ocis
ocis copied to clipboard
owncloud
PATCH request for TUS upload with wrong checksum gives incorrect response
Describe the bug
According to the TUS checksum extension description in https://tus.io/protocols/resumable-upload.html#checksum when a PATCH request is send with an Upload-Checksum header depending on the result the server may respond with one of the following status code:
1.400 Bad Request if the checksum algorithm is not supported by the server
2. 460 Checksum Mismatch if the checksums mismatch
3. 204 No Content if the checksums match and the processing of the data succeeded
But when we send PATCH request with wrong checksum then instead of 460 Checksum Mismatch we get 204 No Content
Steps to reproduce
Steps to reproduce the behavior:
- Create a base64 encoding of a file name
-
echo -n "textFile.txt" | base64(example dGV4dEZpbGUudHh0)
- As user Einstein send a
POSTrequest to create resource which will give a resource location url.
curl -k -X POST -u einstein:relativity https://localhost:9200/remote.php/dav/files/Einstein/ -H 'Tus-Resumable: 1.0.0' -H 'Upload-Length: 5' -H 'Upload-Metadata: filename dGV4dEZpbGUudHh0' -v
- User Einstein send
PATCHrequest to upload data to the location url along with a wrong checkum For example: correct sha1sum for '12345' is8cb2237d0679ca88db6464eac60da96345513964but we are sending wrong value i.e.01b307acba4f54f55aafc33bb06bbbf6ca803e9a:
curl -k -X PATCH <your TUS resource Location> -u einstein:relativity -H 'Content-Type: application/offset+octet-stream' -H 'Tus-Resumable: 1.0.0' -H 'Upload-Offset: 0' -H'Upload-Checksum:sha1 01b307acba4f54f55aafc33bb06bbbf6ca803e9a' -d '12345' -v
Expected behavior
HTTP/1.1 460 Checksum Mismatch
Tus-Resumable: 1.0.0
Upload-Offset: 5
Actual behavior
HTTP/1.1 204 No content
Tus-Resumable: 1.0.0
Upload-Offset: 5
While doing PROPFIND it can be seen that the file textFile.txt has been created and it gives the correct checksum and ignores the incorrect checksum send during PATCH request.
curl -X PROPFIND -u einstein:relativity https://localhost:9200/remote.php/webdav -k | xmllint --format -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1676 100 1676 0 0 27032 0 --:--:-- --:--:-- --:--:-- 27032
<?xml version="1.0" encoding="utf-8"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns">
<d:response>
<d:href>/remote.php/webdav/</d:href>
<d:propstat>
<d:prop>
<oc:id>MTI4NGQyMzgtYWE5Mi00MmNlLWJkYzQtMGIwMDAwMDA5MTU3OjA2OTRjZjY4LWYxOGUtNDY1ZC1hMzlkLTEzNWFkM2RkMjg3ZA==</oc:id>
<oc:fileid>MTI4NGQyMzgtYWE5Mi00MmNlLWJkYzQtMGIwMDAwMDA5MTU3OjA2OTRjZjY4LWYxOGUtNDY1ZC1hMzlkLTEzNWFkM2RkMjg3ZA==</oc:fileid>
<d:getetag>"7bdfa13e5b7a5a4cdd27fb7550617b10"</d:getetag>
<oc:permissions>DNVCKR</oc:permissions>
<d:resourcetype>
<d:collection/>
</d:resourcetype>
<oc:size>5</oc:size>
<d:getlastmodified>Thu, 04 Mar 2021 06:38:01 GMT</d:getlastmodified>
<oc:favorite>0</oc:favorite>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
</d:response>
<d:response>
<d:href>/remote.php/webdav/textFile.txt</d:href>
<d:propstat>
<d:prop>
<oc:id>MTI4NGQyMzgtYWE5Mi00MmNlLWJkYzQtMGIwMDAwMDA5MTU3Ojg2NzI2NzA5LTNlOTQtNDcxZS04YTAyLTAzOTdlMzdjYzdhYw==</oc:id>
<oc:fileid>MTI4NGQyMzgtYWE5Mi00MmNlLWJkYzQtMGIwMDAwMDA5MTU3Ojg2NzI2NzA5LTNlOTQtNDcxZS04YTAyLTAzOTdlMzdjYzdhYw==</oc:fileid>
<d:getetag>"a5cf632982d978b971264c7edddb2738"</d:getetag>
<oc:permissions>DNVWR</oc:permissions>
<d:resourcetype/>
<d:getcontentlength>5</d:getcontentlength>
<d:getcontenttype>text/plain; charset=utf-8</d:getcontenttype>
<d:getlastmodified>Thu, 04 Mar 2021 06:38:01 GMT</d:getlastmodified>
<oc:checksums>
<oc:checksum>SHA1:8cb2237d0679ca88db6464eac60da96345513964 MD5:827ccb0eea8a706c4c34a16891f84e7b ADLER32:02f80100</oc:checksum>
</oc:checksums>
<oc:favorite>0</oc:favorite>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
</d:response>
</d:multistatus>
