amd64 [installed,local]
kmod/noble,noble,now 31+20240202-2ubuntu7 amd64 [installed]
kpartx-boot/noble,noble,noble,noble,now 0.9.4-5ubuntu8 all [installed]
kpartx/noble,noble,now 0.9.4-5ubuntu8 amd64 [installed]
krb5-locales/noble-updates,noble-updates,now 1.20.1-6ubuntu2.2 all [installed]
krb5-multidev/noble-updates,now 1.20.1-6ubuntu2.2 amd64 [installed]

Drilling deeper:

$ apt list --installed 'kde'
Listing... Done
libblockdev-crypto3/noble,noble,now 3.1.1-1 amd64 [installed,automatic]
libblockdev-fs3/noble,noble,now 3.1.1-1 amd64 [installed,automatic]
libblockdev-loop3/noble,noble,now 3.1.1-1 amd64 [installed,automatic]
libblockdev-mdraid3/noble,noble,now 3.1.1-1 amd64 [installed,automatic]
libblockdev-nvme3/noble,noble,now 3.1.1-1 amd64 [installed,automatic]
libblockdev-part3/noble,noble,now 3.1.1-1 amd64 [installed,automatic]
libblockdev-swap3/noble,noble,now 3.1.1-1 amd64 [installed,automatic]
libblockdev-utils3/noble,noble,now 3.1.1-1 amd64 [installed,automatic]
libblockdev3/noble,noble,now 3.1.1-1 amd64 [installed,automatic]
libobasis24.2-kde-integration/now 24.2.0.3-3 amd64 [installed,local]
qml-module-org-kde-sonnet/noble,noble,now 5.115.0-0ubuntu5 amd64 [installed,auto-removable]

I removed libobasis24.2-kde-integration and qml-module-org-kde-sonnet as well.

Found okular installed so removed that.

All of which did not help. Finally I had success when I found and removed libkwalletbackend5-5 and ~/.local/share/kwalletd and finally restarted the NextCloud client and it's working again without this stupid prompt.

I have no idea where any of that kwallet stuff came from or when, but this package "libkwalletbackend5-5" was ultimately the likely cause of the confusion the NextCloud client experienced.