From 5b9c783cb56f27d592a8492e47dfb5800181b7fe Mon Sep 17 00:00:00 2001
From: Max <max@nextcloud.com>
Date: Mon, 6 Mar 2023 11:05:54 +0100
Subject: [PATCH] fix: 403 when session is closed during push

Signed-off-by: Max <max@nextcloud.com>
---
 cypress/support/sessions.js |  7 ++++++-
 lib/Service/ApiService.php  | 29 ++++++++++++++++++++---------
 2 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/cypress/support/sessions.js b/cypress/support/sessions.js
index 2f243bb20a7..587edae7542 100644
--- a/cypress/support/sessions.js
+++ b/cypress/support/sessions.js
@@ -57,7 +57,12 @@ Cypress.Commands.add('pushAndClose', ({ connection, steps, version, awareness =
 	cy.log('Race between push and close')
 		.then(() => {
 			const push = connection.push({ steps, version, awareness })
-				.catch(e => e) // handle 403 gracefully
+				.catch(error => {
+					 // handle 403 gracefully
+					 if (error.response?.status !== 403) {
+						 throw error
+					 }
+				})
 			const close = connection.close()
 			return Promise.all([push, close])
 		})
diff --git a/lib/Service/ApiService.php b/lib/Service/ApiService.php
index b85c8069d96..4b754fcede1 100644
--- a/lib/Service/ApiService.php
+++ b/lib/Service/ApiService.php
@@ -194,20 +194,31 @@ public function push($documentId, $sessionId, $sessionToken, $version, $steps, $
 			return new DataResponse([], 403);
 		}
 		$session = $this->sessionService->getSession($documentId, $sessionId, $sessionToken);
-		$this->sessionService->updateSessionAwareness($documentId, $sessionId, $sessionToken, $awareness);
+		if (!$session) {
+			return new DataResponse([], 403);
+		}
+		try {
+			$this->sessionService->updateSessionAwareness($documentId, $sessionId, $sessionToken, $awareness);
+		} catch (DoesNotExistException $e) {
+			// Session was removed in the meantime. #3875
+			return new DataResponse([], 403);
+		}
 		if (empty($steps)) {
 			return new DataResponse([]);
 		}
 		$file = $this->documentService->getFileForSession($session, $token);
-		if (!$this->documentService->isReadOnly($file, $token)) {
-			try {
-				$result = $this->documentService->addStep($documentId, $sessionId, $steps, $version);
-			} catch (InvalidArgumentException $e) {
-				return new DataResponse($e->getMessage(), 422);
-			}
-			return new DataResponse($result);
+		if ($this->documentService->isReadOnly($file, $token)) {
+			return new DataResponse([], 403);
+		}
+		try {
+			$result = $this->documentService->addStep($documentId, $sessionId, $steps, $version);
+		} catch (InvalidArgumentException $e) {
+			return new DataResponse($e->getMessage(), 422);
+		} catch (DoesNotExistException $e) {
+			// Session was removed in the meantime. #3875
+			return new DataResponse([], 403);
 		}
-		return new DataResponse([], 403);
+		return new DataResponse($result);
 	}
 
 	public function sync($documentId, $sessionId, $sessionToken, $version = 0, $autosaveContent = null, $documentState = null, bool $force = false, bool $manualSave = false, $token = null): DataResponse {