glpatcern
commented
1 year ago To keep a summary record of the investigations concerning Nextcloud, this is how it accesses a remote OCM share.
To be noted that part of this logic appears to come from the Open Collaboration Services standard (see #70), part is Nextcloud's own logic.
1) Check the remote /ocm-provider endpoint and ensure that apiVersion = 1.0-proposal1. Otherwise, bail out.
2) Send an OCM notification that the share has been accepted, and ensure it return 201 CREATED. Otherwise, bail out.
3) Check the remote /ocs-provider endpoint. Possibly take services.FEDERATED_SHARING.endpoints.webdav as <path> for later accessing (not confirmed).
4) Check that /status.php returns HTTP 200. This endpoint is exposed by ownCloud and Nextcloud, and the check is to ensure that the remote end is either ownCloud or Nextcloud. If not, bail out.
Nextcloud may eventually call POST /index.php/apps/files_sharing/shareinfo, passing as t query parameter the sharedSecret of the share. This is expected to give info about the remote share within a pure Nextcloud federation, and it's a fallback mechanism when one of the previous checks failed. But it is not called when accessing a ownCloud 10 share.
michielbdejong
This follows a reverse engineering session to expose a share from CERNBox to ownCloud 10 and Nextcloud 26. Closes #70.
- [ ] NC26 access worksEdit: Nextcloud has been proven to follow the OCM standard when sending a share to a remote system, but to fully disregard it when accessing a remote system. Details in the comment below and in https://github.com/pondersource/nc-sciencemesh/issues/373. Therefore, the amended text just reflects how ownCloud 10 accesses remote OCM shares, that essentially boils down to exposing paths and not full URLs in the
/ocm-providerdiscovery endpoint.