fix(dav): Handle long absence status earlier

ChristophWurst · ChristophWurst · commit c891bde0b3fd · 2025-03-05T08:11:46.000+01:00
Validate the request early. Don't let this cause a database error.

Signed-off-by: Christoph Wurst &lt;christoph@winzerhof-wurst.at&gt;
diff --git a/apps/dav/lib/Controller/OutOfOfficeController.php b/apps/dav/lib/Controller/OutOfOfficeController.php
@@ -21,6 +21,7 @@
 use OCP\IUserManager;
 use OCP\IUserSession;
 use OCP\User\IAvailabilityCoordinator;
+use function mb_strlen;
 
 /**
  * @psalm-import-type DAVOutOfOfficeData from ResponseDefinitions
@@ -107,10 +108,10 @@ public function getOutOfOffice(string $userId): DataResponse {
 	 * @param string $message Longer multiline message that is shown to others during the absence
 	 * @param ?string $replacementUserId User id of the replacement user
 	 * @param ?string $replacementUserDisplayName Display name of the replacement user
-	 * @return DataResponse<Http::STATUS_OK, DAVOutOfOfficeData, array{}>|DataResponse<Http::STATUS_BAD_REQUEST, array{error: 'firstDay'}, array{}>|DataResponse<Http::STATUS_UNAUTHORIZED, null, array{}>|DataResponse<Http::STATUS_NOT_FOUND, null, array{}>
+	 * @return DataResponse<Http::STATUS_OK, DAVOutOfOfficeData, array{}>|DataResponse<Http::STATUS_BAD_REQUEST, array{error: 'firstDay'|'statusLength'}, array{}>|DataResponse<Http::STATUS_UNAUTHORIZED, null, array{}>|DataResponse<Http::STATUS_NOT_FOUND, null, array{}>
 	 *
 	 * 200: Absence data
-	 * 400: When the first day is not before the last day
+	 * 400: When validation fails, e.g. data range error or the first day is not before the last day
 	 * 401: When the user is not logged in
 	 * 404: When the replacementUserId was provided but replacement user was not found
 	 */
@@ -128,6 +129,9 @@ public function setOutOfOffice(
 		if ($user === null) {
 			return new DataResponse(null, Http::STATUS_UNAUTHORIZED);
 		}
+		if (mb_strlen($status) > 100) {
+			return new DataResponse(['error' => 'statusLength'] , Http::STATUS_BAD_REQUEST);
+		}
 
 		if ($replacementUserId !== null) {
 			$replacementUser = $this->userManager->get($replacementUserId);
diff --git a/apps/dav/openapi.json b/apps/dav/openapi.json
@@ -793,7 +793,7 @@
                         }
                     },
                     "400": {
-                        "description": "When the first day is not before the last day",
+                        "description": "When validation fails, e.g. data range error or the first day is not before the last day",
                         "content": {
                             "application/json": {
                                 "schema": {
@@ -821,7 +821,8 @@
                                                         "error": {
                                                             "type": "string",
                                                             "enum": [
-                                                                "firstDay"
+                                                                "firstDay",
+                                                                "statusLength"
                                                             ]
                                                         }
                                                     }

Original file line number	Diff line number	Diff line change
`@@ -793,7 +793,7 @@`
`793`	`793`	`}`
`794`	`794`	`},`
`795`	`795`	`"400": {`
`796`		`- "description": "When the first day is not before the last day",`
	`796`	`+ "description": "When validation fails, e.g. data range error or the first day is not before the last day",`
`797`	`797`	`"content": {`
`798`	`798`	`"application/json": {`
`799`	`799`	`"schema": {`
`@@ -821,7 +821,8 @@`
`821`	`821`	`"error": {`
`822`	`822`	`"type": "string",`
`823`	`823`	`"enum": [`
`824`		`- "firstDay"`
	`824`	`+ "firstDay",`
	`825`	`+ "statusLength"`
`825`	`826`	`]`
`826`	`827`	`}`
`827`	`828`	`}`