ocis icon indicating copy to clipboard operation
ocis copied to clipboard

Published 20 hours ago verified publisher icon owncloud

REPORT request to dav endpoints without `remote.php` returns 405 method not allowed

Open nabim777 opened this issue 1 year ago • 5 comments

Describe the bug

When making API request to search a file by tag and not using remote.php in the destination URL, then we get the following results:

  • for new and old dav path version it returns status code 405
  • for spaces dev path version it returns files only from personal spaces

Steps to reproduce

Steps to reproduce the behavior:

  1. Create a file personalFile.txt in personal space
  2. Create a space Project
  3. Create a file space.txt inside project space Project
  4. Asign a tag tag1 in both file personalFile.txt and space.txt
  5. Search a file using tag tag1 with following curl command in different dav path version:
for old dav path version: 
curl -kv -XREPORT https://localhost:9200/webdav \                                                                                                                                       
-u admin:admin \
-d "<?xml version='1.0' encoding='utf-8' ?>
<oc:search-files xmlns:a='DAV:' xmlns:oc='http://owncloud.org/ns' >
<oc:search>
<oc:pattern>Tags:tag1</oc:pattern>
</oc:search>
</oc:search-files>" | xmllint --format -
for new dav path version: 

curl -kv -XREPORT https://localhost:9200/dav/files/admin \                                                                                                                              
-u admin:admin \
-d "<?xml version='1.0' encoding='utf-8' ?>
<oc:search-files xmlns:a='DAV:' xmlns:oc='http://owncloud.org/ns' >
<oc:search>
<oc:pattern>Tags:tag1</oc:pattern>
</oc:search>
</oc:search-files>" | xmllint --format -
for spaces dav path version: 

curl -kv -XREPORT https://localhost:9200/dav/spaces/<Marie-personal-space-id> \                                                                                                                              
-u admin:admin \
-d "<?xml version='1.0' encoding='utf-8' ?>
<oc:search-files xmlns:a='DAV:' xmlns:oc='http://owncloud.org/ns' >
<oc:search>
<oc:pattern>Tags:tag1</oc:pattern>
</oc:search>
</oc:search-files>" | xmllint --format -

