In public calendars, open attached files (with nextcould calendar client) require login

[oopen]

Steps to reproduce

1. Create a new calendar
2. Share it publicly
3. Create a event, and attach a file to it
4. Open the public generated link in a no-logged browser
5. Click on the event
6. Click on attached file

Expected behavior

The file should open, because calendar is public

Actual behaviour

Redirected to the login form

Also redirected with a file placed on a public shared folder

Open the event with a CalDAV-client like evolution make error

Calendar app version

4.4.3

CalDAV-clients used

Evolution

Browser

Chromium Version 114.0.5735.198 (Build officiel) Arch Linux (64 bits)

Client operating system

Manjaro

Server operating system

Debian / Docker compose

Web server

Nginx

Database engine version

MariaDB

PHP engine version

PHP 8.2

Nextcloud version

27.0.0

Updated from an older installed version or fresh install

Updated from an older version

List of activated apps

Enabled:
  - activity: 2.19.0
  - calendar: 4.4.3
  - circles: 27.0.0
  - cloud_federation_api: 1.10.0
  - collectives: 2.6.0
  - comments: 1.17.0
  - contacts: 5.3.2
  - contactsinteraction: 1.8.0
  - dashboard: 7.7.0
  - dav: 1.27.0
  - deck: 1.10.0
  - drawio: 2.1.1
  - event_update_notification: 2.2.0
  - federatedfilesharing: 1.17.0
  - federation: 1.17.0
  - files: 1.22.0
  - files_pdfviewer: 2.8.0
  - files_rightclick: 1.6.0
  - files_sharing: 1.19.0
  - files_trashbin: 1.17.0
  - files_versions: 1.20.0
  - forms: 3.3.1
  - groupfolders: 15.0.0
  - impersonate: 1.14.0
  - logreader: 2.12.0
  - lookup_server_connector: 1.15.0
  - nextcloud_announcements: 1.16.0
  - notes: 4.8.0
  - notifications: 2.15.0
  - oauth2: 1.15.0
  - password_policy: 1.17.0
  - photos: 2.3.0
  - polls: 5.1.0
  - privacy: 1.11.0
  - provisioning_api: 1.17.0
  - recommendations: 1.6.0
  - related_resources: 1.2.0
  - serverinfo: 1.17.0
  - settings: 1.9.0
  - sharebymail: 1.17.0
  - spreed: 17.0.1
  - support: 1.10.0
  - survey_client: 1.15.0
  - suspicious_login: 5.0.0
  - systemtags: 1.17.0
  - tasks: 0.15.0
  - text: 3.8.0
  - theming: 2.2.0
  - twofactor_backupcodes: 1.16.0
  - updatenotification: 1.17.0
  - user_status: 1.7.0
  - viewer: 2.1.0
  - workflowengine: 2.9.0
Disabled:
  - admin_audit: 1.17.0
  - bruteforcesettings: 2.7.0
  - calendar_news: 1.1.7 (installed 1.1.7)
  - encryption: 2.15.0
  - files_external: 1.19.0
  - files_texteditor: 2.15.0 (installed 2.15.0)
  - firstrunwizard: 2.16.0 (installed 2.14.0)
  - listman: 20.2.2 (installed 20.2.2)
  - mail: 3.2.3 (installed 3.2.3)
  - maps: 1.0.2 (installed 1.0.2)
  - onlyoffice: 8.1.0 (installed 8.1.0)
  - richdocuments: 8.1.0 (installed 8.1.0)
  - richdocumentscode: 23.5.103 (installed 23.5.103)
  - sharerenamer: 3.2.0 (installed 3.2.0)
  - twofactor_totp: 9.0.0
  - user_ldap: 1.17.0
  - weather_status: 1.7.0 (installed 1.5.0)

Nextcloud configuration

{
    "system": {
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "nextcloud.my-domaine.fr"
        ],
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "27.0.0.8",
        "overwrite.cli.url": "http:\/\/nextcloud.my-domaine.fr",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "default_phone_region": "FR",
        "mail_smtpmode": "smtp",
        "mail_smtpsecure": "ssl",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "loglevel": 0,
        "app_install_overwrite": [
            "listman"
        ]
    }

Web server error log

nextcloud-web-1  | 172.18.0.6 - - [10/Jul/2023:21:55:36 +0000] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0" "x.x.x.x"
nextcloud-web-1  | 172.18.0.6 - - [10/Jul/2023:21:55:53 +0000] "GET /core/preview?fileId=1733&x=100&y=100&a=0 HTTP/1.1" 401 43 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "x.x.x.x"
nextcloud-web-1  | 172.18.0.6 - - [10/Jul/2023:21:55:53 +0000] "GET /apps/calendar/p/sb2tySg5S8kJd54K/dayGridMonth/now/view/sidebar/L3JlbW90ZS5waHAvZGF2L3B1YmxpYy1jYWxlbmRhcnMvc2IydHlTZzVTOGtKZDU0Sy80MDBFNEYyNi0yODVCLTQ0OTAtODc2QS1BNjM4QUY2MjkxQTIuaWNz/1691193600 HTTP/1.1" 200 7780 "https://nextcloud.my-domaine.fr/apps/calendar/p/sb2tySg5S8kJd54K/dayGridMonth/now/view/sidebar/L3JlbW90ZS5waHAvZGF2L3B1YmxpYy1jYWxlbmRhcnMvc2IydHlTZzVTOGtKZDU0Sy80MDBFNEYyNi0yODVCLTQ0OTAtODc2QS1BNjM4QUY2MjkxQTIuaWNz/1691193600" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "x.x.x.x"
nextcloud-web-1  | 172.18.0.6 - - [10/Jul/2023:21:55:53 +0000] "GET /avatar/%7Buser%7D/64/dark HTTP/1.1" 404 2 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "x.x.x.x"
nextcloud-web-1  | 172.18.0.6 - - [10/Jul/2023:21:56:00 +0000] "GET /csrftoken HTTP/1.1" 200 123 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "x.x.x.x"

Log file

nextcloud-app-1  | 192.168.16.5 -  10/Jul/2023:21:55:36 +0000 "GET /ocs/v2.php" 304
nextcloud-app-1  | 192.168.16.5 -  10/Jul/2023:21:55:53 +0000 "GET /index.php" 401
nextcloud-app-1  | 192.168.16.5 -  10/Jul/2023:21:55:53 +0000 "GET /index.php" 200
nextcloud-app-1  | 192.168.16.5 -  10/Jul/2023:21:55:53 +0000 "GET /index.php" 404

Browser log

ERROR] Files_PDFViewer: But this does not appear to be a public page {app: 'Files_PDFViewer', level: 0}

preview:1     GET https://nextcloud.my-domaine.fr/core/preview?fileId=1733&x=100&y=100&a=0 401

GET https://nextcloud.my-domaine.fr/avatar/%7Buser%7D/64/dark 404

vue.runtime.esm.js:3049 TypeError: Cannot read properties of null (reading 'toLowerCase')
    at s (NcAvatar.js:2:16502)
    at o.initialsWrapperStyle (NcAvatar.js:2:169520)
    at e.get (vue.runtime.esm.js:3446:33)
    at e.evaluate (vue.runtime.esm.js:3547:27)
    at o.initialsWrapperStyle (vue.runtime.esm.js:5537:25)
    at o.<anonymous> (NcAvatar.js:2:176583)
    at e._render (vue.runtime.esm.js:2684:28)
    at o.r (vue.runtime.esm.js:3875:27)
    at e.get (vue.runtime.esm.js:3446:33)
    at e.run (vue.runtime.esm.js:3522:30)

Additional info

<?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:cal="urn:ietf:params:xml:ns:caldav" xmlns:cs="http://calendarserver.org/ns/" xmlns:oc="http://owncloud.org/ns"><d:response><d:href>/remote.php/dav/public-calendars/sb2tySg5S8kJd54K/400E4F26-285B-4490-876A-A638AF6291A2.ics</d:href><d:propstat><d:prop><d:getcontenttype>text/calendar; charset=utf-8; component=vevent</d:getcontenttype><d:getetag>&quot;295fd5ec13d43e06e09a084202070cff&quot;</d:getetag><d:resourcetype/><d:owner><d:href>/remote.php/dav/principals/users/me/</d:href></d:owner><d:current-user-privilege-set><d:privilege><d:read/></d:privilege><d:privilege><d:read-acl/></d:privilege><d:privilege><d:read-current-user-privilege-set/></d:privilege></d:current-user-privilege-set><cal:calendar-data>BEGIN:VCALENDAR
VERSION:2.0
CALSCALE:GREGORIAN
PRODID:-//Ximian//NONSGML Evolution Calendar//EN
BEGIN:VEVENT
CREATED:20230710T174646Z
DTSTAMP:20230710T214123Z
LAST-MODIFIED:20230710T214123Z
SEQUENCE:4
UID:7369de3c-f955-4b48-8133-4b36cbe5d2d4
DTSTART;VALUE=DATE:20230805
DTEND;VALUE=DATE:20230807
STATUS:CONFIRMED
SUMMARY:the event
LOCATION:on earth
TRANSP:OPAQUE
CLASS:PUBLIC
ATTACH;FMTTYPE=image/webp;FILENAME=/public-folder/logo.webp;X-NC-FILE-I
 D=1733;X-NC-HAS-PREVIEW=true:/f/1733
END:VEVENT
END:VCALENDAR
</cal:calendar-data></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat><d:propstat><d:prop><d:displayname/><d:sync-token/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response></d:multistatus>

[tcitworld]

The current implementation indeed generates share links only when the event is shared to other attendees. I thought Evolution didn't show such attachments.

A proper implementation of https://github.com/nextcloud/calendar/issues/5001 should fix this.

[Zocker1999NET]

If I understand #5001 and the referred RFC 5001 correctly, then this would only really enable syncing & sharing attachments with clients logged in & using CalDAV. In case nothing else is implemented additionally, this would still hinder access of users not signed in at all. And I would also like to have a way to share a calendar & its attachments with a public user base (i.e. not signed in).