Event made private is not synchronized as private if before it was already synced while being public



  • How to reproduce:

    1. Have User1 create a public event in Thunderbird/Lightning

    2. Have User2 sync User1's shared calendar (read only) using Davdroid

    3. Have User1 change the event from public to private

    4. Have User2 sync again

    Expected result: The event is no longer visible to User1 and is marked <private>.

    Actual result: The event stays visible to User 1.

    In the logs we can see that Davdroid is correctly notified that the event has changed, so there is a GET request downloading the changed event which looks like this:

    BEGIN:VCALENDAR
    PRODID:-//Alt-N Technologies Ltd//MDaemon 17.5.2
    VERSION:2.0
    METHOD:PUBLISH
    BEGIN:VTIMEZONE
    TZID:W. Europe Standard Time
    BEGIN:STANDARD
    DTSTART:16011005T030000
    TZOFFSETFROM:+0200
    TZOFFSETTO:+0100
    RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
    TZNAME:Standard Time
    END:STANDARD
    BEGIN:DAYLIGHT
    DTSTART:16010305T020000
    TZOFFSETFROM:+0100
    TZOFFSETTO:+0200
    RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
    TZNAME:Daylight Savings Time
    END:DAYLIGHT
    END:VTIMEZONE
    BEGIN:VEVENT
    UID:e8688291-9330-4fad-87a4-78a47351f9b1
    SEQUENCE:0
    DTSTAMP:20180316T130436Z
    SUMMARY:testttt
    PRIORITY:5
    CLASS:PRIVATE
    DTSTART;TZID=W. Europe Standard Time:20180319T140000
    DTEND;TZID=W. Europe Standard Time:20180319T150000
    TRANSP:OPAQUE
    X-MOZ-GENERATION:5
    END:VEVENT
    END:VCALENDAR
    

    One can clearly see that the (updated) event contains CLASS:PRIVATE.

    Unsubscribing and resubscribing the calendar correctly shows it as private... obviously...


  • developer

    I can't reproduce this: It works as expected here with Nextcloud 13.

    Note that it's not the task of DAVdroid to enforce privacy settings. If an event should be hidden from a shared calendar, it's the server's resposibility to hide this event to other people.

    So even if I could reproduce the problem, it would not be a DAVdroid problem.

    Please update your server software and/or contact server support for more information.



  • @rfc2822 Yep you're right. I was talking to my colleague about this previously. While we were arguing the same way as you do, I was mislead by Davdroid getting the event with CLASS:PRIVATE being set although it should probably not be receiving any such event at all (at least not its contents.....)

    Thanks...



  • Hi again,
    I still agree that it is not Davdroid's fault if it can retrieve an .ics file which is marked with classification PRIVATE inside the file.
    Using another client I can see that it only issues PROPFIND and REPORT requests to the server and then marks the event private.
    When I then manually try to retrieve the .ics file using a GET request using the user that should not have access, I am able to successfully retrieve it (just like Davdroid does), which is certainly not ok as far as the server is concerned.
    However I'd like to understand first how a client that would NOT actually retrieve the file knows that it has become private. Where is the protocol hint that the requested event has become private? (I found RFC 5545, Section 3.8.1.3 but which is not very explicit...)
    Thanks.

    UPDATE
    Hmm well I cranked up debugging, it seems that if the server returns the entire event in response to a REPORT request it correctly masks details as "private appointment". So far, so good. However, Davdroid GETs (HTTP) the event (in which the private info is not masked), which certainly is not ok. Are both ways valid in obtaining the event data?


  • developer

    @marki said in Event made private is not synchronized as private if before it was already synced while being public:

    However I'd like to understand first how a client that would NOT actually retrieve the file knows that it has become private. Where is the protocol hint that the requested event has become private? (I found RFC 5545, Section 3.8.1.3 but which is not very explicit...)

    I don't understand what you mean… as far as I have understood it by now:

    1. When a user sets an event to private, the UA uploads the event with CLASS:PRIVATE to the server which causes the event to be changed (new ETag).
    2. Users who still have access to the event (for instance, the owner) will from now on receive the updated event with CLASS:PRIVATE, so that the UA knows this event is private.
    3. Users who don't have access to the event won't receive the event from now on (i.e. the server doesn't list it on PROPFIND or REPORT, and denies access on HEAD/GET). So, from their point of view, the event has gone and will be deleted with the next sync.

    For CLASS:CONFIDENTIAL events, it's the same but the event is not gone for users who don't have access, but there are no event details (only a short event "user xx is busy" or something like that).

    (I hope I didn't confuse PRIVATE with CONFIDENTIAL in this posting.)



  • @rfc2822 said in Event made private is not synchronized as private if before it was already synced while being public:

    I hope I didn't confuse PRIVATE with CONFIDENTIAL in this posting.

    Hehe I think you did but it doesn't matter, I get it, thanks a lot for that.

    BTW I cranked up debugging, it seems that if the server returns the entire event in response to a REPORT request it correctly masks details as "private appointment". So far, so good. However, Davdroid GETs (HTTP) the event (in which the private info is not masked), which certainly is not ok. Are both ways valid in obtaining the event data?


  • developer

    @marki It should not matter whether an event is downloaded using GET or REPORT multi-get. Private events should never be exposed to unauthorized clients. This seems to be a server problem.