webdav: Tell users about missing app password, if 2fa is enabled #59085
Description
When there is 2FA enabled, users have to use an app password to login in via webdav and client app. If they use their normal password, they get an http error.
The server logs don't tell anything about that. I'm also wondering, whether this is a decision about security? Anyways I didn't found any issues regarding that. The above situation gives:
{
"reqId": "kyZxxZzW0hKOL66NEAQj",
"level": 3,
"time": "2026-03-19T14:29:46+00:00",
"remoteAddr": "10.73.21.165",
"user": "USERNAME",
"app": "webdav",
"method": "OPTIONS",
"url": "/remote.php/dav/files/USERNAME",
"scriptName": "/remote.php",
"message": "OC\\Authentication\\Exceptions\\InvalidTokenException: Token does not exist: token does not exist",
"userAgent": "gvfs/1.50.3",
"version": "32.0.6.1",
"exception": {
"Exception": "Sabre\\DAV\\Exception\\ServiceUnavailable",
"Message": "OC\\Authentication\\Exceptions\\InvalidTokenException: Token does not exist: token does not exist",
"Code": 0,
"Trace": [
{
"file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php",
"line": 179,
--
It would save a lots of debugging, if the logs would acutally just tell the admin, that the user tries to authenticate with their main password, but have 2FA enabled.