Expected behavior

The expected response should be same as using remote.php in the endpoint

for old dav path version: 
< HTTP/1.1 207 Multi-Status
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate, value
< Content-Length: 1847
< Content-Range: rows 0-1/2
< Content-Security-Policy: frame-ancestors 'none'
< Content-Type: application/xml; charset=utf-8
< Date: Thu, 03 Aug 2023 06:38:09 GMT
< Dav: 1, 3, extended-mkcol
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Last-Modified: Thu, 03 Aug 2023 06:38:09 GMT
< Vary: Origin
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-Request-Id: nabin-OptiPlex-3050/u2704Ztkec-002986
< X-Webdav-Version: 3.1.0-beta.1+92d94afb20
< 
{ [627 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
100  2033  100  1847  100   186  23774   2394 --:--:-- --:--:-- --:--:-- 26402
* Connection #0 to host localhost left intact
<?xml version="1.0"?>
<d:multistatus xmlns:s="http://sabredav.org/ns" xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns">
  <d:response>
    <d:href>/remote.php/dav/spaces/9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$ee621d91-9363-4164-a970-775b4eefed74/space.txt</d:href>
    <d:propstat>
      <d:prop>
        <oc:fileid>9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$ee621d91-9363-4164-a970-775b4eefed74!383e22e5-35d6-43be-aa9a-1fe6b0c72e2e</oc:fileid>
        <oc:file-parent>9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$ee621d91-9363-4164-a970-775b4eefed74!ee621d91-9363-4164-a970-775b4eefed74</oc:file-parent>
        <oc:name>space.txt</oc:name>
        <d:getlastmodified>2023-08-03T06:37:04Z</d:getlastmodified>
        <d:getcontenttype>text/plain</d:getcontenttype>
        <oc:permissions>RDNVW</oc:permissions>
        <oc:highlights/>
        <oc:tags>tag1</oc:tags>
        <d:getetag/>
        <d:resourcetype/>
        <d:getcontentlength>0</d:getcontentlength>
        <oc:score>5.363422393798828</oc:score>
      </d:prop>
      <d:status>HTTP/1.1 200 OK</d:status>
    </d:propstat>
  </d:response>
  <d:response>
    <d:href>/remote.php/dav/spaces/9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$faa55102-57df-4539-8a4a-5a1b03560e89/personal.txt</d:href>
    <d:propstat>
      <d:prop>
        <oc:fileid>9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$faa55102-57df-4539-8a4a-5a1b03560e89!f6b497f9-9e0a-4d0b-83dd-cfcdc3f949d3</oc:fileid>
        <oc:file-parent>9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$faa55102-57df-4539-8a4a-5a1b03560e89!faa55102-57df-4539-8a4a-5a1b03560e89</oc:file-parent>
        <oc:name>personal.txt</oc:name>
        <d:getlastmodified>2023-08-02T09:32:53Z</d:getlastmodified>
        <d:getcontenttype>text/plain</d:getcontenttype>
        <oc:permissions>RDNVW</oc:permissions>
        <oc:highlights/>
        <oc:tags>tag1</oc:tags>
        <d:getetag/>
        <d:resourcetype/>
        <d:getcontentlength>5</d:getcontentlength>
        <oc:score>4.950923442840576</oc:score>
      </d:prop>
      <d:status>HTTP/1.1 200 OK</d:status>
    </d:propstat>
  </d:response>
</d:multistatus>
for new dav path version: 

< HTTP/1.1 207 Multi-Status
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate, value
< Content-Length: 1847
< Content-Range: rows 0-1/2
< Content-Security-Policy: frame-ancestors 'none'
< Content-Type: application/xml; charset=utf-8
< Date: Thu, 03 Aug 2023 06:40:10 GMT
< Dav: 1, 3, extended-mkcol
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Last-Modified: Thu, 03 Aug 2023 06:40:10 GMT
< Vary: Origin
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-Request-Id: nabin-OptiPlex-3050/u2704Ztkec-002988
< X-Webdav-Version: 3.1.0-beta.1+92d94afb20
< 
{ [627 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
100  2033  100  1847  100   186  23867   2403 --:--:-- --:--:-- --:--:-- 26402
* Connection #0 to host localhost left intact
<?xml version="1.0"?>
<d:multistatus xmlns:s="http://sabredav.org/ns" xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns">
  <d:response>
    <d:href>/remote.php/dav/spaces/9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$ee621d91-9363-4164-a970-775b4eefed74/space.txt</d:href>
    <d:propstat>
      <d:prop>
        <oc:fileid>9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$ee621d91-9363-4164-a970-775b4eefed74!383e22e5-35d6-43be-aa9a-1fe6b0c72e2e</oc:fileid>
        <oc:file-parent>9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$ee621d91-9363-4164-a970-775b4eefed74!ee621d91-9363-4164-a970-775b4eefed74</oc:file-parent>
        <oc:name>space.txt</oc:name>
        <d:getlastmodified>2023-08-03T06:37:04Z</d:getlastmodified>
        <d:getcontenttype>text/plain</d:getcontenttype>
        <oc:permissions>RDNVW</oc:permissions>
        <oc:highlights/>
        <oc:tags>tag1</oc:tags>
        <d:getetag/>
        <d:resourcetype/>
        <d:getcontentlength>0</d:getcontentlength>
        <oc:score>5.363422393798828</oc:score>
      </d:prop>
      <d:status>HTTP/1.1 200 OK</d:status>
    </d:propstat>
  </d:response>
  <d:response>
    <d:href>/remote.php/dav/spaces/9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$faa55102-57df-4539-8a4a-5a1b03560e89/personal.txt</d:href>
    <d:propstat>
      <d:prop>
        <oc:fileid>9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$faa55102-57df-4539-8a4a-5a1b03560e89!f6b497f9-9e0a-4d0b-83dd-cfcdc3f949d3</oc:fileid>
        <oc:file-parent>9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$faa55102-57df-4539-8a4a-5a1b03560e89!faa55102-57df-4539-8a4a-5a1b03560e89</oc:file-parent>
        <oc:name>personal.txt</oc:name>
        <d:getlastmodified>2023-08-02T09:32:53Z</d:getlastmodified>
        <d:getcontenttype>text/plain</d:getcontenttype>
        <oc:permissions>RDNVW</oc:permissions>
        <oc:highlights/>
        <oc:tags>tag1</oc:tags>
        <d:getetag/>
        <d:resourcetype/>
        <d:getcontentlength>5</d:getcontentlength>
        <oc:score>4.950923442840576</oc:score>
      </d:prop>
      <d:status>HTTP/1.1 200 OK</d:status>
    </d:propstat>
  </d:response>
</d:multistatus>
for spaces dav path version: 

