View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0003902SOGo Connectorwith SOGopublic2016-11-16 05:342016-11-16 05:34
ReporterpbSogo Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
PlatformLinuxOSFedoraOS Version24
Product Version31.0.3 
Summary0003902: SOGo connector allows upload of invalid VCARDs and don't display error on UI
Description

SOGo 31.0.3 and also 31.0.4 allow upload of invalid VCARDs, e.g. missing an according to RFC mandatory FN.

Python's vobject implementation is strict enough to reject such VCARD.

Currently it's unclear to me how the server should respond in this case, I have adjusted Radicale to detect broken VCARD early enough (means before storing) and respond currently with "412", but probably a different error code including also a root cause message should be returned to be able to display in SOGo connector UI something like:

"can't upload VCARD because it's rejected by server with following reason: 'VCARD components must contain at least 1 FN'"

Steps To Reproduce

Create a new addressbook entry only containing a name and e-mail address, wipe manualy the FN field and then save.

Server side:

ERROR: Object broken on serialize (skip 'upload'): C74D2C04-3130-0001-F19F-15001AEF9710.vcf ('VCARD components must contain at least 1 FN')

(..) message from python's vobject

Content of VCARD:

ERROR: Item content ('upload'): C74D2C04-3130-0001-F19F-15001AEF9710.vcf:
<VCARD| [<VERSION{}3.0>, <PRODID{}-//Inverse inc.//SOGo Connector 1.0//EN>, <UID{}C74D2C04-3130-0001-F19F-15001AEF9710.vcf>, <EMAIL{'TYPE': ['work']}test@example.com>, <N{} Test no FN >, <X-MOZILLA-HTML{}FALSE>]>

Additional Information

SOGo connector should reject upload of VCARDs, which are invalid, means misses mandatory fields and report this to UI.

SOGo connector log:

new sync: 1
1/sync with https:///test.vcf/...
GOT STATUS: 207
new card '' will be uploaded
ctag matches or drop operation
NOTICE: uploading modified vcard with etag: -1
NOTICE: uploading modified vcard without etag
GOT STATUS: 412
xmlRequest: received status 412 - precondition failed for url: https://***/test.vcf/C74D2C90-AD40-0001-6621-5A9018701F56.vcf
sogoWebDAV.js: an exception occured
Buggy situation! (pendingOperations < 0)
undefined:undefined

=> 412 caused by server because of broken VCARD detected, to be discussed whether the return code should be a different one

stack: undefinedurl: https://***/test.vcf/
GOT STATUS: 207
sogoWebDAV.js: an exception occured
Buggy situation! (pendingOperations < 0)
undefined:undefined

stack: undefinedurl: https://***/test.vcf/
GOT STATUS: 404

=> 404 caused by server, because broken VCARD was not stored on server

TagsNo tags attached.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2016-11-16 05:34 pbSogo New Issue