Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

public cannot use If: header to perform operations on self-locked items #34341

Closed
individual-it opened this issue Jan 31, 2019 · 3 comments
Closed

public cannot use If: header to perform operations on self-locked items #34341

individual-it opened this issue Jan 31, 2019 · 3 comments
Labels
feature:persistent-locking p3-medium Normal priority Type:Bug
Milestone
10.1.0

Comments

@individual-it
Copy link
Member

Steps to reproduce

  1. create a public link of a folder with a file and give write permissions
  2. as public lock the file
  3. as public try to overwrite the file using the If: header and giving the own opaquelocktoken

Expected behaviour

file can be overwritten

Actual behaviour

HTTP status code 423
file cannot be changed

Logs

Web server error log

ownCloud log (data/owncloud.log)

PUT","url":"\/owncloud-core\/public.php\/webdav\/parent.txt","message":"Exception: HTTP\/1.1 423 Locked: {\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\Locked\",\"Message\":\"\",\"Code\":0,\"Trace\":\"#0 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/WildcardEmitterTrait.php(96): Sabre\\\\DAV\\\\Locks\\\\Plugin->validateTokens(Object(Sabre\\\\HTTP\\\\Request), Array)\\n#1 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(1448): Sabre\\\\DAV\\\\Server->emit('validateTokens', Array)\\n#2 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(458): Sabre\\\\DAV\\\\Server->checkPreconditions(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#3 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(241): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#4 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(309): Sabre\\\\DAV\\\\Server->start()\\n#5 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/publicwebdav.php(103): Sabre\\\\DAV\\\\Server->exec()\\n#6 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/public.php(85): require_once('\\\/home\\\/artur\\\/www...')\\n#7 {main}\",\"File\":\"\\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Locks\\\/Plugin.php\",\"Line\":518}"}
@individual-it individual-it added this to the QA milestone Jan 31, 2019
@ownclouders
Copy link
Contributor

GitMate.io thinks the contributor most likely able to help you is @ownclouders.

Possibly related issues are #33847 (Persistent lock: cannot unshare from self), #34302 (public cannot unlock locks set by the public), #4511 (PUT: Support optimistic locking using E-Tag in the If-Match header), #29554 (overwriting a file with a folder and a folder with a file needs better error reporting), and #33479 (moving files in public folder is not possible).

@PVince81 PVince81 added the p3-medium Normal priority label Jan 31, 2019
@PVince81
Copy link
Contributor

keeping for known issue: when accessing public webdav endpoint, public user can lock resources but cannot access said resources with the lock token.

I wonder if we should just forbid locking from public then until this is fixed...

@pmaier1

@PVince81
Copy link
Contributor

duplicate of #34304

@lock lock bot locked as resolved and limited conversation to collaborators Jan 31, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
feature:persistent-locking p3-medium Normal priority Type:Bug
Projects
None yet
Milestone
10.1.0
Development

No branches or pull requests
3 participants
@PVince81 @individual-it @ownclouders