-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sending MKCOL requests to another or non-existing user's webDav endpoints as normal user should return 404 #40519
Comments
See https:/owncloud/core/blob/master/tests/acceptance/features/apiAuthWebDav/webDavMCKOLAuthOC10Issue40485.feature for the scenarios that demonstrate the current behavior. See PR #40495 which adjusted the test scenarios. And previous issue #40485 |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 10 days if no further activity occurs. Thank you for your contributions. |
Still relevant. I added the "bug" labrl so that the bot will not touch this. |
Steps to reproduce
Steps to reproduce the behavior:
As user
admin
sendMKCOL
request to another user's endpointcurl -vk -X MKCOL -u admin:admin http://localhost/core/remote.php/dav/files/anu/Test | xmllint --format -
As user
admin
sendMKCOL
request to non-existing user's endpointcurl -vk -X MKCOL -u admin:admin http://localhost/core/remote.php/dav/files/nonexistent/Test | xmllint --format -
Expected behavior
the status code should be
404
. Visit this lInk owncloud/ocis#3872 (comment) for more infoActual behavior
403
for existing user409
non-existent user`curl -vk -X MKCOL -u admin:admin http://localhost/core/remote.php/dav/files/anu/Test | xmllint --format -`
The response should be the same for both cases - if the user exists, and if the user does not exist. A mix of 403 and 409 are returned. The suggestion is that 404 should be returned in all cases, which is what ocis is implementing.
The text was updated successfully, but these errors were encountered: