Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Interoperability failure retrieving list of sharees #15838

Closed
Tracked by #15840
dkocher opened this issue Apr 16, 2024 · 8 comments · Fixed by #15840
Closed
Tracked by #15840

Interoperability failure retrieving list of sharees #15838

dkocher opened this issue Apr 16, 2024 · 8 comments · Fixed by #15840
Assignees
@dkocher
Labels
owncloud ownCloud Server
Milestone
8.9.0

Comments

@dkocher
Copy link
Contributor

dkocher commented Apr 16, 2024

Sharing a file or folder fails with Bad Request. search must not be empty. Please contact your web hosting service provider for assistance. when connected to oCIS.

HTTP/1.1 400 Bad Request
Content-Length: 156
Content-Type: text/xml; charset=utf-8
Date: Tue, 16 Apr 2024 08:16:52 GMT
Ocs-Api-Version: 2
Vary: Origin
X-Request-Id: bf1ed42bf42f/8qs05uaikb-001716

<?xml version="1.0" encoding="UTF-8"?>
<ocs><meta><status>error</status><statuscode>400</statuscode><message>search must not be empty</message></meta></ocs>
@dkocher dkocher added the owncloud ownCloud Server label Apr 16, 2024
@dkocher dkocher added this to the 8.8.3 milestone Apr 16, 2024
@dkocher dkocher self-assigned this Apr 16, 2024
@dkocher
Copy link
Contributor Author

dkocher commented Apr 16, 2024

According to 1 the OCS API is deprecated and we should probably aim to support sharing via LibreGraph API.

Footnotes

  1. https://owncloud.dev/ocis/adr/0022-sharing-and-space-management-api/#new-ocs-api-version

@dkocher dkocher changed the title Interoperability failure sharing file Interoperability failure retrieving list of sharees Apr 16, 2024
@dkocher
Copy link
Contributor Author

dkocher commented Apr 16, 2024

Originally implemented for #14197.

@dkocher
Copy link
Contributor Author

dkocher commented Apr 16, 2024

Relates to #14166.

@dkocher dkocher mentioned this issue Apr 16, 2024
Closed
@dkocher dkocher linked a pull request Apr 16, 2024 that will close this issue
Review OCS extensions #15840
Merged
3 tasks
@dkocher dkocher mentioned this issue Apr 16, 2024
Merged
3 tasks
@micbar
Copy link

micbar commented Apr 18, 2024

Can you please post the request to better understand the context?

@dkocher
Copy link
Contributor Author

dkocher commented Apr 19, 2024

This is the HTTP transcript ✅ with demo.owncloud.com

GET /ocs/v1.php/apps/files_sharing/api/v1/sharees?lookup=true&shareType=0&itemType=file HTTP/1.1
OCS-APIRequest: true
Accept: application/xml
Host: demo.owncloud.com
Connection: Keep-Alive
User-Agent: Cyberduck/8.8.3.41360 (Mac OS X/14.4.1) (aarch64)
Accept-Encoding: gzip,deflate
Authorization: Basic ***

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Content-Length: 173
Content-Security-Policy: default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'
Content-Type: application/xml; charset=utf-8
Date: Fri, 19 Apr 2024 09:58:59 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Server: Apache
Set-Cookie: oc_sessionPassphrase=JdoUXqcN%2Bk67%2BQjgf8v%2FrebLvJajmLE8Y4biJd7P7Wn9ci0lb4%2BOvAj09cQcTXzGx4cnJBKcal1vzeIXR7vViP5tV17WN8%2B8X1IXgc12Mvx59B1BbO%2FQAP6Esv9gc4NJ; expires=Fri, 19-Apr-2024 10:18:59 GMT; Max-Age=1200; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=315360000; preload
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-Xss-Protection: 0

<?xml version="1.0"?>
<ocs>
 <meta>
  <status>ok</status>
  <statuscode>100</statuscode>
  <message>OK</message>
  <totalitems></totalitems>
  <itemsperpage></itemsperpage>
 </meta>
 <data>
  <exact>
   <users/>
   <groups/>
   <remotes/>
  </exact>
  <users/>
  <groups/>
  <remotes/>
 </data>
</ocs>

compared to the HTTP transcript 🔴 with ocis.ocis-keycloak.latest.owncloud.works

GET /ocs/v1.php/apps/files_sharing/api/v1/sharees?lookup=true&shareType=0&itemType=file HTTP/1.1
OCS-APIRequest: true
Accept: application/xml
Host: ocis.ocis-keycloak.latest.owncloud.works
Connection: Keep-Alive
User-Agent: Cyberduck/8.8.3.41360 (Mac OS X/14.4.1) (aarch64)
Accept-Encoding: gzip,deflate

HTTP/1.1 200 OK
Content-Length: 156
Content-Type: text/xml; charset=utf-8
Date: Fri, 19 Apr 2024 10:03:43 GMT
Ocs-Api-Version: 1
Vary: Origin
X-Request-Id: 99f613002519/1BVTOuqA6z-001079

<?xml version="1.0" encoding="UTF-8"?>
<ocs><meta><status>error</status><statuscode>400</statuscode><message>search must not be empty</message></meta></ocs>

(The previous 400 Bad Request was when requesting the v2.php /ocs/v2.php/apps/files_sharing/api/v1/sharees?lookup=true&shareType=0&itemType=file)

@micbar
Copy link

micbar commented Apr 19, 2024

Thanks for the details.

This is security related. In infinite scale, we do not accept a sharee search request without a search term. We don't want to be able to list all possible users. That would disclose too much information.

Example Request

search=ein

curl 'https://ocis.ocis-wopi.released.owncloud.works/ocs/v2.php/apps/files_sharing/api/v1/sharees?search=ein&itemType=folder&page=1&perPage=200&format=json' \
  -H 'accept: */*' \
  -H 'accept-language: en' \
  -H 'authorization: Bearer <access-token>' \
  -H 'cache-control: no-cache' \
  -H 'ocs-apirequest: true' \

Response

{
  "ocs": {
    "meta": {
      "status": "ok",
      "statuscode": 200,
      "message": "OK"
    },
    "data": {
      "exact": {
        "users": [],
        "groups": [],
        "remotes": []
      },
      "users": [
        {
          "label": "Albert Einstein",
          "value": {
            "shareType": 0,
            "shareWith": "einstein",
            "shareWithProvider": "",
            "shareWithAdditionalInfo": "einstein@example.org",
            "userType": 0
          }
        }
      ],
      "groups": [],
      "remotes": []
    }
  }
}

@dkocher
Copy link
Contributor Author

dkocher commented Apr 19, 2024

Thanks for the clarification @micbar.

dkocher added a commit that referenced this issue Apr 19, 2024
@dkocher
Ignore unsupported feature. Fix #15838.
bb859c1
@dkocher
Copy link
Contributor Author

dkocher commented Apr 19, 2024

In bb859c1.

@dkocher dkocher closed this as completed Apr 19, 2024
dkocher added a commit that referenced this issue Apr 19, 2024
@dkocher
Ignore unsupported feature. Fix #15838.
1b7013f
ylangisc added a commit that referenced this issue Apr 24, 2024
@ylangisc
Merge pull request #15840 from iterate-ch/bugfix/GH-15838
914ac40 
Review OCS extensions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dkocher dkocher

Labels
owncloud ownCloud Server
Projects
None yet
Milestone
8.9.0
Development

Successfully merging a pull request may close this issue.

Review OCS extensions iterate-ch/cyberduck
2 participants
@dkocher @micbar