Meta endpoint returns incomplete oc:spaceid for private links

felix-schwarz commented 10 months ago

Describe the bug

When sending a file ID to the meta endpoint, it returns an incomplete value for <oc:spaceid>.

(Semi-related side node: the naming <oc:spaceid> doesn't match the naming as drives used in other APIs. If <oc:spaceid> has always returned an incomplete/unusable value, addressing this issue may also be an opportunity to rename the tag to <oc:driveid> to bring its naming in line.)

Steps to reproduce

Perform a PROPFIND on the meta endpoint using the File ID:

PROPFIND /remote.php/dav/meta/71135097-2849-442b-b3d8-7701539e8cf5$e90424c7-1bdb-4512-9e05-cba6b6ffbb74!97b970f2-18dc-4e80-b154-cec25285b959 HTTP/1.1
Host: ocis.ocis-wopi.latest.owncloud.works
Content-Length: 159
Prefer: return=minimal
X-Request-ID: 5364EEF1-0DDB-4886-BACD-3088459998D5
Original-Request-ID: 5364EEF1-0DDB-4886-BACD-3088459998D5
Content-Type: application/xml
Depth: 0
User-Agent: ownCloudApp/12.0.3 (App/271; iOS/17.0.1; iPhone)
Authorization: Bearer [redacted:3]
Accept-Language: en

<?xml version="1.0" encoding="UTF-8"?>
<D:propfind xmlns:D="DAV:" xmlns:oc="http://owncloud.org/ns">
<D:prop>
<oc:meta-path-for-user/>
</D:prop>
</D:propfind>

Expected behavior

The returned <oc:spaceid> matches a drive returned by the drive list endpoint.

Actual behavior

The returned <oc:spaceid> does not match a drive returned by the drive list endpoint:

207 SUCCESS
Access-Control-Allow-Origin: *
Content-Type: application/xml; charset=utf-8
content-security-policy: default-src 'none';
dav: 1, 3, extended-mkcol
x-download-options: noopen
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
Date: Tue, 14 Nov 2023 23:08:10 GMT
x-request-id: 5364EEF1-0DDB-4886-BACD-3088459998D5
x-robots-tag: none
Content-Length: 737
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
Vary: Origin

<d:multistatus
    xmlns:s="http://sabredav.org/ns"
    xmlns:d="DAV:"
    xmlns:oc="http://owncloud.org/ns">
    <d:response>
        <d:href>/remote.php/dav/meta/71135097-2849-442b-b3d8-7701539e8cf5$e90424c7-1bdb-4512-9e05-cba6b6ffbb74%2197b970f2-18dc-4e80-b154-cec25285b959/</d:href>
        <d:propstat>
            <d:prop>
                <oc:meta-path-for-user>/555</oc:meta-path-for-user>
                <oc:id>71135097-2849-442b-b3d8-7701539e8cf5$e90424c7-1bdb-4512-9e05-cba6b6ffbb74!97b970f2-18dc-4e80-b154-cec25285b959</oc:id>
                <oc:fileid>71135097-2849-442b-b3d8-7701539e8cf5$e90424c7-1bdb-4512-9e05-cba6b6ffbb74!97b970f2-18dc-4e80-b154-cec25285b959</oc:fileid>
                <oc:spaceid>71135097-2849-442b-b3d8-7701539e8cf5</oc:spaceid>
            </d:prop>
            <d:status>HTTP/1.1 200 OK</d:status>
        </d:propstat>
    </d:response>
</d:multistatus>

The drive/space ID returned here is different from what the drive list returned earlier for the personal space:

71135097-2849-442b-b3d8-7701539e8cf5 (returned by meta endpoint)
71135097-2849-442b-b3d8-7701539e8cf5$e90424c7-1bdb-4512-9e05-cba6b6ffbb74 (returned by the drive list endpoint)

# RESPONSE --------------------------------------------------------
Method:      GET
URL:         https://ocis.ocis-wopi.latest.owncloud.works/graph/v1.0/me/drives
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
200 NO ERROR
x-content-type-options: nosniff
Content-Type: application/json
content-security-policy: frame-ancestors 'none'
Date: Tue, 14 Nov 2023 23:02:36 GMT
x-frame-options: DENY
x-request-id: D2AF9AAD-4BCA-41F4-9980-35D343B926CF
x-graph-version: 5.0.0-alpha.2+552b87654
Vary: Origin

