[Bug]: Federated shares fails for user in format `user@email.com@cloud.nc.com`

solracsf commented 1 year ago

⚠️ This issue respects the following points: ⚠️

[X] This is a bug, not a question or a configuration/webserver/proxy issue.
[X] This issue is not already reported on Github (I've searched it).
[X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
[X] Nextcloud Server is running on 64bit capable CPU, PHP and OS.
[X] I agree to follow Nextcloud's Code of Conduct.

Bug description

Federated shares for user in format email+domain fails.

Steps to reproduce

Share a folder by klink
On that page, clic on "Add to your Nextcloud" and input user@email.com@cloud.nc.com
Error 400

Expected behavior

Format user@email.com@cloud.nc.com is accepted.

Installation method

Community Manual installation with Archive

Nextcloud Server version

26

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.1

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Fresh Nextcloud Server install

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

[X] Default user-backend (database)
[ ] LDAP/ Active Directory
[ ] SSO - SAML
[ ] Other

Configuration report

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "26.0.1.1",
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "skeletondirectory": "",
        "default_phone_region": "FR",
        "activity_expire_days": 1,
        "auth.bruteforce.protection.enabled": true,
        "htaccess.RewriteBase": "\/",
        "integrity.check.disabled": false,
        "knowledgebaseenabled": false,
        "logtimezone": "Europe\/Paris",
        "maintenance": false,
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "appstoreenabled": true,
        "overwriteprotocol": "https",
        "preview_max_scale_factor": 1,
        "trashbin_retention_obligation": "auto, 7",
        "versions_retention_obligation": "auto, 7",
        "updater.release.channel": "stable",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpmode": "smtp",
        "mail_smtpsecure": "tls",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "enabledPreviewProviders": [
            "OC\\Preview\\PNG",
            "OC\\Preview\\JPEG",
            "OC\\Preview\\GIF",
            "OC\\Preview\\HEIC",
            "OC\\Preview\\MP4",
            "OC\\Preview\\Movie"
        ],
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "overwritehost": "***REMOVED SENSITIVE VALUE***",
        "default_language": "fr",
        "default_locale": "fr_FR",
        "loglevel": 3,
        "shareapi_allow_share_dialog_user_enumeration": "no",
        "tempdirectory": "\/tmp",
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0
        },
        "preview_max_memory": 256,
        "preview_max_x": 1024,
        "preview_max_y": 1024,
        "updater.secret": "***REMOVED SENSITIVE VALUE***",
        "theme": "",
        "filelocking.enabled": true,
        "updatedirectory": "\/tmp",
        "simpleSignUpLink.shown": false,
        "preview_concurrency_new": 2,
        "maintenance_window_start": 1,
        "updatechecker": false,
        "upgrade.disable-web": true,
        "bulkupload.enabled": false,
        "session_lifetime": 3600,
        "remember_login_cookie_lifetime": 0,
        "auto_logout": true
    }
}

List of activated Apps

Enabled:
  - bruteforcesettings: 2.5.0
  - calendar: 4.3.3
  - cloud_federation_api: 1.8.0
  - contacts: 5.2.0
  - contactsinteraction: 1.6.0
  - dav: 1.24.0
  - deck: 1.8.5
  - drop_account: 2.2.0
  - federatedfilesharing: 1.15.0
  - files: 1.20.1
  - files_automatedtagging: 1.15.3
  - files_pdfviewer: 2.6.0
  - files_rightclick: 1.4.0
  - files_sharing: 1.17.0
  - files_trashbin: 1.15.0
  - forms: 3.2.0
  - impersonate: 1.12.0
  - logreader: 2.10.0
  - lookup_server_connector: 1.13.0
  - notes: 4.7.2
  - notifications: 2.13.1
  - notify_push: 0.6.2
  - oauth2: 1.13.0
  - onlyoffice: 7.8.0
  - password_policy: 1.15.0
  - photos: 2.0.1
  - provisioning_api: 1.15.0
  - quota_warning: 1.16.0
  - registration: 2.1.0
  - related_resources: 1.0.4
  - settings: 1.7.0
  - sharebymail: 1.15.0
  - tasks: 0.14.5
  - theming: 2.0.1
  - twofactor_backupcodes: 1.14.0
  - twofactor_totp: 7.0.0
  - user_retention: 1.10.0
  - viewer: 1.9.0
  - workflowengine: 2.7.0

Nextcloud Signing status

N/A

Nextcloud Logs

No response

Additional info

No response

osiktech commented 1 year ago

Same problem here:

I found this in the logs on the receiving side (redacted):

{"reqId":"FU7dy6b8GPI0HNO5jQbg","level":0,"time":"2023-06-06T11:36:16+00:00","remoteAddr":"14X.X.X.X","user":"--","app":"cloud_federation_api","method":"POST","url":"/ocm/shares","message":"shareWith before, user@domain.tld","userAgent":"Nextcloud Server Crawler","version":"26.0.1.1","data":{"app":"cloud_federation_api"}}
{"reqId":"FU7dy6b8GPI0HNO5jQbg","level":0,"time":"2023-06-06T11:36:16+00:00","remoteAddr":"14X.X.X.X","user":"--","app":"cloud_federation_api","method":"POST","url":"/ocm/shares","message":"shareWith after, user@domain.tld","userAgent":"Nextcloud Server Crawler","version":"26.0.1.1","data":{"app":"cloud_federation_api"}}

I noticed that NC was not on latest stable, so I updated to 26.0.2 afterwards without any impact on the problem.

osiktech commented 1 year ago

The problem is most probably here

    /**
     * @param string $cloudId
     * @return ICloudId
     * @throws \InvalidArgumentException
     */
    public function resolveCloudId(string $cloudId): ICloudId {
        // TODO magic here to get the url and user instead of just splitting on @

        if (!$this->isValidCloudId($cloudId)) {
            throw new \InvalidArgumentException('Invalid cloud id');
        }

        // Find the first character that is not allowed in user names
        $id = $this->fixRemoteURL($cloudId);
        $posSlash = strpos($id, '/');
        $posColon = strpos($id, ':');

        if ($posSlash === false && $posColon === false) {
            $invalidPos = \strlen($id);
        } elseif ($posSlash === false) {
            $invalidPos = $posColon;
        } elseif ($posColon === false) {
            $invalidPos = $posSlash;
        } else {
            $invalidPos = min($posSlash, $posColon);
        }

        $lastValidAtPos = strrpos($id, '@', $invalidPos - strlen($id));

        if ($lastValidAtPos !== false) {
            $user = substr($id, 0, $lastValidAtPos);
            $remote = substr($id, $lastValidAtPos + 1);

            $this->userManager->validateUserId($user);

            if (!empty($user) && !empty($remote)) {
                return new CloudId($id, $user, $remote, $this->getDisplayNameFromContact($id));
            }
        }
        throw new \InvalidArgumentException('Invalid cloud id');
    }

osiktech commented 1 year ago

I was able to test it. It seems to work using NC 26.0.5. on both ends.

I will try if this is update safe after updating one instance to 27.0.2

nextcloud / server