Changing the password will result in data loss, because data recovery is not available for this user.

[stone212]

Steps to reproduce

1. use nextcloud-snap (NC13)
2. migrate /data and mysql to fresh NC13 install
3. Log in as admin
4. Try to change a user password

Expected behaviour

I should get a box under "Password" where I can enter the password with no messages or warnings

Actual behaviour

Tell us what happens instead

When I click to change a password I see this:

Changing the password will result in data loss, because data recovery is not available for this user.

What is this? Why is it happening on a new server?

Server configuration

Operating system:
Ubuntu 16.04

Web server:
Apache2
Database:
mariaDB
PHP version:
7
Nextcloud version: (see Nextcloud admin page)
13
Updated from an older Nextcloud/ownCloud or fresh install:
nextcloud-snap 13 migration
Where did you install Nextcloud from:

Signing status:

Signing status

Login as admin user into your Nextcloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.

List of activated apps:

App list

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder

Nextcloud configuration:

Config report

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

or 

Insert your config.php content here. 
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)

Are you using external storage, if yes which one: local/smb/sftp/...

Are you using encryption: yes/no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

LDAP configuration (delete this part if not used)

LDAP config

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your Nextcloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration

Browser:

Operating system:

Logs

Web server error log

Web server error log

Insert your webserver log here

Nextcloud log (data/nextcloud.log)

Nextcloud log

Insert your Nextcloud log here

Browser log

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...

[MorrisJobke]

Changing the password will result in data loss, because data recovery is not available for this user.

This is most likely because you enabled encryption. See https://docs.nextcloud.com/server/stable/admin_manual/configuration_files/encryption_configuration.html for more details about the encryption. If you have an account without a recovery key being set up and want to change the password it will cause your data to be unavailable, because you encrypted it with your old password.

For more help please reach out in the forums: https://help.nextcloud.com

[stone212]

@MorrisJobke

This is most likely because you enabled encryption.

Mostly but not exactly. I think what happened is that for encryption is enabled by default, and that caused confusion because I was coming from an old, unencrypted version.

[MorrisJobke]

Encryption is not enabled by default. Could you check if it is enabled in your setup?

[stone212]

@MorrisJobke

Encryption is not enabled by default. Could you check if it is enabled in your setup?

It is not enabled now because I manually disabled it. When I installed NC it was enabled. Then I did another install of NC and it was installed by default.

[MorrisJobke]

It is not enabled now because I manually disabled it. When I installed NC it was enabled. Then I did another install of NC and it was installed by default.

We never enabled the encryption because it actively needs 2 button clicks to really enabled it. Also if it was enabled it will still load until all apps are decrypted properly thus I would say that this is the reason for the above message. There is a decrypt-all command for the occ CLI tool: https://docs.nextcloud.com/server/stable/admin_manual/configuration_files/encryption_configuration.html

[stone212]

@MorrisJobke

We never enabled the encryption because it actively needs 2 button clicks to really enabled it.

This is not what I experienced. On every upgrade or install of NC15 (one upgrade and two installs) I found the Default Encryption module enabled. I did not like this but then I thought "oh, it's Default Encryption module". Anyway it was definitely enabled when I installed. No two clicks needed, not even one click.

Also if it was enabled it will still load until all apps are decrypted properly

I don't know what this means?

There is a decrypt-all command for the occ CLI tool

But I don't want to decrypt anything. I have nothing encrypted. The module was enabled and that was a problem but I have nothing encrypted on the server so why would I want to de-crypt it?

I wonder maybe we are talking about two different things? I am discussing the original Issue that I posted that has nothing to do with "apps" being encrypted.

[MorrisJobke]

This is not what I experienced. On every upgrade or install of NC15 (one upgrade and two installs) I found the Default Encryption module enabled. I did not like this but then I thought "oh, it's Default Encryption module". Anyway it was definitely enabled when I installed. No two clicks needed, not even one click.

What do you mean by this? Enabled in the apps management or in the encryption section of the admin settings. The one in the apps management could be true, but this does exactly nothing except allow to later enable it via 2 clicks in the encryption admin settings. I was talking about the enabled encryption state that is not enabled by default - for sure.

I don't know what this means?

The app is enabled, but the encryption module is not used in the encryption settings.

Let me get you some pictures:

• app is enabled in the app management, but this is fine, because it does nothing except showing the option to enable encryption:
  

• this is the "two clicks needed" stuff I mentioned - if you didn't see this no encryption of files is done:
  

• this is how it looks like after clicking the "Enable encryption" button - then files start to get encrypted:
  

Does it make it now more clear?

I wonder maybe we are talking about two different things? I am discussing the original Issue that I posted that has nothing to do with "apps" being encrypted.

This message from your initial post

Changing the password will result in data loss, because data recovery is not available for this user.

only shows up when encryption was enabled in the past or still is. Thus we show the warning.

cc @schiessle

[MorrisJobke]

See also https://docs.nextcloud.com/server/stable/admin_manual/configuration_files/encryption_configuration.html

[stone212]

@MorrisJobke I am not sure what you are asking or what those screenshots are saying but I am certain you are interested in resolving this for other users so I will try to continue to help.

Let me explain as clearly as I can:

When I migrated from a server where none of my files were encrypted to a new server with a fresh install of Nextcloud 13, I received the error message I described.

The way I solved it was to go into the Apps list and disable "Default Encryption". Then everything was OK.

But it was very confusing because:

a) I did not know what Default Encryption was

b) I did not know that Nextcloud even offered encryption

c) I received help from people talking about other settings that I did not understand (and as a result I think I posted some confused replies)

Anyway this was the end result: disable the App and the error goes away. I do not know why it was enabled. I do not recognize those screenshots but also it has been many weeks since I had to touch anything related to Nextcloud.