Cannot move folder/file from one received share to another

[SwikritiT]

Describe the bug

Cannot move folder/file from one received share to another

Steps to reproduce

Steps to reproduce the behavior:

1. As user admin make a folder admin-folder with sub folder folder1
2. Share the folder admin-folder to user marie with permission all

curl -u admin:admin -X POST https://localhost:9200/ocs/v1.php/apps/files_sharing/api/v1/shares -d path="Admin-Folder" -d "shareType"=0 -d shareWith="marie" -d permissions=31  -kv

3. As user einstein make a folder einstein-folder
4. Share the folder einstein-folder to user marie with permission all

curl -u einstein:relativity -X POST https://localhost:9200/ocs/v1.php/apps/files_sharing/api/v1/shares -d path="Einstein-folder" -d "shareType"=0 -d shareWith="marie" -d permissions=31 -kv  

5. As maire accept both shares
6. As marie move folder Shares/admin-folder/folder1 to Shares/einstein-folder

curl -k 'https://localhost:9200/remote.php/webdav/Shares/Admin-Folder/folder2' -umarie:radioactivity -X MOVE -H'Destination: https://localhost:9200/remote.php/webdav/Shares/Einstein-folder/folder2' -v --insecure

Expected behavior

Like in OC10, the folder should be moved.

Actual behavior

It gives 400 error and the folder is not moved

curl -k 'https://localhost:9200/remote.php/webdav/Shares/Admin-Folder/folder2' -umarie:radioactivity -X MOVE -H'Destination: https://localhost:9200/remote.php/webdav/Shares/Einstein-folder/folder2' -v --insecure


*   Trying 127.0.0.1:9200...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: O=Acme Corp; CN=OCIS
*  start date: Aug  2 05:10:28 2021 GMT
*  expire date: Aug  2 05:10:28 2022 GMT
*  issuer: O=Acme Corp; CN=OCIS
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Server auth using Basic with user 'marie'
> MOVE /remote.php/webdav/Shares/Admin-Folder/folder2 HTTP/1.1
> Host: localhost:9200
> Authorization: Basic bWFyaWU6cmFkaW9hY3Rpdml0eQ==
> User-Agent: curl/7.68.0
> Accept: */*
> Destination: https://localhost:9200/remote.php/webdav/Shares/Einstein-folder/folder2
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad Request
< Access-Control-Allow-Origin: *
< Content-Length: 0
< Content-Security-Policy: default-src 'none';
< Date: Fri, 27 Aug 2021 05:27:31 GMT
< Vary: Origin
< X-Content-Type-Options: nosniff
< X-Download-Options: noopen
< X-Frame-Options: SAMEORIGIN
< X-Permitted-Cross-Domain-Policies: none
< X-Robots-Tag: none
< X-Xss-Protection: 1; mode=block
< 
* Connection #0 to host localhost left intact

Setup

Please describe how you started the server and provide a list of relevant environment variables.

OCIS_VERSION=vX.X.X
BRANCH=vX.X.X
STORAGE_FRONTEND_UPLOAD_DISABLE_TUS=false

Additional context

Add any other context about the problem here.

[micbar]

@SwikritiT Is that scenario part of the expected failures?

[phil-davis]

I don't see any mention in the expected-failures files. @SwikritiT there should be an API test scenario for this in the core API test suite. Please have a look. If there is no test scenario, then create one.

[phil-davis]

It looks like this will be fixed by cs3org/reva#2026 - and that removes a lot of scenarios from expected-failures. So I guess there are API test scenarios that do this, they had other reasons in the past for failing.

[SwikritiT]

@phil-davis @micbar https://github.com/owncloud/core/blob/901157f2b3d0ba1f36b1e4d22c8384e255094b11/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L194
There's this scenario that fails because of this issue.

[phil-davis]

When I look for updateshare.feature:194 in PR https://github.com/cs3org/reva/pull/2026/files I see that is is removed from expected-failures by the fix in that PR. That confirms that the PR fixes this issue - good.

[saw-jan]

This issue still relevant on oCIS and the related tests are in expected-failure file

ocis/tests/acceptance/expected-failures-API-on-OCIS-storage.md

Line 896 in 50f2be7

#### [Cannot move folder/file from one received share to another](https://github.com/owncloud/ocis/issues/2442)

curl  -XMOVE -umarie:radioactivity 'https://host.docker.internal:9200/remote.php/webdav/Shares/Admin-Folder/folder2' \
-H'Destination: https://host.docker.internal:9200/remote.php/webdav/Shares/Einstein-folder/folder2' -vk

< HTTP/1.1 400 Bad Request
< Access-Control-Allow-Origin: *
< Content-Length: 0
< Content-Security-Policy: default-src 'none';
< Date: Tue, 19 Apr 2022 06:24:54 GMT
< Vary: Origin
< X-Content-Type-Options: nosniff
< X-Download-Options: noopen
< X-Frame-Options: SAMEORIGIN
< X-Permitted-Cross-Domain-Policies: none
< X-Robots-Tag: none
< X-Xss-Protection: 1; mode=block

CC @phil-davis

[saw-jan]

Also moving outside of the Shares folder gives 501 Not Implemented.
test scenario: https://github.com/owncloud/core/blob/e98e41f6b29ee7fb69e2cd1fe27c8a886804e7d5/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L163

curl  -XMOVE -umarie:radioactivity 'https://host.docker.internal:9200/remote.php/webdav/Shares/Admin-Folder/folder2' \
-H'Destination: https://host.docker.internal:9200/remote.php/webdav/folder2' -vk

< HTTP/1.1 501 Not Implemented
< Access-Control-Allow-Origin: *
< Content-Length: 0
< Content-Security-Policy: default-src 'none';
< Date: Tue, 19 Apr 2022 06:31:27 GMT
< Vary: Origin
< X-Content-Type-Options: nosniff
< X-Download-Options: noopen
< X-Frame-Options: SAMEORIGIN
< X-Permitted-Cross-Domain-Policies: none
< X-Robots-Tag: none
< X-Xss-Protection: 1; mode=block

[amrita-shrestha]

Currently, moving outside of the Shares folder gives 502 Bad Gateway.

curl -XMOVE 'https://localhost:9200/remote.php/dav/spaces/a0ca6a90-a365-4782-871e-d44447bbc668!aafeb67a-4a2a-483a-a91f-f475a8a032f2%3A4ddb10d2-3237-4be1-ba45-80a06cb76b69%3Aa9e1f8a3-34a8-46e1-8660-ce8a584bcc62/hello.txt' \
-H 'Destination: https://localhost:9200/remote.php/dav/spaces/aafeb67a-4a2a-483a-a91f-f475a8a032f2%244c510ada-c86b-4815-8820-42cdf82c3d51/hello.txt' 

<?xml version="1.0" encoding="UTF-8"?>
<d:error xmlns:d="DAV" xmlns:s="http://sabredav.org/ns">
    <s:exception></s:exception>
    <s:message>gateway does not support cross storage move, use copy and delete</s:message>
</d:error

[saw-jan]

Same as #8063
Fixed by cs3org/reva#4439

file/folder cannot be moved between different shares. server will return 403
UPDATE: server will return 502 (ref: #8063 (comment))