API uses wrong path to store notes
matthias-g opened this issue · 11 comments
Using the Android apps https://github.com/aykit/MyOwnNotes or https://github.com/stefan-niedermann/nextcloud-notes the synchronization of notes puts the notes not into a user specific folder like data/username/Notes but directly in data/Notes, which means all users share the same notes. It seems that the server side doesn't respect the username for the creation of the path.
The web app uses the correct path data/username/Notes.
Unfortunately I have to confirm this issue.
Obviously it was introduced with oc10. I did an update from the latest v9 to the current v10. Since then, the notes API no longer works, or it "works" as described by @matthias-g.
the issue is that the user id is passed into the controller in the ctor -
notes/controller/notesapicontroller.php
Line 42 in d67faac
At this point - under some circumstances - the user is not yet known ....
Let me fix that ....
please test the open PR @alfredbuehler @matthias-g THX
Doesn't work. Trying to fetch all notes via API. From the owncloud.log:
Could not resolve userSession! Class userSession does not exist or error resolving constructor arguments: Could not resolve NotesApiController! Class NotesApiController does not exist\
ownCloud 10.0.8 (stable)
mind pulling again? THX
You're welcome!
At the first glance it works now. Using the API with curl --netrc everything works as expected.
However, something is still wrong, Using my own app, which uses Authorization: 'Basic '
always fails. The app uses the same credentials as curl --netrc. With oc9x it worked like a charm.
@alfredbuehler I use curl with basic auth and can use the api
deepdiver@deepdiver:~$ curl http://localhost:8080/index.php/apps/notes/api/v0.2/notes -uadmin -v
Enter host password for user 'admin':
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
* Server auth using Basic with user 'admin'
> GET /index.php/apps/notes/api/v0.2/notes HTTP/1.1
> Host: localhost:8080
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.60.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Host: localhost:8080
< Date: Mon, 09 Jul 2018 07:07:40 +0000
< Connection: close
< X-Powered-By: PHP/7.1.18-1+ubuntu18.04.1+deb.sury.org+1
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Pragma: no-cache
< Set-Cookie: oc_sessionPassphrase=XOEtEOyD%2Fd6AWSdPeUYaMIG1NVsz3v4aaHh7hjQdEBaYTBoan3GJSeSBE6BejgAOZOatER5fAuss9XzVmTn5B8R7Ibcgi60sgmz%2FgyDon4F1UDXBU4mjpDMptdMc3HQr; path=/; HttpOnly
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Robots-Tag: none
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Set-Cookie: oczbzx0lk588=gqsg6mngu8qsk566k8edaaleis; path=/; HttpOnly
< Set-Cookie: cookie_test=test; expires=Mon, 09-Jul-2018 08:07:40 GMT; Max-Age=3600
< Cache-Control: no-cache, must-revalidate
< Content-Security-Policy: default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'
< Content-Type: application/json; charset=utf-8
< Content-Length: 286
<
* Closing connection 0
[{"modified":1531120050,"title":"sdsdsd (2)","content":"sdsdsd\n","favorite":false,"id":16},{"modified":1531120044,"title":"sdsdsd","content":"sdsdsd\n","favorite":false,"id":17},{"modified":1531120054,"title":"wyextzhunjmiko,l","content":"wyextzhunjmiko,l\n","favorite":false,"id":18}]deepdiver@deepdiver:~$
I gave it a quick try and debugged your firefox extension - when ever fetching the notes from the server there seems to be no data arriving at the extension. But the server is sending it .... strange ...
Thanks for your help. I could get around the problem with a minor code change. Problem solved.
BTW, all my apps in use are working as expected again. IMHO you can merge your changes to the Notes-API.
I agree. For me the PR works as well 👍
Notes 2.0.4 just got released which fixes this for everyone out there: https://marketplace.owncloud.com/apps/notes