[Bug]: .devcontainer: Always wrong password while confirmation of creating the external storage or changing global credentials

[jrjik]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

What is broken

• Saving global credentials / confirming the creation of an External Storage failed with a 403 (wrong password) on POST /index.php/apps/files_external/globalcredentials.

• Root cause

  • In the dev container, Apache was not applying .htaccess and not passing the Authorization header to PHP.
  • The endpoint has strict password validation enabled (PasswordConfirmationRequired strict). Without the Authorization header, it always returns a 403.

What was done (fix)

• Enabled Apache modules: headers, rewrite, env
• Added the following block to the vhost for /var/www/html:

  <Directory /var/www/html>
      AllowOverride All
      Require all granted
  </Directory>

• Configuration verification and Apache reload
• These changes are applied automatically during .devcontainer build

Solution implemented in PR

• The proposed configuration changes have been implemented in the attached pull request

• No manual command execution required - everything is handled during container setup

• Scope of impact

  • Only the dev container (environment); no Nextcloud code was changed

• Risks/Rollback

  • Low. The changes are specific to development environment configuration

• Why it was done this way

  • Nextcloud's .htaccess already contains the necessary rules (rewrite, passing Authorization, headers). These only work with AllowOverride All
  • Without it and without passing the Authorization header, the strict password validation always failed

Steps to reproduce

• How to reproduce before the fix
  1. Go to Admin → External storage
  2. Try to save global credentials or confirm external storage creation
  3. Get a 403 error and a "wrong password" notification

Expected behavior

• How to verify after the fix
  • Repeat the steps: The UI should save successfully, the request should return 200, and the credentials should be applied
  • Check Nextcloud logs for the absence of 403 errors from PasswordConfirmationMiddleware

Nextcloud Server version

master

Operating system

Other

PHP engine version

None

Web server

None

Database engine version

None

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "127.0.0.1"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "sqlite3",
        "version": "33.0.0.1",
        "overwrite.cli.url": "http:\/\/127.0.0.1",
        "updater.release.channel": "git",
        "installed": true,
        "htaccess.RewriteBase": "\/",
        "auth.bruteforce.protection.enabled": false,
        "maintenance": false,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "1025",
        "memcache.local": "\\OC\\Memcache\\APCu"
    }
}


{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "127.0.0.1"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "sqlite3",
        "version": "33.0.0.1",
        "overwrite.cli.url": "http:\/\/127.0.0.1",
        "updater.release.channel": "git",
        "installed": true,
        "htaccess.RewriteBase": "\/",
        "auth.bruteforce.protection.enabled": false,
        "maintenance": false,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "1025",
        "memcache.local": "\\OC\\Memcache\\APCu"
    }
}


{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "127.0.0.1"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "sqlite3",
        "version": "33.0.0.1",
        "overwrite.cli.url": "http:\/\/127.0.0.1",
        "updater.release.channel": "git",
        "installed": true,
        "htaccess.RewriteBase": "\/",
        "auth.bruteforce.protection.enabled": false,
        "maintenance": false,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "1025",
        "memcache.local": "\\OC\\Memcache\\APCu"
    }
}

