Announcement

Collapse
No announcement yet.

NullPointerException if asking via CalDAV the created-by of an event created by guest

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • NullPointerException if asking via CalDAV the created-by of an event created by guest

    Hi,

    After investigating a bug hit by one of our users, I managed to reproduce it:
    • Create a calendar
    • Share that calendar with an external email address, which is not a defined contact, with the "Author" permission
    • Use the link received by that external email address ("View calendar") to add a new event
    • Using the original account, get the CalDAV URL of the shared calendar.
    • Using the original account, export to ICS the event, to obtain its UID.
    • Using the original account, ask for created-by & updated-by through CalDAV, for example with (replacing the ${...} with the corresponding values):
      • Code:
        curl -H "Authorization: Basic ${basic}" -X REPORT -H "Content-Type: text/xml" --data @payload.xml ${CalDAV URL}
      • With payload.xml containing:
        Code:
         <B:calendar-multiget xmlns:B="urn:ietf:params:xml:ns:caldav">
        		<A:prop xmlns:A="DAV:">
        		<A:getetag/>
        		<B:calendar-data/>
        		<C:created-by xmlns:C="http://calendarserver.org/ns/"/>
        		<B:schedule-tag/>
        		<C:updated-by xmlns:C="http://calendarserver.org/ns/"/>
        		</A:prop>
        		<A:href xmlns:A="DAV:">${CalDAV URL}/${UID}.ics</A:href>
        		</B:calendar-multiget>
    This will result in the following error on the server (XXXXX used to replace sensitive-ish data):
    Code:
    2021-07-12T18:46:55,323+0200 ERROR [OXWorker-0008986] com.openexchange.webdav.action.WebdavLogAction.per form(WebdavLogAction.java:169)
    Unexepected runtime excpetion handling request /XXXXX: null
    com.openexchange.database.schema=oxdatabase_7
    com.openexchange.grizzly.method=REPORT
    com.openexchange.grizzly.pathInfo=/XXXXX/
    com.openexchange.grizzly.queryString=<none>
    com.openexchange.grizzly.remoteAddress=XXXXX
    com.openexchange.grizzly.remotePort=43086
    com.openexchange.grizzly.requestURI=/dav/caldav/XXXXX/
    com.openexchange.grizzly.serverName=XXXXX
    com.openexchange.grizzly.servletPath=/dav/caldav
    com.openexchange.grizzly.threadName=OXWorker-0008986
    com.openexchange.grizzly.userAgent=curl/7.77.0
    com.openexchange.localhost.ipAddress=XXXXX
    com.openexchange.localhost.version=7.10.5-Rev13
    com.openexchange.request.trackingId=497851417-250207478
    java.lang.NullPointerException: null
    at com.google.common.base.Preconditions.checkNotNull( Preconditions.java:878)
    at com.google.common.escape.ArrayBasedCharEscaper.esc ape(ArrayBasedCharEscaper.java:106)
    at com.openexchange.caldav.resources.EventResource.in ternalGetProperty(EventResource.java:358)
    at com.openexchange.webdav.protocol.helpers.AbstractR esource.internalGetProperty(AbstractResource.java: 403)
    at com.openexchange.webdav.protocol.helpers.AbstractR esource.getProperty(AbstractResource.java:193)
    at com.openexchange.webdav.xml.resources.PropfindResp onseMarshaller.getProps(PropfindResponseMarshaller .java:105)
    at com.openexchange.webdav.xml.resources.PropertiesMa rshaller.marshal(PropertiesMarshaller.java:115)
    at com.openexchange.caldav.reports.CaldavMultigetRepo rt.perform(CaldavMultigetReport.java:112)
    at com.openexchange.webdav.action.WebdavReportAction. perform(WebdavReportAction.java:88)
    at com.openexchange.webdav.action.AbstractAction.yiel d(AbstractAction.java:62)
    at com.openexchange.webdav.action.WebdavIfAction.perf orm(WebdavIfAction.java:155)
