Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PROPFINDs on single file public link files return incorrect href and downloadURL #4758

Closed
dschmidt opened this issue Oct 7, 2022 · 3 comments
Closed

PROPFINDs on single file public link files return incorrect href and downloadURL #4758

dschmidt opened this issue Oct 7, 2022 · 3 comments
Assignees
@butonic @SwikritiT
Labels
Priority:p2-high Escalation, on top of current planning, release blocker Type:Bug
Milestone
2.0.0 General Ava...

Comments

@dschmidt
Copy link
Member

dschmidt commented Oct 7, 2022

Describe the bug

PROPFINDs to a filename in a single file (!) public link share return invalid href and downloadURL. The filename seems to be appended to whatever was requested instead of the root of the public link share.

Steps to reproduce

  1. Create a single file public link (user shares don't seem to be affected)
  2. Do a PROPFIND on the file itself
  3. See the filename duplicated in href and downloadURL

Expected behavior

href and downloadURL point to the canonical correct url of the file

Actual behavior

http --verify=no PROPFIND https://host.docker.internal:9200/remote.php/dav/public-files/aeeGcYCMxdaMTZU
HTTP/1.1 207 Multi-Status
Access-Control-Allow-Origin: *
Content-Length: 1323
Content-Security-Policy: default-src 'none';
Content-Type: application/xml; charset=utf-8
Date: Fri, 07 Oct 2022 10:16:04 GMT
Dav: 1, 3, extended-mkcol
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-Xss-Protection: 1; mode=block

<?xml version="1.0" encoding="utf-8"?>
<d:multistatus xmlns:s="http://sabredav.org/ns" xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns">
  <d:response>
    <d:href>/remote.php/dav/public-files/aeeGcYCMxdaMTZU/</d:href>
    <d:propstat>
      <d:prop>
        <d:resourcetype>
          <d:collection/>
        </d:resourcetype>
      </d:prop>
      <d:status>HTTP/1.1 200 OK</d:status>
    </d:propstat>
  </d:response>
  <d:response>
    <d:href>/remote.php/dav/public-files/aeeGcYCMxdaMTZU/ownCloud%20Manual.pdf</d:href>
    <d:propstat>
      <d:prop>
        <oc:id>1284d238-aa92-42ce-bdc4-0b0000009157$some-admin-user-id-0000-000000000000!11238f9b-a510-4a0c-b6b1-984829826b2f</oc:id>
        <oc:fileid>1284d238-aa92-42ce-bdc4-0b0000009157$some-admin-user-id-0000-000000000000!11238f9b-a510-4a0c-b6b1-984829826b2f</oc:fileid>
        <oc:spaceid>some-admin-user-id-0000-000000000000</oc:spaceid>
        <oc:name>ownCloud Manual.pdf</oc:name>
        <d:getetag>&quot;9efa1e0cd318faa2f4a0d4cb5eab38d0&quot;</d:getetag>
        <oc:permissions/>
        <d:resourcetype/>
        <d:getcontentlength>6668668</d:getcontentlength>
        <d:getcontenttype>application/pdf</d:getcontenttype>
        <d:getlastmodified>Fri, 07 Oct 2022 10:14:23 GMT</d:getlastmodified>
        <oc:checksums>
          <oc:checksum>SHA1:346f7b57dd5489e5ded01316fd1cc723c4301c00 MD5:dcf532c1acfa3d8a7b6d6b393dfcd89d ADLER32:723ea1ec</oc:checksum>
        </oc:checksums>
      </d:prop>
      <d:status>HTTP/1.1 200 OK</d:status>
    </d:propstat>
  </d:response>
</d:multistatus>

http --verify=no PROPFIND https://host.docker.internal:9200/remote.php/dav/public-files/aeeGcYCMxdaMTZU/ownCloud%20Manual.pdf
HTTP/1.1 207 Multi-Status
Access-Control-Allow-Origin: *
Content-Length: 1132
Content-Security-Policy: default-src 'none';
Content-Type: application/xml; charset=utf-8
Date: Fri, 07 Oct 2022 10:16:19 GMT
Dav: 1, 3, extended-mkcol
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-Xss-Protection: 1; mode=block