List of activated Apps

Enabled:
  - cloud_federation_api: 1.17.0
  - comments: 1.23.0
  - contactsinteraction: 1.14.1
  - dashboard: 7.13.0
  - dav: 1.35.0
  - federatedfilesharing: 1.23.0
  - federation: 1.23.0
  - files: 2.5.0
  - files_external: 1.25.1
  - files_reminders: 1.6.0
  - files_sharing: 1.25.0
  - files_trashbin: 1.23.0
  - files_versions: 1.26.0
  - lookup_server_connector: 1.21.0
  - mail: 5.5.7
  - oauth2: 1.21.0
  - profile: 1.2.0
  - provisioning_api: 1.23.0
  - settings: 1.16.0
  - sharebymail: 1.23.0
  - systemtags: 1.23.0
  - theming: 2.8.0
  - twofactor_backupcodes: 1.22.0
  - updatenotification: 1.23.0
  - user_status: 1.13.0
  - weather_status: 1.13.0
  - webhook_listeners: 1.4.1
  - workflowengine: 2.15.0
Disabled:
  - admin_audit: 1.23.0
  - encryption: 2.21.0
  - testing: 1.23.0
  - user_ldap: 1.24.0
Enabled:
  - cloud_federation_api: 1.17.0
  - comments: 1.23.0
  - contactsinteraction: 1.14.1
  - dashboard: 7.13.0
  - dav: 1.35.0
  - federatedfilesharing: 1.23.0
  - federation: 1.23.0
  - files: 2.5.0
  - files_external: 1.25.1
  - files_reminders: 1.6.0
  - files_sharing: 1.25.0
  - files_trashbin: 1.23.0
  - files_versions: 1.26.0
  - lookup_server_connector: 1.21.0
  - mail: 5.5.7
  - oauth2: 1.21.0
  - profile: 1.2.0
  - provisioning_api: 1.23.0
  - settings: 1.16.0
  - sharebymail: 1.23.0
  - systemtags: 1.23.0
  - theming: 2.8.0
  - twofactor_backupcodes: 1.22.0
  - updatenotification: 1.23.0
  - user_status: 1.13.0
  - weather_status: 1.13.0
  - webhook_listeners: 1.4.1
  - workflowengine: 2.15.0
Disabled:
  - admin_audit: 1.23.0
  - encryption: 2.21.0
  - testing: 1.23.0
  - user_ldap: 1.24.0
Enabled:
  - cloud_federation_api: 1.17.0
  - comments: 1.23.0
  - contactsinteraction: 1.14.1
  - dashboard: 7.13.0
  - dav: 1.35.0
  - federatedfilesharing: 1.23.0
  - federation: 1.23.0
  - files: 2.5.0
  - files_external: 1.25.1
  - files_reminders: 1.6.0
  - files_sharing: 1.25.0
  - files_trashbin: 1.23.0
  - files_versions: 1.26.0
  - lookup_server_connector: 1.21.0
  - mail: 5.5.7
  - oauth2: 1.21.0
  - profile: 1.2.0
  - provisioning_api: 1.23.0
  - settings: 1.16.0
  - sharebymail: 1.23.0
  - systemtags: 1.23.0
  - theming: 2.8.0
  - twofactor_backupcodes: 1.22.0
  - updatenotification: 1.23.0
  - user_status: 1.13.0
  - weather_status: 1.13.0
  - webhook_listeners: 1.4.1
  - workflowengine: 2.15.0
Disabled:
  - admin_audit: 1.23.0
  - encryption: 2.21.0
  - testing: 1.23.0
  - user_ldap: 1.24.0