    at com.openexchange.webdav.action.AbstractAction.yiel d(AbstractAction.java:62)
    at com.openexchange.webdav.action.WebdavExistsAction. perform(WebdavExistsAction.java:71)
    at com.openexchange.webdav.action.AbstractAction.yiel d(AbstractAction.java:62)
    at com.openexchange.webdav.action.WebdavIfMatchAction .perform(WebdavIfMatchAction.java:85)
    at com.openexchange.webdav.action.AbstractAction.yiel d(AbstractAction.java:62)
    at com.openexchange.webdav.action.WebdavDefaultHeader Action.perform(WebdavDefaultHeaderAction.java:63)
    at com.openexchange.webdav.action.AbstractAction.yiel d(AbstractAction.java:62)
    at com.openexchange.webdav.action.WebdavLogAction.per form(WebdavLogAction.java:116)
    at com.openexchange.webdav.action.AbstractAction.yiel d(AbstractAction.java:62)
    at com.openexchange.webdav.action.WebdavRequestCycleA ction.perform(WebdavRequestCycleAction.java:65)
    at com.openexchange.dav.DAVPerformer.doIt(DAVPerforme r.java:213)
    at com.openexchange.dav.DAVServlet.doIt(DAVServlet.ja va:286)
    at com.openexchange.dav.DAVServlet.service(DAVServlet .java:216)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:791)
    at org.glassfish.grizzly.servlet.FilterChainImpl.doFi lter(FilterChainImpl.java:124)
    at com.openexchange.http.grizzly.servletfilter.Reques tReportingFilter.doFilter(RequestReportingFilter.j ava:137)
    at org.glassfish.grizzly.servlet.FilterChainImpl.doFi lter(FilterChainImpl.java:114)
    at com.openexchange.http.grizzly.servletfilter.Wrappi ngFilter.doFilter(WrappingFilter.java:223)
    at org.glassfish.grizzly.servlet.FilterChainImpl.doFi lter(FilterChainImpl.java:114)
    at com.openexchange.http.grizzly.service.http.OSGiAut hFilter.doFilter(OSGiAuthFilter.java:139)
    at org.glassfish.grizzly.servlet.FilterChainImpl.doFi lter(FilterChainImpl.java:114)
    at org.glassfish.grizzly.servlet.FilterChainImpl.invo keFilterChain(FilterChainImpl.java:83)
    at org.glassfish.grizzly.servlet.ServletHandler.doSer vletService(ServletHandler.java:202)
    at org.glassfish.grizzly.servlet.ServletHandler.servi ce(ServletHandler.java:154)
    at com.openexchange.http.grizzly.service.http.OSGiMai nHandler.service(OSGiMainHandler.java:302)
    at org.glassfish.grizzly.http.server.HttpHandler$1.ru n(HttpHandler.java:200)
    at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$MDCProvidingRunnable.run(CustomThreadP oolExecutor.java:2621)
    at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.runTask(CustomThreadPoolExecuto r.java:834)
    at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.run(CustomThreadPoolExecutor.ja va:861)
    at java.lang.Thread.run(Thread.java:748)
    Digging into the code, I believe it's due to "escaper.escape(user.getGivenName())" in EventResource.java#L357-L359 as the guest user doesn't have a given name (nor a surname) since it was created on the fly with a simple email address, which can be verified by looking into the DB directly (replacing ${UID} by the uid of the event):
    Code:
    MySQL [oxdatabase_7]> select u.guestCreatedBy <> 0, c.field02, c.field03 from calendar_event e inner join user u on u.id = e.createdBy inner join prg_contacts c on c.userid = e.createdBy where e.uid = "${UID}";
    +-----------------------+---------+---------+
    | u.guestCreatedBy <> 0 | field02 | field03 |
    +-----------------------+---------+---------+
    | 1 | NULL | NULL |
    +-----------------------+---------+---------+
    I'm not sure what's the best way of handling this corner case...

  • #2
    Just a quick update: Manually updating the database by injecting reasonable values for field02 & field03 seems to resolve the issue, so I think my pinning of the problem is correct

    Comment

    Working...
    X