search

nextcloud / calendar

📆 Calendar app for Nextcloud
https://apps.nextcloud.com/apps/calendar
GNU Affero General Public License v3.0
963 stars 237 forks source link

Incorrect handling of CLASS:PRIVATE Flag from iCal import #4876

Open tilllt opened 1 year ago

tilllt commented 1 year ago

Steps to reproduce

  1. There is a calendar shared between two users. User A shared the Calendar with User B.
  2. User A creates an appointment using an external Website (doctolib.de) and downloads the corresponding iCal file. Since it is a doctors appointment, the iCal File correctly contains a "CLASS:PRIVATE" flag.
  3. The file is imported to a Windows desktop Mail / Calendar App (emClient) and shows up locally in the apps calendar.
  4. Apparently it syncs fine to Nextcloud because the appointment appears on User B's iPhone Calendar AND in User B's Nextcloud WebGUI after sync
  5. But it does NOT appear in User A's Nextcloud Calendar Web-View
  6. Neither does it Sync to (or shows up in) User A's android device calender - the sync from phone to NC generally works, tested bi-directionally from phone to nc and vice versa

Related forum post: https://help.nextcloud.com/t/rendez-vous-not-visible-in-shared-calendar/71432

Expected behavior

I dont know what the expected behaviour of iCal Files that contain a CLASS:PRIVATE Flag is, but i am pretty sure that a imported appointment should show up for the user that created it and synced it using his/her credentials (USER A) - it should maybe not show up for USER B if thats the intended purpose of CLASS:PRIVATE, not showing an appointment to users with shared access to the calendar.

Actual behaviour

An appointment that was created and synced by USER A is not visible to USER A. neither in the Web-GUI nor in a syncecd Android calendar, it shows up on USER B's iOS Calendar (iphone) and in USER B's NC Web Calendar View. So pretty much the opposite of what you would expect to happen.

Calendar app version

4.2.0

CalDAV-clients used

Davx5 / aCalendar (Android), emClient (Windows 10), iOS Calendar (iPhone)

Browser

Chrome 108.0.5359.125

Client operating system

Windows 10

Server operating system

Debian Bullseye / Docker

Web server

Other

Database engine version

Other

PHP engine version

Other

Nextcloud version

25.0.2

Updated from an older installed version or fresh install

Updated from an older version

List of activated apps

Enabled:
  - activity: 2.17.0
  - admin_audit: 1.15.0
  - audioplayer: 3.3.1
  - calendar: 4.2.0
  - camerarawpreviews: 0.8.0
  - checksum: 1.2.0
  - circles: 25.0.0
  - cloud_federation_api: 1.8.0
  - comments: 1.15.0
  - contacts: 5.0.2
  - contactsinteraction: 1.6.0
  - dashboard: 7.5.0
  - dav: 1.24.0
  - deck: 1.8.3
  - drawio: 2.0.2
  - external: 5.0.0
  - federatedfilesharing: 1.15.0
  - federation: 1.15.0
  - files: 1.20.1
  - files_external: 1.17.0
  - files_fulltextsearch: 24.0.1
  - files_mindmap: 0.0.27
  - files_pdfviewer: 2.6.0
  - files_retention: 1.14.0
  - files_rightclick: 1.4.0
  - files_sharing: 1.17.0
  - files_trashbin: 1.15.0
  - files_versions: 1.18.0
  - firstrunwizard: 2.14.0
  - fulltextsearch: 24.0.0
  - fulltextsearch_elasticsearch: 24.0.1
  - integration_zammad: 2.0.1
  - keeweb: 0.6.10
  - logreader: 2.10.0
  - lookup_server_connector: 1.13.0
  - maps: 0.2.1
  - metadata: 0.17.0
  - news: 19.0.0
  - nextcloud_announcements: 1.14.0
  - notes: 4.6.0
  - notifications: 2.13.1
  - oauth2: 1.13.0
  - password_policy: 1.15.0
  - phonetrack: 0.7.2
  - photos: 2.0.1
  - previewgenerator: 5.1.1
  - privacy: 1.9.0
  - provisioning_api: 1.15.0
  - recommendations: 1.4.0
  - related_resources: 1.0.3
  - richdocuments: 7.0.2
  - serverinfo: 1.15.0
  - settings: 1.7.0
  - sharebymail: 1.15.0
  - support: 1.8.0
  - systemtags: 1.15.0
  - tasks: 0.14.5
  - text: 3.6.0
  - theming: 2.0.1
  - twofactor_backupcodes: 1.14.0
  - updatenotification: 1.15.0
  - user_ldap: 1.15.0
  - user_status: 1.5.0
  - viewer: 1.9.0
  - weather_status: 1.5.0
  - workflowengine: 2.7.0
Disabled:
  - announcementcenter: 6.4.0
  - apporder: 0.15.0
  - bruteforcesettings: 1.0.3
  - carnet: 0.24.6
  - cospend: 1.5.4
  - duplicatefinder: 0.0.15
  - encryption
  - epubreader: 1.4.7
  - extract: 1.3.5
  - files_markdown: 2.3.6
  - files_texteditor: 2.15.0
  - flowupload: 1.1.3
  - imageconverter: 1.3.4
  - ldap_contacts_backend: 1.5.0
  - printer: 0.0.5
  - riotchat: 0.13.11
  - sharingpath: 0.4.4
  - survey_client: 1.1.0
  - suspicious_login
  - timemanager: 0.3.4
  - twofactor_totp
  - unsplash: 2.1.1
  - user_retention: 1.8.1
  - video_converter: 1.0.5

