search

pCloud / pcloud-sdk-java

The official pCloud Java SDK repository
https://pcloud.github.io/pcloud-sdk-java/
Apache License 2.0
39 stars 14 forks source link

apiClient.creatfolder(folderID,foldername) only works for root folder #29

Closed ferenc-hechler closed 2 years ago

ferenc-hechler commented 2 years ago

I want to create a folder "/thisis" and then a subfolder "/thisis/atest" The following sequence of commands works:

RemoteFolder remFolderTHISIS = apiClient.createFolder("/thisis").execute();
RemoteFolder remFolderTHISIS_ATEST = apiClient.createFolder("/thisis/atest").execute();

According to the createfolder API documentation using only "path" is discouraged and "folderid" + "name" should be used instead. So, I tried it the following way (after deleting the folders created in the previous test):

RemoteFolder remFolderTHISIS = apiClient.createFolder(RemoteFolder.ROOT_FOLDER_ID, "thisis").execute();
long folderID = remFolderTHISIS.folderId();
RemoteFolder remFolderTHISIS_ATEST = apiClient.createFolder(folderID, "atest").execute();

The first createfolder in the root folder is successful. The folder "/thisis" is created. But the second createFolder fails with the exception "com.pcloud.sdk.ApiError: 2003 - Access denied. You do not have permissions to perform this operation."

I also tried another version providing the RemoteFolder instead of the folderid:

RemoteFolder remFolderTHISIS = apiClient.createFolder(RemoteFolder.ROOT_FOLDER_ID, "thisis").execute();
RemoteFolder remFolderTHISIS_ATEST = apiClient.createFolder(remFolderTHISIS, "atest").execute();

With the same result. The first line succeeds, the second causes an "2003 - Access denied" error.

But it can not be a permission issue, because creating the same folder using the full path API is successful. So, immeadiately after the error I did the following:

RemoteFolder remFolderTHISIS_ATEST = apiClient.createFolder("/thisis/atest").execute();

And the folder is successfully created.

looks like the creatfolder(folderid, name) is somehow broken. (works only for root) Just a suggestion: Can it be a long / int problem. My folderid is 2239770228, which is slightly over 2^31-1 (2.147.483.647) and casted to an int it is -2055197068

ferenc-hechler commented 2 years ago

Just tried it with an older folder which has id 1912674055 and the same error occurrs. So it has nothing to do with an int overflow.

ferenc-hechler commented 2 years ago

Just had the same issue with createFile(folderid, filename, ...) it returned "2003 - Access Denied" for folderids different from root. Using createFile(path, filename, ...) works.

georgi-neykov-hub commented 2 years ago

@ferenc-hechler let me find a way to reproduce the issue. Are you encountering the issues with an US-based account?

georgi-neykov-hub commented 2 years ago

Just tried it with an older folder which has id 1912674055 and the same error occurrs. So it has nothing to do with an int overflow.

It can, actually. It would be more about converting signed integer (long, int) to unsigned integers as they would be treated by the API and the parsing and conversion to chars when read from and written to json.

ferenc-hechler commented 2 years ago

@ferenc-hechler let me find a way to reproduce the issue. Are you encountering the issues with an US-based account?

My account is in EU.

ferenc-hechler commented 2 years ago

My account is pcloud-dev@fh.anderemails.de. It is a free Account in EU. How can I help you to reproduce?

georgi-neykov-hub commented 2 years ago

@ferenc-hechler I think I've found the issue. The folder id is passed as a form-request parameter to the HTTP call to the API so it is converted to a String. I want to fiddle a bit more with large numbers and review other places with potential problems. The problematic folder with id 2239770228 is in the free account you've mentioned above? Can you make an "Invite to folder" for the same folder with write permissions the account folderids@qa.mobileinno.com from my.pcloud.com? (I want to be able to make calls against the same folder without making you expose access tokens).

ferenc-hechler commented 2 years ago

I gave acces to "/testfolder" to you. I also tested it locally with the following code:

RemoteFolder remFolderFOLDER1 = apiClient.createFolder("/testfolder/folder1").execute();
long folder1ID = remFolderFOLDER1.folderId();
System.out.println("folder1-ID: "+folder1ID);
RemoteFolder remFolderFOLDER1a = apiClient.createFolder("/testfolder/folder1/folder1a").execute();
RemoteFolder remFolderFOLDER1b = apiClient.createFolder(folder1ID, "folder1b").execute();

folder1a is created successfully. folder1-ID is 2243075331

createFolder(2243075331L, "folder1b") throw the following execption

com.pcloud.sdk.ApiError: 2003 - Access denied. You do not have permissions to perform this operation.
    at com.pcloud.sdk.internal.RealApiClient.getAsApiResponse(RealApiClient.java:1137)
    at com.pcloud.sdk.internal.RealApiClient.lambda$createFolder$15(RealApiClient.java:835)
    at com.pcloud.sdk.internal.OkHttpCall.adapt(OkHttpCall.java:101)
    at com.pcloud.sdk.internal.OkHttpCall.execute(OkHttpCall.java:43)
    at de.hechler.pgpencrypter.pcloud.PCloudUploaderTest.testRecursiveCreateFolder(PCloudUploaderTest.java:39)
georgi-neykov-hub commented 2 years ago

@ferenc-hechler can you make another "Invite to folder" to folderids_eu@qa.mobileinno.com, the last account was on the US data center and the folder/files had altered ids. I've just tested the same operations with a different EU-based account and folders are being created. I've already done a similar test and there no issues:

    @Test
    public void testCreateFolderWithSubfolder() throws IOException, ApiError {
        RemoteFolder parentFolder = apiClient.createFolder(0L,"parent").execute();
        long parentFolderId = parentFolder.folderId();
        RemoteFolder childFolder1 = apiClient.createFolder(parentFolderId, "childFolder1").execute();
        RemoteFolder childFolder2 = apiClient.createFolder(parentFolderId, "childFolder2").execute();

        assertTrue(entryExistsInRoot(parentFolder));
        assertTrue(entryExistsInFolder(childFolder1, parentFolderId));
        assertTrue(entryExistsInFolder(childFolder2, parentFolderId));
    }

screenshot

ferenc-hechler commented 2 years ago

invitation is out.

ferenc-hechler commented 2 years ago

mmmhh, I have a bad feeling... Could it be, that my credentials are read-only and the Access-Denied is correct, but I can get write access using the path instead of the id?

ferenc-hechler commented 2 years ago

confirmed! my credentials were created read-only. I created a new app with write access, now the createfolder with folderid works.

Which means, that there is a security-breach which allows uploading files and creating directories using the path syntax.

ferenc-hechler commented 2 years ago

I used maven. Here the dependencies from the POM:

<!-- https://mvnrepository.com/artifact/com.pcloud.sdk/java-core -->
<dependency>
    <groupId>com.pcloud.sdk</groupId>
    <artifactId>java-core</artifactId>
    <version>1.6.0</version>
</dependency>
<dependency>
    <groupId>com.squareup.okio</groupId>
    <artifactId>okio</artifactId>
    <version>2.8.0</version>
</dependency>
ferenc-hechler commented 2 years ago

The method is available also in version java-core-1.5.0: grafik

georgi-neykov-hub commented 2 years ago

@ferenc-hechler can you share a valid email?

ferenc-hechler commented 2 years ago

you can contact me via ferenc.hechler@gmail.com

georgi-neykov-hub commented 2 years ago

The issue was due to an API bug which has been recently resolved and the observed behavior via the Java SDK client should be fixed as well.