Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get the parent directory before creating a file from a template #26396

Merged
merged 2 commits into from
Apr 1, 2021
Merged

Get the parent directory before creating a file from a template #26396

merged 2 commits into from
Apr 1, 2021

Conversation

juliusknorr
Copy link
Member

@juliusknorr juliusknorr commented Mar 31, 2021
edited
Loading

Permissions when creating a new file or folder are always issued on the current node so when using the relative path directly on the user directory creating a new file will fail in scenarios where there is a read only mount on the user root.

Fixes nextcloud/android#8010
Fixes #25787

@juliusknorr juliusknorr mentioned this pull request Mar 31, 2021
Closed
@juliusknorr juliusknorr added 3. to review Waiting for reviews bug labels Mar 31, 2021
@juliusknorr juliusknorr mentioned this pull request Mar 31, 2021
Closed
@szaimen
Copy link
Contributor

szaimen commented Mar 31, 2021
edited
Loading

@juliushaertl Thanks for taking this over!
I've applied the patch and it actually seems to fix both issues 🚀!
Thank your very much! :)

What I still can reproduce though is the following issue:

Click to expand
It happens when I try to create a new website (and folder) with the same configuration (root folder read only and mounted subfolder which is writeable) with the pico_cms app. 
{
  "reqId": "ry1VnjQz6UVJFROuAiRq",
  "level": 2,
  "time": "2021-03-31T19:11:07+02:00",
  "remoteAddr": "192.168.178.155",
  "user": "admin",
  "app": "cms_pico",
  "method": "POST",
  "url": "/apps/cms_pico/personal/websites",
  "message": {
    "Exception": "OCP\\Files\\NotPermittedException",
    "Message": "No create permission for folder",
    "Code": 0,
    "Trace": [
      {
        "file": "/var/www/nextcloud/apps/cms_pico/lib/Files/StorageFolder.php",
        "line": 144,
        "function": "newFolder",
        "class": "OC\\Files\\Node\\Folder",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/cms_pico/lib/Service/TemplatesService.php",
        "line": 262,
        "function": "newFolder",
        "class": "OCA\\CMSPico\\Files\\StorageFolder",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/cms_pico/lib/Service/WebsitesService.php",
        "line": 146,
        "function": "installTemplate",
        "class": "OCA\\CMSPico\\Service\\TemplatesService",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/cms_pico/lib/Controller/WebsitesController.php",
        "line": 118,
        "function": "createWebsite",
        "class": "OCA\\CMSPico\\Service\\WebsitesService",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 218,
        "function": "createPersonalWebsite",
        "class": "OCA\\CMSPico\\Controller\\WebsitesController",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 127,
        "function": "executeController",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/App.php",
        "line": 157,
        "function": "dispatch",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Route/Router.php",
        "line": 302,
        "function": "main",
        "class": "OC\\AppFramework\\App",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/lib/base.php",
        "line": 993,
        "function": "match",
        "class": "OC\\Route\\Router",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/index.php",
        "line": 37,
        "function": "handleRequest",
        "class": "OC",
        "type": "::"
      }
    ],
    "File": "/var/www/nextcloud/lib/private/Files/Node/Folder.php",
    "Line": 173,
    "CustomMessage": "--"
  },
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.105 Safari/537.36",
  "version": "21.0.0.18",
  "id": "6064ad32c8fd9"
}

But I am not sure if this is an issue of the Pico CMS app or server related?

rullzer
rullzer approved these changes Apr 1, 2021
View reviewed changes
Copy link
Member

@rullzer rullzer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.
But needs CI and psalm love

@juliusknorr
Copy link
Member Author

What I still can reproduce though is the following issue:
But I am not sure if this is an issue of the Pico CMS app or server related?

Seems to be a similar case where the pico_cms app would need a related fix to get the node of the parent directory first before creating the file, so I'd suggest to open an issue in the apps repo.

@juliusknorr
Copy link
Member Author

Checks are happy except for acceptance-app-files-sharing which fails on master as well.

@szaimen
Copy link
Contributor

szaimen commented Apr 1, 2021

Seems to be a similar case where the pico_cms app would need a related fix to get the node of the parent directory first before creating the file, so I'd suggest to open an issue in the apps repo.

I'll do, thanks for the advice! :)

@szaimen szaimen mentioned this pull request Apr 1, 2021
Closed
@rullzer rullzer merged commit 507facd into master Apr 1, 2021
@rullzer rullzer deleted the bugfix/noid/ro-root-template branch April 1, 2021 13:11
@rullzer
Copy link
Member

rullzer commented Apr 1, 2021

@juliushaertl backports?

@rullzer
Copy link
Member

rullzer commented Apr 1, 2021

/backport to stable21

@backportbot-nextcloud backportbot-nextcloud bot mentioned this pull request Apr 1, 2021
Merged
@PhrozenByte
Copy link
Contributor

What I still can reproduce though is the following issue:
But I am not sure if this is an issue of the Pico CMS app or server related?

Seems to be a similar case where the pico_cms app would need a related fix to get the node of the parent directory first before creating the file, so I'd suggest to open an issue in the apps repo.

Thanks. Sure, adding such a check is no big deal 👍

However, I was thinking... What's the reason for Nextcloud to check the base path's permission instead of the parent folder's @juliushaertl? The only reason for this I could think of is, that newFile() was never supposed to accept relative $paths, but just a $fileName; if this is true, it should be enforced. However, Folder::newFile() explicitly states that it accepts a "relative path". This is true for most of the file operations API btw, I never was sure whether the methods accept just file names or relative paths. So, either the implantation is wrong, or a check is missing and the docs are misleading. Either way, it should be fixed.

PhrozenByte added a commit to nextcloud/cms_pico that referenced this pull request Apr 1, 2021
@PhrozenByte
Refactor StorageFolder::newFile() and newFolder()
4516628 
Nextcloud's file operations API apparently is unable to proberly deal with relative paths (even though the docs tell us otherwise). It (a) performs file permission checks on the base directory rather than the respective parent directory (:confused:), and (b) blocks relative paths like '..' (likely as a security measure - by using the most unsophisticated approach :unamused:). Also see nextcloud/server#26396. We better do this on our own...

Fixes #141

Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
@PhrozenByte PhrozenByte mentioned this pull request Apr 1, 2021
Merged
@PhrozenByte
Copy link
Contributor

@juliushaertl What do you think about this?

@juliusknorr
Copy link
Member Author

However, I was thinking... What's the reason for Nextcloud to check the base path's permission instead of the parent folder's @juliushaertl? The only reason for this I could think of is, that newFile() was never supposed to accept relative $paths, but just a $fileName; if this is true, it should be enforced.

@rullzer @icewind1991 I'd say that is a valid point, was there any plan on if the nodes api should support relative paths or if the parameters should only be interpreted as a single level file/folder name?

Due to

server/lib/public/Files/Folder.php

Line 103 in 8a92229

* @param string $path relative path of the new folder
I'd say it would indeed make most sense to properly check if full path exists and has the proper create permissions.

@joshtrichards joshtrichards mentioned this pull request Jul 18, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rullzer rullzer rullzer approved these changes

@skjnldsv skjnldsv skjnldsv approved these changes

@szaimen szaimen Awaiting requested review from szaimen

@ChristophWurst ChristophWurst Awaiting requested review from ChristophWurst

Assignees
No one assigned
Labels
3. to review Waiting for reviews bug
Projects
None yet
Milestone
No milestone
5 participants
@juliusknorr @szaimen @rullzer @PhrozenByte @skjnldsv