search

nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
27.32k stars 4.06k forks source link

[Bug]: NC replies with HTTP status code 500 instead of 4xx when uploading invalid CalDAV entries. #46380

Closed nagmat84 closed 3 months ago

nagmat84 commented 3 months ago

⚠️ This issue respects the following points: ⚠️

Bug description

Nextcloud replies with HTTP status code 500 and message This recurrence rule does not generate any valid instances for the following inconsistent CalDAV entry

BEGIN:VCALENDAR
  VERSION:2.0
  PRODID:DAVx5/4.4.0.1-gplay ical4j/3.2.18 (com.google.android.calendar)
  BEGIN:VEVENT
    DTSTAMP:20240615T063700Z
    UID:9ae55fad-b059-451c-94bd-f48f6b47d14c
    SEQUENCE:2
    SUMMARY:Technik
    DTSTART;TZID=Europe/Berlin:20240707T110000
    DTEND;TZID=Europe/Berlin:20240707T121500
    RRULE:FREQ=WEEKLY;WKST=TU;UNTIL=20240713T215959Z
    EXDATE;TZID=Europe/Berlin:20240728T110000
    EXDATE;TZID=Europe/Berlin:20240707T110000
  END:VEVENT
END:VCALENDAR

Obviously, NC is right to reject the calendar entry and the error message is correct. However, the HTTP status code should be 4xx, not 500. HTTP status codes 5xx indicate a server-side error, but this error is a client-side error. A 5xx status code informs the client to try to repeat the same request later, but in this case the same request will fail again.

More suitable status codes are 409 (Conflict) or 422 (Unprocessable Content). The latter is probably the most suitable status code.

I am using an Android smartphone with Google Calendar as the front-end UI and DAVx5 as the connector. I was somehow able to create the event above and DAVx5 become stuck, because it had the event in its local cash and endlessly tried to send the event to the NC server.

I am aware that there is a bug on several layers here. The Google Calender UI should prevent a user from creating such inconsistent events in the first place. But NC should also respond with the correct status code.

Steps to reproduce

  1. Create an invalid VEVENT entry with recurrences but zero instances
  2. Try to upload that VEVENT to NC server
  3. NC responds with HTTP status code 500

Expected behavior

NC should respond with a 4xx status code, preferably 409 or 422

Installation method

Community Manual installation with Archive

Nextcloud Server version

29

Operating system

Other

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database engine version

PostgreSQL

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

Configuration report

{
    "system": {
        "dbtype": "pgsql",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "default_language": "de",
        "default_locale": "de_DE",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "sendmail",
        "overwrite.cli.url": "https:\/\/cloud.mhnnet.de\/",
        "htaccess.RewriteBase": "\/",
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "mhnnet.de",
            "www.mhnnet.de",
            "server.mhnnet.de",
            "cloud.mhnnet.de",
            "famna.de",
            "www.famna.de",
            "cloud.famna.de"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "version": "29.0.3.4",
        "dbtableprefix": "oc_",
        "dbport": "",
        "installed": true,
        "maintenance": false,
        "theme": "",
        "loglevel": 2,
        "default_phone_region": "DE",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "timeout": 0
        },
        "enabledPreviewProviders": [
            "OC\\Preview\\BMP",
            "OC\\Preview\\GIF",
            "OC\\Preview\\HEIC",
            "OC\\Preview\\JPEG",
            "OC\\Preview\\Krita",
            "OC\\Preview\\MarkDown",
            "OC\\Preview\\MSOffice2003",
            "OC\\Preview\\MSOffice2007",
            "OC\\Preview\\MSOfficeDoc",
            "OC\\Preview\\Movie",
            "OC\\Preview\\MP3",
            "OC\\Preview\\OpenDocument",
            "OC\\Preview\\PDF",
            "OC\\Preview\\PNG",
            "OC\\Preview\\SVG",
            "OC\\Preview\\TIFF",
            "OC\\Preview\\TXT",
            "OC\\Preview\\WebP",
            "OC\\Preview\\XBitmap"
        ],
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
        "maintenance_window_start": 1
    }
}

List of activated Apps

Enabled:
  - activity: 2.21.1
  - bruteforcesettings: 2.9.0
  - calendar: 4.7.10
  - cloud_federation_api: 1.12.0
  - contacts: 6.0.0
  - dashboard: 7.9.0
  - dav: 1.30.1
  - federatedfilesharing: 1.19.0
  - federation: 1.19.0
  - files: 2.1.0
  - files_accesscontrol: 1.19.1
  - files_downloadlimit: 2.0.0
  - files_sharing: 1.21.0
  - files_trashbin: 1.19.0
  - files_versions: 1.22.0
  - groupfolders: 17.0.1
  - logreader: 2.14.0
  - lookup_server_connector: 1.17.0
  - mail: 3.7.2
  - nextcloud_announcements: 1.18.0
  - notifications: 2.17.0
  - oauth2: 1.17.0
  - password_policy: 1.19.0
  - previewgenerator: 5.5.0
  - provisioning_api: 1.19.0
  - recommendations: 2.1.0
  - related_resources: 1.4.0
  - serverinfo: 1.19.0
  - settings: 1.12.0
  - sharebymail: 1.19.0
  - support: 1.12.0
  - tasks: 0.16.0
  - text: 3.10.1
  - theming: 2.4.0
  - theming_customcss: 1.16.0
  - twofactor_backupcodes: 1.18.0
  - updatenotification: 1.19.1
  - user_ldap: 1.20.0
  - user_status: 1.9.0
  - viewer: 2.3.0
  - workflowengine: 2.11.0
Disabled:
  - admin_audit: 1.19.0
  - circles: 29.0.0-dev (installed 26.0.0)
  - comments: 1.19.0 (installed 1.10.0)
  - contactsinteraction: 1.10.0 (installed 1.7.0)
  - encryption: 2.17.0
  - files_external: 1.21.0
  - files_pdfviewer: 2.10.0 (installed 2.0.1)
  - files_reminders: 1.2.0 (installed 1.0.0)
  - firstrunwizard: 2.18.0 (installed 2.15.0)
  - photos: 2.5.0 (installed 1.2.1)
  - privacy: 1.13.0 (installed 1.11.0)
  - survey_client: 1.17.0 (installed 1.15.0)
  - suspicious_login: 7.0.0
  - systemtags: 1.19.0 (installed 1.10.0)
  - twofactor_totp: 11.0.0-dev
  - weather_status: 1.9.0 (installed 1.0.0)

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

No response

Additional info

No response

joshtrichards commented 3 months ago

If there is a 500 error, there should be a corresponding entry your nextcloud.log. That contains the stack trace. Do you happen to have that?

nagmat84 commented 3 months ago

Unfortunately not anymore.

Let's hope that the error happens again soon and then I will dump the corresponding log entry.

The error is a little bit difficult to (re-)trigger manually. A proper CalDAV client typically does not attempt to send those inconsistent VCALENDAR entries as those errors are already caught on the UI level and never reach the NC server. However, once every two months one of my five users (family) is able to create such an entry.

Alternatively, one would need a CalDAV client implementation for testing purposes which allows to send those inconsistent VCALENDAR entries deliberately. I had hoped that the NC test suite might be able to do that in order to provoke the error.

Alternatively, the NC error message "This recurrence rule does not generate any valid instances" should be somewhere in the code and easy to find. It seems to be a rather specific message. Maybe one can go from there and see what leads to the 500 error code.

joshtrichards commented 3 months ago

Related: #30514 & #5641

SebastianKrupinski commented 3 months ago

Duplicate of #30514