search

owncloud / core

:cloud: ownCloud web server core (Files, DAV, etc.)
https://owncloud.com
GNU Affero General Public License v3.0
8.3k stars 2.06k forks source link

empty lock-token when unlocking public link results in an exception #34300

Open individual-it opened 5 years ago

individual-it commented 5 years ago

Steps to reproduce

  1. create a public link
  2. remember the link-token
  3. as public send an UNLOCK request to the public link with an empty opaquelocktoken: curl -u $LINKTOKEN: -X UNLOCK http://localhost/owncloud-core/public.php/webdav/test -H "Lock-Token: opaquelocktoken:"

Expected behaviour

error that the opaquelocktoken is not valid

Actual behaviour

<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>TypeError</s:exception>
  <s:message>Argument 1 passed to OC\Lock\Persistent\LockMapper::getLockByToken() must be of the type string, null given, called in /home/artur/www/owncloud-core/apps/dav/lib/Connector/Sabre/LockPlugin.php on line 104</s:message>
</d:error>

Logs

ownCloud log (data/owncloud.log)

{"reqId":"BIYM9Ndf2tSx02wgB4MR","level":4,"time":"2019-01-29T10:48:50+00:00","remoteAddr":"127.0.0.1","user":"--","app":"webdav","method":"UNLOCK","url":"\/owncloud-core\/public.php\/webdav\/test","message":"Exception: Argument 1 passed to OC\\Lock\\Persistent\\LockMapper::getLockByToken() must be of the type string, null given, called in \/home\/artur\/www\/owncloud-core\/apps\/dav\/lib\/Connector\/Sabre\/LockPlugin.php on line 104: {\"Exception\":\"TypeError\",\"Message\":\"Argument 1 passed to OC\\\\Lock\\\\Persistent\\\\LockMapper::getLockByToken() must be of the type string, null given, called in \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/LockPlugin.php on line 104\",\"Code\":0,\"Trace\":\"#0 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/LockPlugin.php(104): OC\\\\Lock\\\\Persistent\\\\LockMapper->getLockByToken(NULL)\\n#1 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/WildcardEmitterTrait.php(96): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\LockPlugin->beforeUnlock('test', Object(Sabre\\\\DAV\\\\Locks\\\\LockInfo))\\n#2 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Locks\\\/Plugin.php(347): Sabre\\\\DAV\\\\Server->emit('beforeUnlock', Array)\\n#3 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Locks\\\/Plugin.php(286): Sabre\\\\DAV\\\\Locks\\\\Plugin->unlockNode('test', Object(Sabre\\\\DAV\\\\Locks\\\\LockInfo))\\n#4 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/WildcardEmitterTrait.php(96): Sabre\\\\DAV\\\\Locks\\\\Plugin->httpUnlock(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#5 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(464): Sabre\\\\DAV\\\\Server->emit('method:UNLOCK', Array)\\n#6 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(241): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#7 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(309): Sabre\\\\DAV\\\\Server->start()\\n#8 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/publicwebdav.php(103): Sabre\\\\DAV\\\\Server->exec()\\n#9 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/public.php(85): require_once('\\\/home\\\/artur\\\/www...')\\n#10 {main}\",\"File\":\"\\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/private\\\/Lock\\\/Persistent\\\/LockMapper.php\",\"Line\":174}"}

CC @PVince81 @davitol

PVince81 commented 5 years ago

not critical for the release I'd say, but should be fixed right after.

I suspect that Sabre parses the part behind "opaquelocktoken:" and somehow evaluates to null instead of failing directly

ownclouders commented 5 years ago

GitMate.io thinks the contributor most likely able to help you is @ownclouders.

Possibly related issues are https://github.com/owncloud/core/pull/34268 (Hide lock token in public webdav responses), https://github.com/owncloud/core/pull/34270 ([stable10] Hide lock token in public webdav responses), https://github.com/owncloud/core/pull/30580 (Test unlock on exception during scanning), https://github.com/owncloud/core/issues/33479 (moving files in public folder is not possible), and https://github.com/owncloud/core/issues/29554 (overwriting a file with a folder and a folder with a file needs better error reporting).

PVince81 commented 5 years ago

not critical => backlog