Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Conversation looses all moderators #3601

Closed
joendres opened this issue May 18, 2020 · 4 comments
Closed

Conversation looses all moderators #3601

joendres opened this issue May 18, 2020 · 4 comments
Labels
1. to develop bug feature: api 🛠️ OCS API for conversations, chats and participants

Comments

@joendres
Copy link

Steps to reproduce

  1. Create a conversation (Optionally enable guest access)
  2. Add another user
  3. Promote the user to moderator
  4. Both moderators leave the conversation in a short period of time (before the state ist updated)

Expected behaviour

It should not be possible for all moderators to leave the conversation

Actual behaviour

If the last moderators leaves before the menu item is disabled, the conversation has no moderator. It is not possible to delete it from the Web interface. But if guest access was enabled anyone who has the link can still use the conversation.

Server configuration detail

Operating system: Linux 4.19.89 #1 SMP Mon Dec 16 00:24:57 CET 2019 x86_64

Webserver: Apache (cgi-fcgi)

Database: mysql 10.2.29

PHP version:

7.3.14
Modules loaded: Core, date, libxml, openssl, pcre, sqlite3, zlib, bcmath, bz2, calendar, ctype, curl, dba, dom, hash, fileinfo, filter, ftp, gd, gettext, gmp, SPL, iconv, session, intl, json, mbstring, standard, mysqlnd, pcntl, mysqli, PDO, pdo_mysql, pdo_sqlite, Phar, posix, readline, Reflection, imap, SimpleXML, soap, sockets, exif, tokenizer, xml, xmlreader, xmlwriter, xsl, zip, cgi-fcgi, apcu, imagick, memcached, redis, Zend OPcache

Nextcloud version: 18.0.4 - 18.0.4.2

Updated from an older Nextcloud/ownCloud or fresh install: Updated from 17.0.? in several steps

Where did you install Nextcloud from: Hosting provider's template

Signing status

Integrity checker has been disabled. Integrity cannot be verified.

List of activated apps 
Enabled:
 - activity: 2.11.0
 - admin_audit: 1.8.0
 - bruteforcesettings: 1.6.0
 - calendar: 2.0.3
 - circles: 0.18.5
 - cloud_federation_api: 1.1.0
 - contacts: 3.3.0
 - dav: 1.14.0
 - federatedfilesharing: 1.8.0
 - files: 1.13.1
 - files_external: 1.9.0
 - files_rightclick: 0.15.2
 - files_sharing: 1.10.1
 - files_trashbin: 1.8.0
 - files_versions: 1.11.0
 - groupfolders: 6.0.6
 - issuetemplate: 0.6.0
 - logreader: 2.3.0
 - lookup_server_connector: 1.6.0
 - nextcloud_announcements: 1.7.0
 - notifications: 2.6.0
 - oauth2: 1.6.0
 - occweb: 0.0.7
 - password_policy: 1.8.0
 - polls: 1.4.3
 - privacy: 1.2.0
 - provisioning_api: 1.8.0
 - serverinfo: 1.8.0
 - settings: 1.0.0
 - spreed: 8.0.9
 - tasks: 0.13.1
 - text: 2.0.0
 - theming: 1.9.0
 - twofactor_backupcodes: 1.7.0
 - twofactor_totp: 4.1.3
 - updatenotification: 1.8.0
 - viewer: 1.2.0
 - workflowengine: 2.0.0
Disabled:
 - accessibility
 - comments
 - encryption
 - federation
 - files_pdfviewer
 - files_videoplayer
 - firstrunwizard
 - photos
 - recommendations
 - sharebymail
 - support
 - survey_client
 - systemtags
 - user_ldap
Configuration (config/config.php) 
{
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "cloud.johannes-endres.de"
    ],
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "dbtype": "mysql",
    "version": "18.0.4.2",
    "integrity.check.disabled": true,
    "default_language": "de",
    "default_locale": "de",
    "trashbin_retention_obligation": "auto, 30",
    "version_retention_obligation": "auto, 30",
    "memcache.local": "\\OC\\Memcache\\APCu",
    "overwrite.cli.url": "https:\/\/cloud.johannes-endres.de",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbport": "",
    "dbtableprefix": "nc_6068_",
    "mysql.utf8mb4": true,
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "installed": true,
    "maintenance": false,
    "theme": "",
    "loglevel": 2,
    "mail_smtpmode": "smtp",
    "mail_smtpauth": 1,
    "mail_sendmailmode": "smtp",
    "app_install_overwrite": [
        "occweb"
    ],
    "updater.release.channel": "stable"
}

Are you using external storage, if yes which one: no

Are you using encryption:

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: any, verified with Firefox, Chrome, Edge and Android

Operating system: any, verified with Windows and Android

Logs

Web server error log
Nextcloud log
Browser log
@nickvergessen
Copy link
Member

If the last moderators leaves before the menu item is disabled, the conversation has no moderator.

This is checked on an API level. You might run into concurrency of course if both first pass the check for the number of moderators and then the remove-from-self happens. But other than that it should not be possible.

But if guest access was enabled anyone who has the link can still use the conversation.

Just for the record: as soon as there is no person in the call at some point, the next cron job will delete the conversation

@joendres
Copy link
Author

If the last moderators leaves before the menu item is disabled, the conversation has no moderator.

This is checked on an API level. You might run into concurrency of course if both first pass the check for the number of moderators and then the remove-from-self happens. But other than that it should not be possible.

OK, sorry for my wrong interpretation of the condition. Still the concurrency really happens. I ran into a unmoderated conversation in real life.

What's worse: The conversatin does not appear in the Web interface. I guess that's because no user (with an account) is in it. So nobody notices that it's still around.

But if guest access was enabled anyone who has the link can still use the conversation.

Just for the record: as soon as there is no person in the call at some point, the next cron job will delete the conversation

That's what I thought happende to the initial conversation. But what is the condition for "no person in the call"?

When I reproduced the problem, after the two moderators left, I closed the guest's browser (edge) and called /cron.php (I use webcron) on in a different browser (firefox). That was 5 hours ago and I can still open the conversation by the guest link.

@nickvergessen nickvergessen added 1. to develop feature: api 🛠️ OCS API for conversations, chats and participants and removed 0. Needs triage labels May 26, 2020
@nickvergessen
Copy link
Member

I think I managed to reproduce the issue last week, but I forgot to write it.
Will have to check again, but yeah it should just not be possible.

@nickvergessen
Copy link
Member

Doesn't work anymore on master/stable19 so closing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1. to develop bug feature: api 🛠️ OCS API for conversations, chats and participants
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nickvergessen @joendres