search

nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
26.73k stars 4k forks source link

CalDAV birthday calendar: modifying birthdays should return 403 instead of 404 #11633

Closed rfc2822 closed 2 months ago

rfc2822 commented 5 years ago

Currently, modifying birthday events in the birthday calendar (the one which is automatically created and filled with contact birthdays by Nextcloud) over CalDAV PUT returns HTTP 404 with this message:

<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>Sabre\DAV\Exception\NotFound</s:exception>
  <s:message>Node with name 'contacts-pas-id-565B107600000032.vcf.ics' could not be found</s:message>
</d:error>

(Reference: https://forums.bitfire.at/post/10439)

I think it would be better to return 403 Forbidden on PUT, because the iCalendar resource exists when downloading it. 404 would mean that there is no representation for this resource. With 403, clients and users can see that the resource is available, but cannot be modified.

nextcloud-bot commented 5 years ago

GitMate.io thinks possibly related issues are https://github.com/nextcloud/server/issues/8766 (Caldav ), https://github.com/nextcloud/server/issues/5077 (Propatch to birthday calendar returns 404), https://github.com/nextcloud/server/issues/8529 (NC 13: disable birthday calendar returns 302 with no feedback), https://github.com/nextcloud/server/issues/3003 (Disable birthday contacts calendar generation for user), and https://github.com/nextcloud/server/pull/10761 ([stable13] Fix call to OC.generateUrl for caldav birthday calendar on/off).

skjnldsv commented 5 years ago

@georgehrke

blizzz commented 1 year ago

still an issue?

szaimen commented 1 year ago

Hi, please update to 24.0.8 or better 25.0.2 and report back if it fixes the issue. Thank you!

ArnyminerZ commented 1 year ago

Still happening on 25.0.4. To reproduce:

  1. Create the file event.ics with this contents: 
    BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//ical.marudot.com//iCal Event Maker
CALSCALE:GREGORIAN
BEGIN:VTIMEZONE
TZID:Europe/London
LAST-MODIFIED:20201011T015911Z
TZURL:http://tzurl.org/zoneinfo-outlook/Europe/London
X-LIC-LOCATION:Europe/London
BEGIN:DAYLIGHT
TZNAME:BST
TZOFFSETFROM:+0000
TZOFFSETTO:+0100
DTSTART:19700329T010000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU
END:DAYLIGHT
BEGIN:STANDARD
TZNAME:GMT
TZOFFSETFROM:+0100
TZOFFSETTO:+0000
DTSTART:19701025T020000
RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20230321T093324Z
UID:1679391192205-46875@ical.marudot.com
DTSTART;VALUE=DATE:20230321
DTEND;VALUE=DATE:20230322
SUMMARY:Testing Event
DESCRIPTION:This is a testing event.
END:VEVENT
END:VCALENDAR
  2. Run this command on the same directory than the file: 
    curl https://<server>/remote.php/dav/calendars/<username>/contact_birthdays/ -u <username>:<password> -X PUT -d @event.ics

    Note: Replace <server>, <username> and <password> accordingly.

  3. The response given by the server is: 
    <?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>Sabre\DAV\Exception\NotFound</s:exception>
  <s:message>Node with name 'contact_birthdays' could not be found</s:message>
</d:error>

    This is misleading, and is technically not true. As stated by @rfc2822, the returned error should be 403 Forbidden.

devvv4ever commented 7 months ago

Short addition: If possible, it would be helpful if the error message could be more precise. Suggestion: "Contact birthdays is read-only. Please edit the contact itself to change this resource".