Wrong principals URI causes caldav failure when using access tokens

Hi,

While trying to setup caldav access using oidc access token, I got the following error :

<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>Sabre\DAV\Exception\NotFound</s:exception>
  <s:message>File not found: oidc-user-6f712d44b31bd9c8ec824314ea951590 in 'principals'</s:message>
</d:error>

After some debugging I found that the principals parameter in EventHandler.php is set to /principals when the default in OpenIdSabreAuthBackend.php is /principals/users/. This wrong path causes the sabre backend to fail to retrieve user's principal and other resources, even when the right url is given. (See below)

Here is the generated debug log :

{"reqId":"ZA1kqvxMo4Adv13pZ18N","level":0,"time":"2022-04-29T08:37:52+00:00","remoteAddr":"xxxxxxxxxx","user":"oidc-user-6f712d44b31bd9c8ec824314ea951590","app":"webdav","method":"PROPFIND","url":"\/remote.php\/dav\/principals\/users\/oidc-user-6f712d44b31bd9c8ec824314ea951590\/","message":"Exception: HTTP\/1.1 404 File not found: oidc-user-6f712d44b31bd9c8ec824314ea951590 in 'principals': {\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\NotFound\",\"Message\":\"File not found: oidc-user-6f712d44b31bd9c8ec824314ea951590 in 'principals'\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Tree.php(78): Sabre\\\\DAV\\\\SimpleCollection->getChild()\\n#1 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Tree.php(51): Sabre\\\\DAV\\\\Tree->getNodeForPath()\\n#2 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAVACL\\\/Plugin.php(335): OCA\\\\DAV\\\\Tree->getNodeForPath()\\n#3 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAVACL\\\/Plugin.php(388): Sabre\\\\DAVACL\\\\Plugin->getPrincipalMembership()\\n#4 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAVACL\\\/Plugin.php(616): Sabre\\\\DAVACL\\\\Plugin->principalMatchesPrincipal()\\n#5 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAVACL\\\/Plugin.php(199): Sabre\\\\DAVACL\\\\Plugin->getCurrentUserPrivilegeSet()\\n#6 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/DavAclPlugin.php(51): Sabre\\\\DAVACL\\\\Plugin->checkPrivileges()\\n#7 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAVACL\\\/Plugin.php(936): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\DavAclPlugin->checkPrivileges()\\n#8 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/WildcardEmitterTrait.php(89): Sabre\\\\DAVACL\\\\Plugin->propFind()\\n#9 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(1052): Sabre\\\\DAV\\\\Server->emit()\\n#10 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(984): Sabre\\\\DAV\\\\Server->getPropertiesByNode()\\n#11 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(1662): Sabre\\\\DAV\\\\Server->getPropertiesIteratorForPath()\\n#12 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(1647): Sabre\\\\DAV\\\\Server->writeMultiStatus()\\n#13 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/CorePlugin.php(346): Sabre\\\\DAV\\\\Server->generateMultiStatus()\\n#14 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/WildcardEmitterTrait.php(89): Sabre\\\\DAV\\\\CorePlugin->httpPropFind()\\n#15 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(472): Sabre\\\\DAV\\\\Server->emit()\\n#16 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(253): Sabre\\\\DAV\\\\Server->invokeMethod()\\n#17 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Server.php(345): Sabre\\\\DAV\\\\Server->start()\\n#18 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v2\\\/remote.php(31): OCA\\\\DAV\\\\Server->exec()\\n#19 \\\/var\\\/www\\\/owncloud\\\/remote.php(165): require_once('\\\/var\\\/www\\\/ownclo...')\\n#20 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/SimpleCollection.php\",\"Line\":97}"}

Updating /principals to /principals/users/ in EventHandler.php fixes the issue and allows proper caldav access using OIDC access tokens.

owncloud / openidconnect

Wrong principals URI causes caldav failure when using access tokens #225