Nextcloud Signing status

Nextcloud Logs

{"reqId":"MuNk3WkHkvQZAXx4oyKd","level":2,"time":"2025-10-09T08:30:12+00:00","remoteAddr":"192.168.65.1","user":"admin","app":"no app in context","method":"GET","url":"/index.php/apps/files/","message":"Error while getting quota info, using root quota","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 YaBrowser/25.8.0.0 Safari/537.36","version":"33.0.0.1","exception":{"Exception":"OCP\\Files\\StorageNotAvailableException","Message":"Local storage path does not exist \"/mnt/nextcloud/r/\"","Code":1,"Trace":[{"file":"/var/www/html/lib/private/Files/Storage/Wrapper/Wrapper.php","line":266,"function":"getAvailability","class":"OC\\Files\\Storage\\FailedStorage","type":"->"},{"file":"/var/www/html/lib/private/Files/Storage/Wrapper/Wrapper.php","line":266,"function":"getAvailability","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->"},{"file":"/var/www/html/lib/private/Files/Storage/Wrapper/Wrapper.php","line":266,"function":"getAvailability","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->"},{"file":"/var/www/html/lib/private/Files/Storage/Wrapper/Availability.php","line":57,"function":"getAvailability","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->"},{"file":"/var/www/html/lib/private/Files/Storage/Wrapper/Availability.php","line":68,"function":"isAvailable","class":"OC\\Files\\Storage\\Wrapper\\Availability","type":"->"},{"file":"/var/www/html/lib/private/Files/Storage/Wrapper/Availability.php","line":77,"function":"checkAvailability","class":"OC\\Files\\Storage\\Wrapper\\Availability","type":"->"},{"file":"/var/www/html/lib/private/Files/Storage/Wrapper/Availability.php","line":186,"function":"handleAvailability","class":"OC\\Files\\Storage\\Wrapper\\Availability","type":"->"},{"file":"/var/www/html/lib/private/Files/Storage/Wrapper/Wrapper.php","line":155,"function":"free_space","class":"OC\\Files\\Storage\\Wrapper\\Availability","type":"->"},{"file":"/var/www/html/lib/private/legacy/OC_Helper.php","line":264,"function":"free_space","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->"},{"file":"/var/www/html/apps/files/lib/Controller/ViewController.php","line":78,"function":"getStorageInfo","class":"OC_Helper","type":"::"},{"file":"/var/www/html/apps/files/lib/Controller/ViewController.php","line":171,"function":"getStorageInfo","class":"OCA\\Files\\Controller\\ViewController","type":"->"},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":205,"function":"index","class":"OCA\\Files\\Controller\\ViewController","type":"->"},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":118,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/lib/private/AppFramework/App.php","line":153,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/lib/private/Route/Router.php","line":321,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/html/lib/base.php","line":1096,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/html/index.php","line":25,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/lib/private/Files/Storage/FailedStorage.php","Line":181,"Hint":"Storage is temporarily not available","Previous":{"Exception":"OCP\\Files\\StorageNotAvailableException","Message":"Local storage path does not exist \"/mnt/nextcloud/r/\"","Code":1,"Trace":[{"file":"/var/www/html/apps/files_external/lib/Config/ConfigAdapter.php","line":123,"function":"getAvailability","class":"OC\\Files\\Storage\\FailedStorage","type":"->"},{"function":"{closure:OCA\\Files_External\\Config\\ConfigAdapter::getMountsForUser():121}","class":"OCA\\Files_External\\Config\\ConfigAdapter","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/apps/files_external/lib/Config/ConfigAdapter.php","line":121,"function":"array_map"},{"file":"/var/www/html/lib/private/Files/Config/MountProviderCollection.php","line":56,"function":"getMountsForUser","class":"OCA\\Files_External\\Config\\ConfigAdapter","type":"->"},{"file":"/var/www/html/lib/private/Files/Config/MountProviderCollection.php","line":113,"function":"getMountsFromProvider","class":"OC\\Files\\Config\\MountProviderCollection","type":"->"},{"file":"/var/www/html/lib/private/Files/SetupManager.php","line":205,"function":"addMountForUser","class":"OC\\Files\\Config\\MountProviderCollection","type":"->"},{"file":"/var/www/html/lib/private/Files/SetupManager.php","line":316,"function":"{closure:OC\\Files\\SetupManager::setupForUser():204}","class":"OC\\Files\\SetupManager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Files/SetupManager.php","line":204,"function":"setupForUserWith","class":"OC\\Files\\SetupManager","type":"->"},{"file":"/var/www/html/lib/private/Files/SetupManager.php","line":390,"function":"setupForUser","class":"OC\\Files\\SetupManager","type":"->"},{"file":"/var/www/html/lib/private/Files/Mount/Manager.php","line":75,"function":"setupForPath","class":"OC\\Files