< HTTP/1.1 207 Multi-Status
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate, value
< Content-Length: 1847
< Content-Range: rows 0-1/2
< Content-Security-Policy: frame-ancestors 'none'
< Content-Type: application/xml; charset=utf-8
< Date: Thu, 03 Aug 2023 06:41:59 GMT
< Dav: 1, 3, extended-mkcol
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Last-Modified: Thu, 03 Aug 2023 06:41:59 GMT
< Vary: Origin
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-Request-Id: nabin-OptiPlex-3050/u2704Ztkec-002990
< X-Webdav-Version: 3.1.0-beta.1+92d94afb20
< 
{ [627 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
100  2033  100  1847  100   186  24772   2494 --:--:-- --:--:-- --:--:-- 27472
* Connection #0 to host localhost left intact
<?xml version="1.0"?>
<d:multistatus xmlns:s="http://sabredav.org/ns" xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns">
  <d:response>
    <d:href>/remote.php/dav/spaces/9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$ee621d91-9363-4164-a970-775b4eefed74/space.txt</d:href>
    <d:propstat>
      <d:prop>
        <oc:fileid>9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$ee621d91-9363-4164-a970-775b4eefed74!383e22e5-35d6-43be-aa9a-1fe6b0c72e2e</oc:fileid>
        <oc:file-parent>9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$ee621d91-9363-4164-a970-775b4eefed74!ee621d91-9363-4164-a970-775b4eefed74</oc:file-parent>
        <oc:name>space.txt</oc:name>
        <d:getlastmodified>2023-08-03T06:37:04Z</d:getlastmodified>
        <d:getcontenttype>text/plain</d:getcontenttype>
        <oc:permissions>RDNVW</oc:permissions>
        <oc:highlights/>
        <oc:tags>tag1</oc:tags>
        <d:getetag/>
        <d:resourcetype/>
        <d:getcontentlength>0</d:getcontentlength>
        <oc:score>5.363422393798828</oc:score>
      </d:prop>
      <d:status>HTTP/1.1 200 OK</d:status>
    </d:propstat>
  </d:response>
  <d:response>
    <d:href>/remote.php/dav/spaces/9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$faa55102-57df-4539-8a4a-5a1b03560e89/personal.txt</d:href>
    <d:propstat>
      <d:prop>
        <oc:fileid>9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$faa55102-57df-4539-8a4a-5a1b03560e89!f6b497f9-9e0a-4d0b-83dd-cfcdc3f949d3</oc:fileid>
        <oc:file-parent>9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$faa55102-57df-4539-8a4a-5a1b03560e89!faa55102-57df-4539-8a4a-5a1b03560e89</oc:file-parent>
        <oc:name>personal.txt</oc:name>
        <d:getlastmodified>2023-08-02T09:32:53Z</d:getlastmodified>
        <d:getcontenttype>text/plain</d:getcontenttype>
        <oc:permissions>RDNVW</oc:permissions>
        <oc:highlights/>
        <oc:tags>tag1</oc:tags>
        <d:getetag/>
        <d:resourcetype/>
        <d:getcontentlength>5</d:getcontentlength>
        <oc:score>4.950923442840576</oc:score>
      </d:prop>
      <d:status>HTTP/1.1 200 OK</d:status>
    </d:propstat>
  </d:response>
</d:multistatus>