<?xml version="1.0" encoding="utf-8"?>
<d:multistatus xmlns:s="http://sabredav.org/ns" xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns">
  <d:response>
    <d:href>/remote.php/dav/public-files/aeeGcYCMxdaMTZU/ownCloud%20Manual.pdf/ownCloud%20Manual.pdf</d:href>
    <d:propstat>
      <d:prop>
        <oc:id>1284d238-aa92-42ce-bdc4-0b0000009157$some-admin-user-id-0000-000000000000!11238f9b-a510-4a0c-b6b1-984829826b2f</oc:id>
        <oc:fileid>1284d238-aa92-42ce-bdc4-0b0000009157$some-admin-user-id-0000-000000000000!11238f9b-a510-4a0c-b6b1-984829826b2f</oc:fileid>
        <oc:spaceid>some-admin-user-id-0000-000000000000</oc:spaceid>
        <oc:name>ownCloud Manual.pdf</oc:name>
        <d:getetag>&quot;9efa1e0cd318faa2f4a0d4cb5eab38d0&quot;</d:getetag>
        <oc:permissions/>
        <d:resourcetype/>
        <d:getcontentlength>6668668</d:getcontentlength>
        <d:getcontenttype>application/pdf</d:getcontenttype>
        <d:getlastmodified>Fri, 07 Oct 2022 10:14:23 GMT</d:getlastmodified>
        <oc:checksums>
          <oc:checksum>SHA1:346f7b57dd5489e5ded01316fd1cc723c4301c00 MD5:dcf532c1acfa3d8a7b6d6b393dfcd89d ADLER32:723ea1ec</oc:checksum>
        </oc:checksums>
      </d:prop>
      <d:status>HTTP/1.1 200 OK</d:status>
    </d:propstat>
  </d:response>
</d:multistatus>

I expect those two requests to return the same href and downloadURL for the same resource, but as you can see the filename is somehow appended to the requested url.

It does not seem to matter what filename is requested, as long as there's a slash and anything after the public link token in the requested url, the filename gets simply appended.
@dschmidt dschmidt mentioned this issue Oct 7, 2022
Merged
18 tasks
@butonic butonic added this to the 2.0.0 General Availability milestone Oct 7, 2022
@butonic butonic assigned butonic and unassigned butonic Oct 7, 2022
dschmidt added a commit to owncloud/web that referenced this issue Oct 7, 2022
@dschmidt
Fix opening single file public link share opening in apps
2b61063 
Add workaround for owncloud/ocis#4758
Without this workaround we see infinite redirects appending the filename
over and over again.
@micbar micbar added GA-Blocker Priority:p2-high Escalation, on top of current planning, release blocker labels Oct 7, 2022
@butonic butonic mentioned this issue Oct 7, 2022
Merged
dschmidt added a commit to owncloud/web that referenced this issue Oct 7, 2022
@dschmidt
Fix opening single file public link share opening in apps
5d7f0bb 
Add workaround for owncloud/ocis#4758
Without this workaround we see infinite redirects appending the filename
over and over again.
kulmann pushed a commit to owncloud/web that referenced this issue Oct 10, 2022
@dschmidt @kulmann
Fix opening single file public link share opening in apps
7277158 
Add workaround for owncloud/ocis#4758
Without this workaround we see infinite redirects appending the filename
over and over again.
@butonic
Copy link
Member

butonic commented Oct 12, 2022

needs a reva update in ocis that pulls in cs3org/reva#3324

@butonic butonic mentioned this issue Oct 12, 2022
Closed
@butonic
Copy link
Member

butonic commented Oct 12, 2022

already pulled in as part of #4781

@butonic butonic closed this as completed Oct 12, 2022
@amrita-shrestha amrita-shrestha moved this from Done to Needs Tests in Infinite Scale Team Board Dec 22, 2022
@SwikritiT SwikritiT self-assigned this Jan 12, 2023
This was referenced Jan 13, 2023
Merged
Merged
@SwikritiT
Copy link
Contributor

SwikritiT commented Jan 16, 2023
edited
Loading

API tests added

@SwikritiT SwikritiT moved this from Needs Tests to Done in Infinite Scale Team Board Jan 16, 2023
@butonic butonic mentioned this issue Aug 19, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@butonic butonic

@SwikritiT SwikritiT

Labels
Priority:p2-high Escalation, on top of current planning, release blocker Type:Bug
Projects
Infinite Scale Team Board
Archived in project
Milestone
2.0.0 General Availability
Development

No branches or pull requests
4 participants
@dschmidt @butonic @micbar @SwikritiT