From 576363cdca9e1000a634cecbad46d8393cdab4c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20unbrot=20P=C3=A4tzold?= <unbrot@obel1x.de>
Date: Sat, 25 Apr 2026 17:30:49 +0200
Subject: [PATCH] Fix Nextcloud app password not stored in KWallet after
 autoprovisioning

The Flatpak autoprovisioning command does not reliably write credentials
to KWallet from inside the sandbox. After provisioning, directly write
both KWallet entries (user:url/:0 and user_app-password:url/:0) via
qdbus, creating the Nextcloud folder first if needed. kwallet-query was
tried but silently returns 0 without creating missing folders.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../0050_nextcloud_desktopclient/user_run.sh  | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/client_software/0050_nextcloud_desktopclient/user_run.sh b/client_software/0050_nextcloud_desktopclient/user_run.sh
index d822e8f..8657bf7 100755
--- a/client_software/0050_nextcloud_desktopclient/user_run.sh
+++ b/client_software/0050_nextcloud_desktopclient/user_run.sh
@@ -93,6 +93,35 @@ for i in {0..99}; do
             echo "Please check the above output!"
             exit 1
         fi
+        # The Flatpak autoprovisioning may not successfully write the apppassword to
+        # KWallet from inside the sandbox, so write it directly via D-Bus.
+        # Nextcloud stores HTTP credentials in folder "Nextcloud" with keys:
+        #   user:url/:0            (legacy password entry)
+        #   user_app-password:url/:0  (app password entry, used for auth)
+        NC_WALLET_URL="https://${SERVERFQDN_NC}/"
+        NC_WALLET_APPID="logon_script"
+        NC_QB_CMD="qdbus-qt6"
+        if ! command -v ${NC_QB_CMD} >/dev/null 2>&1; then NC_QB_CMD="qdbus"; fi
+        NC_QB_SVC="org.kde.kwalletd"
+        NC_QB_PATH="/modules/kwalletd6"
+        if ! ( ${NC_QB_CMD} "${NC_QB_SVC}" | grep -q "${NC_QB_PATH}" ); then
+            NC_QB_PATH="/modules/kwalletd5"
+        fi
+        echo "Writing Nextcloud app password to KWallet via D-Bus (${NC_QB_PATH})"
+        NC_WALLET_HANDLE=$(${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.open "kdewallet" 0 "${NC_WALLET_APPID}")
+        if [[ -n "${NC_WALLET_HANDLE}" && "${NC_WALLET_HANDLE}" != "-1" ]]; then
+            HAS_FOLDER=$(${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.hasFolder "${NC_WALLET_HANDLE}" "Nextcloud" "${NC_WALLET_APPID}")
+            if [[ "${HAS_FOLDER}" != "true" ]]; then
+                ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.createFolder "${NC_WALLET_HANDLE}" "Nextcloud" "${NC_WALLET_APPID}" >/dev/null
+            fi
+            ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.writePassword "${NC_WALLET_HANDLE}" "Nextcloud" "${DAVTOKEN_USER}:${NC_WALLET_URL}:0" "${DAVTOKEN_PASS}" "${NC_WALLET_APPID}" >/dev/null
+            ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.writePassword "${NC_WALLET_HANDLE}" "Nextcloud" "${DAVTOKEN_USER}_app-password:${NC_WALLET_URL}:0" "${DAVTOKEN_PASS}" "${NC_WALLET_APPID}" >/dev/null
+            ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.sync "${NC_WALLET_HANDLE}" "${NC_WALLET_APPID}" >/dev/null
+            ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.close "${NC_WALLET_HANDLE}" false "${NC_WALLET_APPID}" >/dev/null
+            echo "Nextcloud app password written to KWallet successfully."
+        else
+            echo "Warning: Could not open KWallet (handle: ${NC_WALLET_HANDLE}). Nextcloud may prompt for credentials on next start."
+        fi
     fi
 done