Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Status code should be 500 on error #6893

Closed
sophie-h opened this issue Oct 21, 2017 · 6 comments · Fixed by #9995
Closed

Status code should be 500 on error #6893

sophie-h opened this issue Oct 21, 2017 · 6 comments · Fixed by #9995
Labels
bug good first issue Small tasks with clear documentation about how and in which place you need to fix things in.
Milestone
Nextcloud 14

Comments

@sophie-h
Copy link

Steps to reproduce

  1. Make config file write protected
  2. Visit Nextcloud main page

Expected behaviour

The server should return status code 500 to alert standard monitoring systems. (Or ignore, that the config is not writeable)

Actual behaviour

The server returns status code 200

Server configuration

Operating system:
Debian

Web server:
Apache 2

Database:
Postgresql

PHP version:
5.6

Nextcloud version: (see Nextcloud admin page)
12
@blizzz blizzz added bug good first issue Small tasks with clear documentation about how and in which place you need to fix things in. labels Oct 24, 2017
@blizzz blizzz added this to the Nextcloud 13 milestone Oct 24, 2017
@Morikko
Copy link
Contributor

Morikko commented Oct 27, 2017

I can take this issue.

@Morikko
Copy link
Contributor

Morikko commented Oct 27, 2017

The function OC_Util::checkServer that arrives after checkConfig also tracks if config is writable.

  • OC_Util::checkServer tracks config/ only
  • checkConfig tracks config/config.php

Is it necessary to have those two checks ?

Should I do a unit test for checking the header status ? If yes, in which test file should I add it ?

@sophie-h
Copy link
Author

I think it is completely sufficient to have an error when changing the configuration fails. I don't know if a proper handling in this case already exists.

Having php files non-writable is a sane security decision for me. However, if writable config files are recommended, this information would fit into the "Admin" –> "Security & setup warnings" section.

@tflidd
Copy link
Contributor

tflidd commented Nov 5, 2017

There is even an option for the config file in case the config file is read only:
https://github.com/nextcloud/server/blob/master/config/config.sample.php#L648-L658

Having php files non-writable is a sane security decision for me. However, if writable config files are recommended, this information would fit into the "Admin" –> "Security & setup warnings" section.

I would prefer this option as well. Tell user to either set the option "read-only" in the config file or make it writable. Most people are quite responsive to messages in Security & setup warnings. A 500 status code error will trigger many users to end up with a broken setup and they will complain that the update procedure broke their system.

@Morikko Morikko mentioned this issue Nov 17, 2017
Closed
@Morikko
Copy link
Contributor

Morikko commented Nov 17, 2017

Notes:

  • A first check is done in lib/base.php with function checkConfig(), this one is handle completely.
  • A second one in lib/private/legacy/util.php with function checkServer. This one only check the folder. Thus, it can throw an error if config folder is not writable but config file is writable. Moreover, the http status returned was already 503.

Questions:

  • Should I change the http status returned with the second check to 500 ?
  • Should we open a new issue to correct the behavior of the second check to focus on the file instead of the folder ?

@rullzer rullzer removed this from the Nextcloud 13 milestone Jan 10, 2018
@nextcloud-bot nextcloud-bot added the stale Ticket or PR with no recent activity label Jun 20, 2018
MorrisJobke pushed a commit that referenced this issue Jun 26, 2018
@Morikko @MorrisJobke
Change status code when config is write protected
b0f7796 
Add hint msg, you can make config file read only

If the config.php is not writable, print an error message: #6893
 - set config writable
 - or set option to keep it read only

Signed-off-by: Eric Masseran <rico.masseran@gmail.com>
MorrisJobke pushed a commit that referenced this issue Jun 26, 2018
@Morikko @MorrisJobke
Change status code when config is write protected
a34f70c 
Add hint msg, you can make config file read only

If the config.php is not writable, print an error message: #6893
 - set config writable
 - or set option to keep it read only

Signed-off-by: Eric Masseran <rico.masseran@gmail.com>
@MorrisJobke MorrisJobke mentioned this issue Jun 26, 2018
Merged
@nextcloud-bot nextcloud-bot removed the stale Ticket or PR with no recent activity label Jun 26, 2018
@MorrisJobke MorrisJobke mentioned this issue Jun 26, 2018
Merged
@MorrisJobke MorrisJobke added this to the Nextcloud 14 milestone Jun 26, 2018
@MorrisJobke
Copy link
Member

Should I change the http status returned with the second check to 500 ?

This one is fixed in #9995 - inspired by @Morikko

And @Morikko's PR was in #7205 - rebased as #9996

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug good first issue Small tasks with clear documentation about how and in which place you need to fix things in.
Projects
None yet
Milestone
Nextcloud 14
Development

Successfully merging a pull request may close this issue.

Server error/hint pages with a 500 error code to avoid it being seen … nextcloud/server
8 participants
@rullzer @MorrisJobke @jancborchardt @blizzz @sophie-h @Morikko @tflidd @nextcloud-bot