Users can access each-others data using the new webdav API #1347
Comments
|
This is (partly) by design. OCIS uses a global namespace. Access is granted using ACLs. Related issue about the namespace is https://github.com/owncloud/ocis/issues/44. In this case we need to double check the ACLs. |
|
recheck as it might be fixed already |
|
for the current impl, it must be forbidden |
|
it seems this is not implemented correctly with OCFS, see https://github.com/owncloud/ocis-reva/issues/197 |
refs
changed the title
|
this needs to be updated to reflect the new default ocis storage:
Also, it does not happen anymore with the current master: ❯ curl -k -X PROPFIND https://localhost:9200/remote.php/dav/files/einstein -u richard:superfluidity -v
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: O=Acme Corp; CN=OCIS
* start date: Sep 18 13:42:46 2020 GMT
* expire date: Sep 18 13:42:46 2021 GMT
* issuer: O=Acme Corp; CN=OCIS
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Server auth using Basic with user 'richard'
> PROPFIND /remote.php/dav/files/einstein HTTP/1.1
> Host: localhost:9200
> Authorization: Basic cmljaGFyZDpzdXBlcmZsdWlkaXR5
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Access-Control-Allow-Origin: *
< Content-Length: 0
< Content-Security-Policy: default-src 'none';
< Date: Tue, 19 Jan 2021 10:59:52 GMT
< Vary: Origin
< X-Access-Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJyZXZhIiwiZXhwIjoxNjExMTQwMzkyLCJpYXQiOjE2MTEwNTM5OTIsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0OjkyMDAiLCJ1c2VyIjp7ImlkIjp7ImlkcCI6Imh0dHBzOi8vbG9jYWxob3N0OjkyMDAiLCJvcGFxdWVfaWQiOiI5MzJiNDU0MC04ZDE2LTQ4MWUtOGVmNC01ODhlNGI2YjE1MWMifSwidXNlcm5hbWUiOiJyaWNoYXJkIiwibWFpbCI6InJpY2hhcmRAZXhhbXBsZS5vcmciLCJkaXNwbGF5X25hbWUiOiJSaWNoYXJkIEZleW5tYW4iLCJvcGFxdWUiOnsibWFwIjp7ImdpZCI6eyJkZWNvZGVyIjoicGxhaW4iLCJ2YWx1ZSI6Ik16QXdNREE9In0sInVpZCI6eyJkZWNvZGVyIjoicGxhaW4iLCJ2YWx1ZSI6Ik1qQXdNREk9In19fX19.5ilxIcacBziSZt109cTEjr5PBrTAGH3_XFHF4qYr_Nw
< X-Content-Type-Options: nosniff
< X-Download-Options: noopen
< X-Frame-Options: SAMEORIGIN
< X-Permitted-Cross-Domain-Policies: none
< X-Robots-Tag: none
< X-Xss-Protection: 1; mode=block
<
* Connection #0 to host localhost left intact
* Closing connection 0I will close it as the owncloud storage is no longer "recommended". |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
curl -X MKCOL http://localhost:9140/remote.php/dav/files/oc/einstein/special-relativity -u einstein:relativitycurl -X PROPFIND http://localhost:9140/remote.php/dav/files/oc/einstein -u richard:superfluidity | xmllint --format -curl -X PUT http://localhost:9140/remote.php/dav/files/oc/einstein/special-relativity/first-try.md -d"lets talk about space and time" -u einstein:relativitycurl http://localhost:9140/remote.php/dav/files/oc/einstein/special-relativity/first-try.md -u richard:superfluidityThe text was updated successfully, but these errors were encountered: