search

owncloud / ocis

:atom_symbol: ownCloud Infinite Scale Stack
https://doc.owncloud.com/ocis/next/
Apache License 2.0
1.36k stars 179 forks source link

[Sharing-NG] creating a drive item with random item id results in 201 response. #8724

Closed S-Panta closed 5 months ago

S-Panta commented 5 months ago

Describe the bug

Giving any random string ( other than an empty string) as a remote item ID for creating a drive item gives a 201 status code. The response will be empty though.

Steps to reproduce

  1. login to ocis as user user.
  2. go to shares and make API post request to create a drive item with some string. 
    curl -X POST 'https://host.docker.internal:9200/graph/v1beta1/drives/{share-Space-Id}/root/children'  
-d '{
"remoteItem": {
    "id":"'123"
}
}' -uadmin:admin
  3. The status code is 201.

It only checks for valid sharespace id and if remoteitem has empty string or not. What should the expected behavior and status code be?

rhafer commented 5 months ago

I think this should return a 400 (Bad Request)