Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Using UUIDs for usernames breaks xml-api, if UUID starts with a digit. #50020

Open
6 of 8 tasks
someone-somenet-org opened this issue Jan 2, 2025 · 1 comment
Open
6 of 8 tasks
Labels

Comments

@someone-somenet-org
Copy link

⚠️ This issue respects the following points: ⚠️

Bug description

Using UUIDs for usernames breaks xml-api, if UUID starts with a digit (maybe every username that starts with a digit is broken?)

It does not seem to be broken, when using format=json (which doesnt help much, since the administrative account page uses the xml call)

I have been tinkering for many, many hours and finally came to this exception:

ValueError: XMLWriter::startElement(): Argument #2 must be a valid element name, "1CA11E1C-FAA5-4187-B46F-E06370ABF51F" given at /opt/nextcloud/lib/private/AppFramework/OCS/BaseResponse.php#139

Steps to reproduce

  1. curl -u "admin:pw" -X GET 'https://.../ocs/v2.php/cloud/users/details?offset=0&limit=25&search=' -H "OCS-APIRequest: true" -v | less
  2. Works
  3. Create account 1CA11E1C-FAA5-4187-B46F-E06370ABF51F via admin account page.
  4. curl -u "admin:pw" -X GET 'https://.../ocs/v2.php/cloud/users/details?offset=0&limit=25&search=' -H "OCS-APIRequest: true" -v | less
  5. Document is empty now.

Expected behavior

That creating UUID or maybe in general account names that start with digits do not break the XML-API.

Nextcloud Server version

30

Operating system

RHEL/CentOS

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database engine version

MySQL

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

List of activated Apps

Nextcloud Signing status

Nextcloud Logs

Additional info

No response

@someone-somenet-org someone-somenet-org added 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug labels Jan 2, 2025
@joshtrichards joshtrichards added feature: users and groups 1. to develop Accepted and waiting to be taken care of and removed 0. Needs triage Pending check for reproducibility or if it fits our roadmap labels Jan 5, 2025
@joshtrichards
Copy link
Member

joshtrichards commented Jan 5, 2025

That creating UUID or maybe in general account names that start with digits do not break the XML-API.

Confirmed. Any account name starting with a digit is impacted. And both v1 and v2 APIs impacted.

The error occurs because XML elements can't start with numbers.

It does not seem to be broken, when using format=json (which doesnt help much, since the administrative account page uses the xml call)

The admin Accounts page actually doesn't use xml. I expected this to immediately trigger problems in the Accounts UI too, but it doesn't. It is because it uses the json response as well. Instead of passing format=json it relies on passing the Accept: application/json header in the request to achieve the same thing. That may explain why this hasn't been more widely reported.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants