search

owncloud / core

:cloud: ownCloud web server core (Files, DAV, etc.)
https://owncloud.com
GNU Affero General Public License v3.0
8.36k stars 2.06k forks source link

Moving a locked file to a locked folder, both locks are preserved #34389

Open davitol opened 5 years ago

davitol commented 5 years ago

Steps to reproduce

1) Lock a file:

curl -u admin:admin -X LOCK http://owncloudserver/remote.php/webdav/lock.txt  -d "<?xml version='1.0' encoding='UTF-8'?><d:lockinfo xmlns:d='DAV:'> <d:timeout>Infinite</d:timeout> <d:lockscope><d:exclusive/></d:lockscope></d:lockinfo>"

2) Lock a folder

curl -u admin:admin -X LOCK http://owncloudserver/remote.php/webdav/FolderCerrado  -d "<?xml version='1.0' encoding='UTF-8'?><d:lockinfo xmlns:d='DAV:'> <d:timeout>Infinite</d:timeout> <d:lockscope><d:exclusive/></d:lockscope></d:lockinfo>"

3) Move the file into the folder using both tokens:

curl -k -u admin:admin -H 'If: (<opaquelocktoken:ad232c59-98d3-434e-a18c-81cdc65aa4c1>,<opaquelocktoken:76484811-c9ce-4ff5-9e5f-59f45e146449>)' -H 'Destination:http://owncloudserver/remote.php/webdav/FolderCerrado/lock.txt' -H 'Overwrite:F' -H 'User-Agent:Mozilla/5.0 (Android) ownCloud-android/2.7.0' -H 'Host:owncloudserver' -X MOVE 'http://owncloudserver/remote.php/webdav/lock.txt'

4) Check the lock in the moved file

Expected behavior

The lock token of the file should not be preserved https://tools.ietf.org/html/rfc4918#page-33:

A successful MOVE request on a write locked resource MUST NOT move
   the write lock with the resource.  However, if there is an existing
   lock at the destination, the server MUST add the moved resource to
   the destination lock scope.  For example, if the MOVE makes the
   resource a child of a collection that has a depth-infinity lock, then
   the resource will be added to that collection's lock.  Additionally,
   if a resource with a depth-infinity lock is moved to a destination
   that is within the scope of the same lock (e.g., within the URL
   namespace tree covered by the lock), the moved resource will again be
   added to the lock.  In both these examples, as specified in
   Section 7.5, an If header must be submitted containing a lock token
   for both the source and destination.

Actual behavior

Both lock tokens are preserved

curl -u admin:admin -X PROPFIND http://owncloudserver/remote.php/webdav/FolderCerrado/lock.txt  -d "<?xml version='1.0' encoding='UTF-8'?> <d:propfind xmlns:d='DAV:'> <d:prop><d:lockdiscovery/></d:prop> </d:propfind>" | xmllint --format -
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1222  100  1106  100   116    704     73  0:00:01  0:00:01 --:--:--   704
<?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns">
  <d:response>
    <d:href>/remote.php/webdav/FolderCerrado/lock.txt</d:href>
    <d:propstat>
      <d:prop>
        <d:lockdiscovery>
          <d:activelock>
            <d:lockscope>
              <d:exclusive/>
            </d:lockscope>
            <d:locktype>
              <d:write/>
            </d:locktype>
            <d:lockroot>
              <d:href>/remote.php/webdav/FolderCerrado/lock.txt</d:href>
            </d:lockroot>
            <d:depth>infinity</d:depth>
            <d:timeout>Second-1445</d:timeout>
            <d:locktoken>
              <d:href>opaquelocktoken:76484811-c9ce-4ff5-9e5f-59f45e146449</d:href>
            </d:locktoken>
            <d:owner>admin </d:owner>
          </d:activelock>
          <d:activelock>
            <d:lockscope>
              <d:exclusive/>
            </d:lockscope>
            <d:locktype>
              <d:write/>
            </d:locktype>
            <d:lockroot>
              <d:href>/remote.php/webdav/FolderCerrado</d:href>
            </d:lockroot>
            <d:depth>infinity</d:depth>
            <d:timeout>Second-1466</d:timeout>
            <d:locktoken>
              <d:href>opaquelocktoken:ad232c59-98d3-434e-a18c-81cdc65aa4c1</d:href>
            </d:locktoken>
            <d:owner>admin</d:owner>
          </d:activelock>
        </d:lockdiscovery>
      </d:prop>
      <d:status>HTTP/1.1 200 OK</d:status>
    </d:propstat>

@individual-it @PVince81

ownclouders commented 5 years ago

GitMate.io thinks the contributor most likely able to help you is @ownclouders.

Possibly related issues are https://github.com/owncloud/core/issues/34372 (moving a locked file into a locked folder (providing token) results in conflicting locks), https://github.com/owncloud/core/issues/24737 (File Locked), https://github.com/owncloud/core/issues/26838 (File locking), https://github.com/owncloud/core/issues/28991 (file is locked), and https://github.com/owncloud/core/issues/21881 (File Permanently Locked).

PVince81 commented 5 years ago

it's another variation of https://github.com/owncloud/core/issues/34372

moving to backlog for now

jvillafanez commented 4 years ago

Maybe we can add a afterMethod:MOVE in the "new" PublicDavLocksPlugin (https://github.com/owncloud/core/pull/36402 - pending to be merged) in order to remove the persistent lock there. Alternatively, we could add the same functionality in the "FilesPlugin" although there isn't anything related to locks there.