\\SetupManager","type":"->"},{"file":"/var/www/html/lib/private/Files/View.php","line":1422,"function":"find","class":"OC\\Files\\Mount\\Manager","type":"->"},{"file":"/var/www/html/lib/private/Files/Filesystem.php","line":659,"function":"getFileInfo","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/html/apps/files/lib/Controller/ViewController.php","line":76,"function":"getFileInfo","class":"OC\\Files\\Filesystem","type":"::"},{"file":"/var/www/html/apps/files/lib/Controller/ViewController.php","line":169,"function":"getStorageInfo","class":"OCA\\Files\\Controller\\ViewController","type":"->"},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":205,"function":"index","class":"OCA\\Files\\Controller\\ViewController","type":"->"},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":118,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/lib/private/AppFramework/App.php","line":153,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/lib/private/Route/Router.php","line":321,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/html/lib/base.php","line":1096,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/html/index.php","line":25,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/lib/private/Files/Storage/FailedStorage.php","Line":181,"Hint":"Storage is temporarily not available","Previous":{"Exception":"OCP\\Files\\StorageNotAvailableException","Message":"Local storage path does not exist \"/mnt/nextcloud/r/\"","Code":1,"Trace":[{"file":"/var/www/html/apps/files_external/lib/Config/ConfigAdapter.php","line":86,"function":"__construct","class":"OC\\Files\\Storage\\Local","type":"->"},{"file":"/var/www/html/apps/files_external/lib/Config/ConfigAdapter.php","line":109,"function":"constructStorage","class":"OCA\\Files_External\\Config\\ConfigAdapter","type":"->"},{"function":"{closure:OCA\\Files_External\\Config\\ConfigAdapter::getMountsForUser():106}","class":"OCA\\Files_External\\Config\\ConfigAdapter","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/apps/files_external/lib/Config/ConfigAdapter.php","line":106,"function":"array_map"},{"file":"/var/www/html/lib/private/Files/Config/MountProviderCollection.php","line":56,"function":"getMountsForUser","class":"OCA\\Files_External\\Config\\ConfigAdapter","type":"->"},{"file":"/var/www/html/lib/private/Files/Config/MountProviderCollection.php","line":113,"function":"getMountsFromProvider","class":"OC\\Files\\Config\\MountProviderCollection","type":"->"},{"file":"/var/www/html/lib/private/Files/SetupManager.php","line":205,"function":"addMountForUser","class":"OC\\Files\\Config\\MountProviderCollection","type":"->"},{"file":"/var/www/html/lib/private/Files/SetupManager.php","line":316,"function":"{closure:OC\\Files\\SetupManager::setupForUser():204}","class":"OC\\Files\\SetupManager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Files/SetupManager.php","line":204,"function":"setupForUserWith","class":"OC\\Files\\SetupManager","type":"->"},{"file":"/var/www/html/lib/private/Files/SetupManager.php","line":390,"function":"setupForUser","class":"OC\\Files\\SetupManager","type":"->"},{"file":"/var/www/html/lib/private/Files/Mount/Manager.php","line":75,"function":"setupForPath","class":"OC\\Files\\SetupManager","type":"->"},{"file":"/var/www/html/lib/private/Files/View.php","line":1422,"function":"find","class":"OC\\Files\\Mount\\Manager","type":"->"},{"file":"/var/www/html/lib/private/Files/Filesystem.php","line":659,"function":"getFileInfo","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/html/apps/files/lib/Controller/ViewController.php","line":76,"function":"getFileInfo","class":"OC\\Files\\Filesystem","type":"::"},{"file":"/var/www/html/apps/files/lib/Controller/ViewController.php","line":169,"function":"getStorageInfo","class":"OCA\\Files\\Controller\\ViewController","type":"->"},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":205,"function":"index","class":"OCA\\Files\\Controller\\ViewController","type":"->"},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":118,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/lib/private/AppFramework/App.php","line":153,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/lib/private/Route/Router.php","line":321,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/html/lib/base.php","line":1096,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/html/index.php","line":25,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/lib/private/Files/Storage/Local.php","Line":71,"Hint":"Storage is temporarily not available"}},"message":"Error while getting quota info, using root quota","exception":{},"CustomMessage":"Error while getting quota info, using root quota"}}

Additional info

Maybe the Dockerfile/setup.sh dont have the best optimized configuration - I`m not a devops, but I tried my best.

[jrjik]

Here is a PR:

#55652