{
  "value": [
    {
      "driveAlias": "virtual/shares",
      "driveType": "virtual",
      "id": "a0ca6a90-a365-4782-871e-d44447bbc668$a0ca6a90-a365-4782-871e-d44447bbc668",
      "name": "Shares",
      "root": {
        "eTag": "DECAFC00FEE",
        "id": "a0ca6a90-a365-4782-871e-d44447bbc668$a0ca6a90-a365-4782-871e-d44447bbc668",
        "webDavUrl": "https://ocis.ocis-wopi.latest.owncloud.works/dav/spaces/a0ca6a90-a365-4782-871e-d44447bbc668$a0ca6a90-a365-4782-871e-d44447bbc668"
      },
      "webUrl": "https://ocis.ocis-wopi.latest.owncloud.works/f/a0ca6a90-a365-4782-871e-d44447bbc668$a0ca6a90-a365-4782-871e-d44447bbc668"
    },
    {
      "driveAlias": "personal/admin",
      "driveType": "personal",
      "id": "71135097-2849-442b-b3d8-7701539e8cf5$e90424c7-1bdb-4512-9e05-cba6b6ffbb74",
      "lastModifiedDateTime": "2023-11-14T17:51:30.060115701Z",
      "name": "Admin",
      "owner": {
        "user": {
          "displayName": "",
          "id": "e90424c7-1bdb-4512-9e05-cba6b6ffbb74"
        }
      },
      "quota": {
        "remaining": 27148849152,
        "state": "normal",
        "total": 0,
        "used": 540925
      },
      "root": {
        "eTag": "\"a62df2dccd83d865246053818b1616de\"",
        "id": "71135097-2849-442b-b3d8-7701539e8cf5$e90424c7-1bdb-4512-9e05-cba6b6ffbb74",
        "webDavUrl": "https://ocis.ocis-wopi.latest.owncloud.works/dav/spaces/71135097-2849-442b-b3d8-7701539e8cf5$e90424c7-1bdb-4512-9e05-cba6b6ffbb74"
      },
      "webUrl": "https://ocis.ocis-wopi.latest.owncloud.works/f/71135097-2849-442b-b3d8-7701539e8cf5$e90424c7-1bdb-4512-9e05-cba6b6ffbb74"
    },
    {
      "driveAlias": "project/test-space",
      "driveType": "project",
      "id": "71135097-2849-442b-b3d8-7701539e8cf5$13e07352-d7e5-42e1-9a4d-2d926dfb4ec7",
      "lastModifiedDateTime": "2023-11-14T12:28:40.615466025Z",
      "name": "test space",
      "owner": {
        "user": {
          "displayName": "",
          "id": "13e07352-d7e5-42e1-9a4d-2d926dfb4ec7"
        }
      },
      "quota": {
        "remaining": 999999954,
        "state": "normal",
        "total": 1000000000,
        "used": 46
      },
      "root": {
        "eTag": "\"3c9ef1515aaa323eaf9489f39da1d96c\"",
        "id": "71135097-2849-442b-b3d8-7701539e8cf5$13e07352-d7e5-42e1-9a4d-2d926dfb4ec7",
        "permissions": [
          {
            "grantedToIdentities": [
              {
                "user": {
                  "displayName": "Admin",
                  "id": "e90424c7-1bdb-4512-9e05-cba6b6ffbb74"
                }
              }
            ],
            "roles": [
              "manager"
            ]
          }
        ],
        "webDavUrl": "https://ocis.ocis-wopi.latest.owncloud.works/dav/spaces/71135097-2849-442b-b3d8-7701539e8cf5$13e07352-d7e5-42e1-9a4d-2d926dfb4ec7"
      },
      "special": [
        {
          "eTag": "\"ddb6a24fcc117154565d3c1b239eb5b1\"",
          "file": {
            "mimeType": "text/markdown"
          },
          "id": "71135097-2849-442b-b3d8-7701539e8cf5$13e07352-d7e5-42e1-9a4d-2d926dfb4ec7!74942287-e186-4c09-9a57-c01bde822867",
          "lastModifiedDateTime": "2023-11-14T12:24:30.645807334Z",
          "name": "readme.md",
          "parentReference": {
            "driveId": "71135097-2849-442b-b3d8-7701539e8cf5$13e07352-d7e5-42e1-9a4d-2d926dfb4ec7",
            "driveType": "project",
            "id": "71135097-2849-442b-b3d8-7701539e8cf5$13e07352-d7e5-42e1-9a4d-2d926dfb4ec7!d933176a-c2d4-4827-9858-bc1948c81aac"
          },
          "size": 46,
          "specialFolder": {
            "name": "readme"
          },
          "webDavUrl": "https://ocis.ocis-wopi.latest.owncloud.works/dav/spaces/71135097-2849-442b-b3d8-7701539e8cf5$13e07352-d7e5-42e1-9a4d-2d926dfb4ec7%2113e07352-d7e5-42e1-9a4d-2d926dfb4ec7/.space/readme.md"
        }
      ],
      "webUrl": "https://ocis.ocis-wopi.latest.owncloud.works/f/71135097-2849-442b-b3d8-7701539e8cf5$13e07352-d7e5-42e1-9a4d-2d926dfb4ec7"
    }
  ]
}