Nextcloud configuration

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "25.0.2.3",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "theme": "",
        "maintenance": false,
        "filelocking.enabled": true,
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "loglevel": 0,
        "logfile": "\/var\/log\/apache2\/nextcloud.log",
        "log_type": "file",
        "log_rotate_size": "100MiB",
        "trusted_domains": [
            "a1.b1.com",
            "a2.b2.de",
            "www.xyz.de",
            "www.abc.de",
            "1.2.3.4",
            "5.6.7.8"
        ],
        "secret": "***REMOVED SENSITIVE VALUE***",
        "share_folder": "\/Shared",
        "xframe_restriction": false,
        "trashbin_retention_obligation": "auto",
        "auth.bruteforce.protection.enabled": true,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "updater.release.channel": "stable",
        "htaccess.RewriteBase": "\/",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "mail_smtpauthtype": "PLAIN",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "has_rebuilt_cache": true,
        "app_install_overwrite": [
            "calendar",
            "keeweb",
            "fulltextsearch",
            "bookmarks_fulltextsearch",
            "fulltextsearch_elasticsearch",
            "files_fulltextsearch"
        ],
        "overwriteprotocol": "https",
        "overwrite.cli.url": "https:\/\/a.b.de",
        "ldapIgnoreNamingRules": false,
        "mail_sendmailmode": "smtp",
        "mysql.utf8mb4": true,
        "enable_previews": true,
        "enabledPreviewProviders": [
            "OC\\Preview\\Image",
            "OC\\Preview\\Movie",
            "OC\\Preview\\TXT"
        ],
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory"
    }
}

Web server error log

No response

Log file

No response

Browser log

No response

Additional info

No response

miaulalala commented 1 year ago

\OCA\DAV\CalDAV\Calendar::getChild does check for the classification but it might be buggy. Unfortunately I'm very pressed for time at the moment, but if you're up for it, you could step through it with your debugger to see where the error happens. Otherwise it will take some time until we get to it.

Specification is here: https://www.rfc-editor.org/rfc/rfc5545#section-3.8.1.3

tilllt commented 1 year ago

Thats unfortunately beyond my skill set, but as a quick fix, i think NC Calendar should rather ignore the CLASS:PRIVATE field than hide the appointment from the owner but show it to everyone else ;)

tcitworld commented 1 year ago

Can you have user B export the event from their side and check if the file still contains CLASS:PRIVATE? Or you can try to find the object data in the oc_calendarobjects table too (but that might be harder).

tilllt commented 1 year ago

I exported the appointment from User B's NC Web GUI and it keeps the CLASS:PRIVATE flag

tilllt commented 1 year ago

Here is an anonymized version of the original iCal file from doctolib Anon_09-01-2023-um-11-25.zip

Urmel commented 10 months ago

In https://github.com/nextcloud/calendar/issues/4044 it is discussed how to handle private events.