[OCM][Test Suite] Specification problems in EFSS

[MahdiBaghbani]

Possible mismatch of the POST request payload to the /shares endpoint.

Based on OCM API versions:

• v1.0.0
• v1.1.0
• v1.2.0

The POST payload should contain a field called sender except in v1.0.0, which is optional.
No sharedBy is in the specification in any version. Please let me know if I'm wrong.

I believe this is a remnant of OCS that has somehow been mixed into the OCM implementation and has remained there until now.

Testing the federated sharing capabilities using OcmStub results in reading the create share POST payload from different EFSS:

oCIS version 5.0.6: <----- Correct

{
  "shareWith": "[email protected]",
  "name": "test.txt",
  "description": "",
  "providerId": "4ca7de7a-aa11-4a9f-b989-7aed7dd5eacc",
  "owner": "4c510ada-c86b-4815-8820-42cdf82c3d51@https://ocis1.docker",
  "sender": "4c510ada-c86b-4815-8820-42cdf82c3d51@https://ocis1.docker",
  "ownerDisplayName": "",
  "senderDisplayName": "Albert Einstein",
  "shareType": "user",
  "expiration": 0,
  "resourceType": "file",
  "protocol": {
    "name": "multi",
    "options": {},
    "webapp": {
      "uriTemplate": "https://cernbox.cern.ch/external/sciencemesh/HfZIMARshRioPmZoqFTnyBwnINPRrodL{relative-path-to-shared-resource}",
      "viewMode": ""
    },
    "webdav": {
      "sharedSecret": "HfZIMARshRioPmZoqFTnyBwnINPRrodL",
      "permissions": [
        "read"
      ],
      "url": "https://ocis1.docker/dav/ocm/HfZIMARshRioPmZoqFTnyBwnINPRrodL"
    }
  }
}

ownCloud version 10.15.0: <----- Correct

{
  "shareWith": "[email protected]",
  "name": "oc1-to-os1-share.txt",
  "providerId": "1",
  "owner": "marie@https://owncloud1.docker",
  "ownerDisplayName": "marie",
  "sender": "marie@https://owncloud1.docker",
  "senderDisplayName": "marie",
  "shareType": "user",
  "resourceType": "file",
  "protocol": {
    "name": "webdav",
    "options": {
      "sharedSecret": "RGZFbsErZRbafkE"
    }
  }
}

Nextcloud version 30.0.3: <----- Wrong

{
  "shareWith": "michiel@https://ocmstub1.docker",
  "shareType": "user",
  "name": "nc1-to-os1-share.txt",
  "resourceType": "file",
  "description": "",
  "providerId": 1,
  "owner": "[email protected]",
  "ownerDisplayName": "einstein",
  "sharedBy": "[email protected]",
  "sharedByDisplayName": "einstein",
  "protocol": {
    "name": "webdav",
    "options": {
      "sharedSecret": "64KMr6WCYhL7l6i",
      "permissions": "{http://open-cloud-mesh.org/ns}share-permissions"
    }
  }
}

Nextcloud version 29.0.10: <----- Wrong
NOTICE: The trailing / is removed from owner and sharedBy since this version

{
  "shareWith": "michiel@https://ocmstub1.docker",
  "shareType": "user",
  "name": "nc1-to-os1-share.txt",
  "resourceType": "file",
  "description": "",
  "providerId": 1,
  "owner": "[email protected]",
  "ownerDisplayName": "einstein",
  "sharedBy": "[email protected]",
  "sharedByDisplayName": "einstein",
  "protocol": {
    "name": "webdav",
    "options": {
      "sharedSecret": "4f3ktauYazZiiG0",
      "permissions": "{http://open-cloud-mesh.org/ns}share-permissions"
    }
  }
}

Nextcloud version 28.0.12: <----- Wrong

{
  "shareWith": "michiel@https://ocmstub1.docker",
  "shareType": "user",
  "name": "nc1-to-os1-share.txt",
  "resourceType": "file",
  "description": "",
  "providerId": 1,
  "owner": "einstein@https://nextcloud1.docker/",
  "ownerDisplayName": "einstein",
  "sharedBy": "einstein@https://nextcloud1.docker/",
  "sharedByDisplayName": "einstein",
  "protocol": {
    "name": "webdav",
    "options": {
      "sharedSecret": "mDBezkxQt9bqiMq",
      "permissions": "{http://open-cloud-mesh.org/ns}share-permissions"
    }
  }
}

Nextcloud version 27.1.11: <----- Wrong

{
  "shareWith": "michiel@https://ocmstub1.docker",
  "shareType": "user",
  "name": "nc1-to-os1-share.txt",
  "resourceType": "file",
  "description": "",
  "providerId": 1,
  "owner": "einstein@https://nextcloud1.docker/",
  "ownerDisplayName": "einstein",
  "sharedBy": "einstein@https://nextcloud1.docker/",
  "sharedByDisplayName": "einstein",
  "protocol": {
    "name": "webdav",
    "options": {
      "sharedSecret": "n4MyZW4DPKVk4xo",
      "permissions": "{http://open-cloud-mesh.org/ns}share-permissions"
    }
  }
}

I've noticed (testing with OcmStub and Aver) that Nextcloud doesn't receive share data correctly if the share is sent via the fully compliant program, for example, consider this scenario:

1. Michiel owns the file IETF Draft.md on pondersource.org
2. Michiel shares it with Mahdi on the same domain.
3. Mahdi shares the file with Giuseppe on cern.ch
4. Giuseppe sees Michiel as the sender instead of Mahdi <------ Problem

The root cause of the problem is the way nextcloud parses share requests:

This is from Nextcloud version 27.1.11 Share payload object

So, if a fully compliant program sends a POST request with sender and senderDisplayName, Nextcloud would simply fall back to using the owner as the sender

There is a PR for fixing this:
nextcloud/server#47199

Anyway, it wasn't complying with v1.0.0 either, so it's not about the new changes in v1.1.0 of the API.

[michielbdejong]

It looks like OCM v1.0 specified sender and not sharedBy already. Maybe we can send Nextcloud a PR to add sender.

[MahdiBaghbani]

Maybe we can send Nextcloud a PR to add sender.

Micke has already done that in nextcloud/server#47199