[4.4.0.58] CardDav sync with nextcloud fails

REPRODUCIBILITY (% or how often): All the time
BUILD ID = OS VERSION (Settings > About product): 4.4.0.58, probably much older
HARDWARE (XA2, X10, X10 II, …): X
UI LANGUAGE: German
REGRESSION: (compared to previous public release: Yes, No, ?):

DESCRIPTION:

For some time now the contacts sync with my nextcloud over carddav fails. It initially worked, but failed sometime ago. I only recently found the time to look further into it.

I followed the guide here to get more details about what is happening: CalDAV and CardDAV Community Contributions | Sailfish OS Documentation

It mostly comes down to this:
[D] unknown:0 - void CardDav::userInformationResponse() server requested redirect from: “https://user:pw@xxxxx.com/.well-known/carddav” to: “/remote.php/dav”
[W] unknown:0 - void CardDav::userInformationResponse() unexpected redirect from: “https://user:pw@xxxxx.com/.well-known/carddav” to: “/remote.php/dav”
[W] unknown:0 - CardDAV sync for account: 33 finished with error: 301
[W] unknown:0 - QMetaObject::invokeMethod: No such method Syncer::syncFinishedWithError()
[D] unknown:0 - “void Request::requestFinished()” :Entry
[D] unknown:0 - “PROPFIND” request finished: QNetworkReply::NetworkError(ContentOperationNotPermittedError)
[D] unknown:0 - “virtual void PropFind::handleReply(QNetworkReply*)” :Entry
[D] unknown:0 - The “PROPFIND” operation requested on the remote content is not permitted

Full log is here:
http://paste.debian.net/hidden/3db594e4/

2 Likes

From the reported error, it seems that the redirection is not properly handled by the code. The code is aborting sync when the redirection is changing host. From the log, we have old https://user:pw@xxxxx.com/.well-known/carddav redirected to /remote.php/dav. The code is written like that in src/carddav.cpp :

 } else if (hostChanged || !validPathRedirect) {
            // possibly unsafe redirect.  for security, assume it's malicious and abort sync.
            qCWarning(lcCardDav) << Q_FUNC_INFO << "unexpected redirect from:" << orig.toString() << "to:" << redir.toString();
            errorOccurred(301);

with `hostChanged being :

const bool hostChanged = orig.host() != redir.host();

So in this case hostChange will be true, because the redirection URL has no host defined.

I mean, it’s valid to redirect to /remote... but the code as it is written will lead to the change host route. Which is faulty and needs to be patched.

3 Likes

I’m wondering here if the code for calDav sync is different. Because it’s the same cloud software, so it should be the same redirect.

But I have no idea where to look…