ocis icon indicating copy to clipboard operation
ocis copied to clipboard

Published 20 hours ago verified publisher icon owncloud

Shared mount folder gets deleted when overwritten by a file from personal space

Open SagarGi opened this issue 1 year ago • 5 comments

Description

When a user make an api request for copying a file from personal space on the top of the shared mounted root level folder then the whole shared folder and all the resources gets deleted.

Steps to reproduce a bug.

  1. Create 2 users test1 and test2
  2. test1 creates a file test1.txt
  3. test2 user creates a folder called test2-folder
  4. test2 user creates a file inside test2.txt inside test2-folder
  5. test2 folder shares the folder test2-folder with test1 with permission can edit.
  6. test1 accepts the shares
  7. test1 copy the file test1.txt to /test2-folder

curl request to perform step 7

curl -ks -utest1:<password> -X COPY -H "DESTINATION:https://localhost:9200/dav/spaces/<user-test1-virtual-share-id>/test2-folder/" https://localhost:9200/dav/spaces/<user-test1-space-id>/test1.txt -v | xmllint --format -

to get <user-test1-virtual-share-id> and <user-test1-space-id> use following curl command

curl -k -X GET 'https://host.docker.internal:9200/graph/v1.0/me/drives' -utest1:<password> | jq

Actual Behavior

The server gives 500 error.

< HTTP/1.1 500 Internal Server Error
< Access-Control-Allow-Origin: *
< Content-Length: 0
< Content-Security-Policy: default-src 'none';
< Date: Mon, 04 Sep 2023 11:17:39 GMT

Also the shared folder gets deleted both from shares space in test1 user and from personal space in test2.

Expected behavior

The behavior can not be performed from the UI but possible through API. Or such Behavior should be forbidden in ocis by giving status code 403. Needs some information and discussion regarding it.

Environment

oCIS= latest build

SagarGi avatar Sep 04 '23 11:09 SagarGi

similar to https://github.com/owncloud/ocis/issues/6739 ?

SwikritiT avatar Sep 05 '23 05:09 SwikritiT

Similar but in Personal space https://github.com/owncloud/ocis/issues/6983

saw-jan avatar Sep 05 '23 06:09 saw-jan

re-tested. I got 409 error. Probably we fixed it. but api tests still fail

curl -ks -ueinstein:relativity -X COPY -H "DESTINATION:https://localhost:9200/dav/spaces/a0ca6a90-a365-4782-871e-d44447bbc668$a0ca6a90-a365-4782-871e-d44447bbc668/f1" https://localhost:9200/dav/spaces/6ffe6045-c967-44ef-8210-0b269eaeabc6%244c510ada-c86b-4815-8820-42cdf82c3d51/New%20file.txt -v | xmllint --format -
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: O=Acme Corp; CN=OCIS
*  start date: Jan 11 13:17:56 2024 GMT
*  expire date: Jan 10 13:17:56 2025 GMT
*  issuer: O=Acme Corp; CN=OCIS
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Server auth using Basic with user 'einstein'
> COPY /dav/spaces/6ffe6045-c967-44ef-8210-0b269eaeabc6%244c510ada-c86b-4815-8820-42cdf82c3d51/New%20file.txt HTTP/1.1
> Host: localhost:9200
> Authorization: Basic ZWluc3RlaW46cmVsYXRpdml0eQ==
> User-Agent: curl/7.86.0
> Accept: */*
> DESTINATION:https://localhost:9200/dav/spaces/a0ca6a90-a365-4782-871e-d44447bbc668-a365-4782-871e-d44447bbc668/f1
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 409 Conflict

ScharfViktor avatar Jan 17 '24 16:01 ScharfViktor

Issue still exists.

Steps:

  1. admin creates file afile.txt
  2. demo creates folder myfolder
  3. demo shares myfolder with admin (editor role)
  4. admin tries to COPY afile.txt to myfolder 
curl -XCOPY "https://localhost:9200/dav/spaces/<personal-space-id>/afile.txt" \
-H"DESTINATION: https://localhost:9200/dav/spaces/<virtual-shares-drive-id>/myfolder" \
-uadmin:admin -vk

Result:

  • 500 Internal Server Error
  • admin lost the share
  • demo lost the myfolder folder -> moved to trashbin

saw-jan avatar Jan 22 '24 11:01 saw-jan

Issue still exists: Only the HTTP status code is different

Steps:

  1. admin creates a file testFile.txt
  2. einstein creates a folder shareFolder
  3. einstein shares a folder shareFolder with admin with Editor role (sharing API, or sharingNG-graph API)
  4. admin tries to COPY testFile.txt to shareFolder in Shares space 
curl -ks -uadmin:admin -X COPY -H "DESTINATION:https://localhost:9200/dav/spaces/a0ca6a90-a365-4782-871e-d44447bbc668\$a0ca6a90-a365-4782-871e-d44447bbc668/shareFolder" https://localhost:9200/dav/spaces/f3681943-78f1-415d-b84d-12ac5953b526\$ee17dd67-9574-49d6-9d69-fc75ea7ae07e/testFile.txt -v | xmllint --format -

Result:

  • HTTP/1.1 412 Precondition Failed
  • admin lost the share
  • einstein lost the shareFolder folder -> moved to trashbin

grgprarup avatar May 06 '24 10:05 grgprarup

Fixed in https://github.com/cs3org/reva/pull/4802 Related issue: https://github.com/owncloud/ocis/issues/9753

saw-jan avatar Aug 20 '24 12:08 saw-jan