Actual behavior

for old dav path version: 

< HTTP/1.1 405 Method Not Allowed
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate, value
< Content-Length: 0
< Content-Security-Policy: frame-ancestors 'self'
< Date: Thu, 03 Aug 2023 06:43:21 GMT
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Last-Modified: Thu, 03 Aug 2023 06:43:21 GMT
< Vary: Origin
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Request-Id: nabin-OptiPlex-3050/u2704Ztkec-003066
< X-Web-Version: 3.1.0-beta.1+92d94afb20
for new new path version: 

< HTTP/1.1 405 Method Not Allowed
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate, value
< Content-Length: 0
< Content-Security-Policy: frame-ancestors 'self'
< Date: Thu, 03 Aug 2023 06:48:08 GMT
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Last-Modified: Thu, 03 Aug 2023 06:48:08 GMT
< Vary: Origin
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Request-Id: nabin-OptiPlex-3050/u2704Ztkec-003142
< X-Web-Version: 3.1.0-beta.1+92d94afb20
for spaces new path version: 

< HTTP/1.1 207 Multi-Status
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate, value
< Content-Length: 1847
< Content-Range: rows 0-1/2
< Content-Security-Policy: frame-ancestors 'none'
< Content-Type: application/xml; charset=utf-8
< Date: Thu, 03 Aug 2023 06:49:43 GMT
< Dav: 1, 3, extended-mkcol
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Last-Modified: Thu, 03 Aug 2023 06:49:43 GMT
< Vary: Origin
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-Request-Id: nabin-OptiPlex-3050/u2704Ztkec-003146
< X-Webdav-Version: 3.1.0-beta.1+92d94afb20
< 
{ [627 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
100  2033  100  1847  100   186  24731   2490 --:--:-- --:--:-- --:--:-- 27472
* Connection #0 to host localhost left intact
<?xml version="1.0"?>
<d:multistatus xmlns:s="http://sabredav.org/ns" xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns">
  <d:response>
    <d:href>/remote.php/dav/spaces/9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$faa55102-57df-4539-8a4a-5a1b03560e89/personal.txt</d:href>
    <d:propstat>
      <d:prop>
        <oc:fileid>9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$faa55102-57df-4539-8a4a-5a1b03560e89!f6b497f9-9e0a-4d0b-83dd-cfcdc3f949d3</oc:fileid>
        <oc:file-parent>9f9fbd5f-3099-4eae-a3b4-e3ab1b939902$faa55102-57df-4539-8a4a-5a1b03560e89!faa55102-57df-4539-8a4a-5a1b03560e89</oc:file-parent>
        <oc:name>personal.txt</oc:name>
        <d:getlastmodified>2023-08-02T09:32:53Z</d:getlastmodified>
        <d:getcontenttype>text/plain</d:getcontenttype>
        <oc:permissions>RDNVW</oc:permissions>
        <oc:highlights/>
        <oc:tags>tag1</oc:tags>
        <d:getetag/>
        <d:resourcetype/>
        <d:getcontentlength>5</d:getcontentlength>
        <oc:score>4.950923442840576</oc:score>
      </d:prop>
      <d:status>HTTP/1.1 200 OK</d:status>
    </d:propstat>
  </d:response>
</d:multistatus>

nabim777 avatar Aug 03 '23 07:08 nabim777