Skip to content

[Bug]: Delete user - Wipe all devices - Disable user #38643

New issue
New issue
Open
Overview
Open
[Bug]: Delete user - Wipe all devices - Disable user#38643
Overview
Labels
0. Needs triagePending check for reproducibility or if it fits our roadmapclient: 💻 desktopclient: 🤖🍏 mobilefeature: authenticationfeature: users and groupsoverviewtechnical debt
@marinofaggiana

Description

@marinofaggiana
marinofaggiana
opened on Jun 5, 2023

⚠️ This issue respects the following points: ⚠️

  • This is a bug, not a question or a configuration/webserver/proxy issue.
  • This issue is not already reported on Github (I've searched it).
  • Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
  • Nextcloud Server is running on 64bit capable CPU, PHP and OS.
  • I agree to follow Nextcloud's Code of Conduct.

Bug description

According to client management the functions for deleting a user are not correctly handled.

-1-
If you delete a user clients get a 401 http error (JSON internal error 997) we are then forced to block the flow, delete the password and immediately request new credentials, which would practically also mean deleting the internal files as server-side, otherwise one would not understand why deleting a user and leaving the data within the client would take up so much space on the phone.

So you don't understand the real difference between delete user and wipe all devices

-2-
Disabling the user should be momentary, so that temporarily the client no longer has access to the server (although it can still consult the local data?). But on the client side there is no difference between Delete user and Disable user (error 401 JSON error 997) which would still mean having to request credentials with the login mask.

-3-
For more than a few customers, it happens that the user on his phone inexplicably receives a 401 and is forced to log in, are we sure that on the server side nobody has disabled the user so this 401 was generated somewhere .

Steps to reproduce

  1. select a user
  2. choice an option for delete / wipe / disable

Expected behavior

-1-
the duplicate of Delete user / Wipe all device should simply be "Delete user" I would like to remind you that at least under iOS, the data in the sandbox is and will remain unlawful, so even if you do not destroy the local data, it will remain unusable.

-2-
use a different error between delete and disable.

-3-
Deleting or disabling a user should generate an error that is not a 401 standad as it can happen in other contexts as well.

Installation method

None

Nextcloud Server version

26

Operating system

None

PHP engine version

None

Web server

None

Database engine version

None

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

No response

List of activated Apps

not required for this type of issue.

Nextcloud Signing status

No response

Nextcloud Logs

No response

Additional info

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    0. Needs triagePending check for reproducibility or if it fits our roadmapclient: 💻 desktopclient: 🤖🍏 mobilefeature: authenticationfeature: users and groupsoverviewtechnical debt

    Type

    Overview

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions