server
server copied to clipboard
nextcloud
CalDAV birthday calendar: modifying birthdays should return 403 instead of 404
Currently, modifying birthday events in the birthday calendar (the one which is automatically created and filled with contact birthdays by Nextcloud) over CalDAV PUT returns HTTP 404 with this message:
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
<s:exception>Sabre\DAV\Exception\NotFound</s:exception>
<s:message>Node with name 'contacts-pas-id-565B107600000032.vcf.ics' could not be found</s:message>
</d:error>
(Reference: https://forums.bitfire.at/post/10439)
I think it would be better to return 403 Forbidden on PUT, because the iCalendar resource exists when downloading it. 404 would mean that there is no representation for this resource. With 403, clients and users can see that the resource is available, but cannot be modified.
GitMate.io thinks possibly related issues are https://github.com/nextcloud/server/issues/8766 (Caldav ), https://github.com/nextcloud/server/issues/5077 (Propatch to birthday calendar returns 404), https://github.com/nextcloud/server/issues/8529 (NC 13: disable birthday calendar returns 302 with no feedback), https://github.com/nextcloud/server/issues/3003 (Disable birthday contacts calendar generation for user), and https://github.com/nextcloud/server/pull/10761 ([stable13] Fix call to OC.generateUrl for caldav birthday calendar on/off).
Hi, please update to 24.0.8 or better 25.0.2 and report back if it fixes the issue. Thank you!
Still happening on 25.0.4. To reproduce:
- Create the file
event.icswith this contents:BEGIN:VCALENDAR VERSION:2.0 PRODID:-//ical.marudot.com//iCal Event Maker CALSCALE:GREGORIAN BEGIN:VTIMEZONE TZID:Europe/London LAST-MODIFIED:20201011T015911Z TZURL:http://tzurl.org/zoneinfo-outlook/Europe/London X-LIC-LOCATION:Europe/London BEGIN:DAYLIGHT TZNAME:BST TZOFFSETFROM:+0000 TZOFFSETTO:+0100 DTSTART:19700329T010000 RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU END:DAYLIGHT BEGIN:STANDARD TZNAME:GMT TZOFFSETFROM:+0100 TZOFFSETTO:+0000 DTSTART:19701025T020000 RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU END:STANDARD END:VTIMEZONE BEGIN:VEVENT DTSTAMP:20230321T093324Z UID:[email protected] DTSTART;VALUE=DATE:20230321 DTEND;VALUE=DATE:20230322 SUMMARY:Testing Event DESCRIPTION:This is a testing event. END:VEVENT END:VCALENDAR - Run this command on the same directory than the file:
Note: Replacecurl https://<server>/remote.php/dav/calendars/<username>/contact_birthdays/ -u <username>:<password> -X PUT -d @event.ics<server>,<username>and<password>accordingly. - The response given by the server is:
<?xml version="1.0" encoding="utf-8"?> <d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns"> <s:exception>Sabre\DAV\Exception\NotFound</s:exception> <s:message>Node with name 'contact_birthdays' could not be found</s:message> </d:error>
This is misleading, and is technically not true. As stated by @rfc2822, the returned error should be 403 Forbidden.
Short addition: If possible, it would be helpful if the error message could be more precise. Suggestion: "Contact birthdays is read-only. Please edit the contact itself to change this resource".
