[Bug(CardDav)]: Wrong sync-token returned when limit is set

[hamza221]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

This is a potential bug to be investigated further:

1. When syncing the sync token is set to the latest sync-token of the address book
   https://github.com/nextcloud/server/blob/master/apps/dav/lib/CardDAV/CardDavBackend.php#L856-L863

2. But if a limit is applied -> https://github.com/nextcloud/server/blob/master/apps/dav/lib/CardDAV/CardDavBackend.php#L889-L891
   The sync token is not updated to the correct value where the latest change was returned

=> The client would think that it got all the changes when it potentially didn't

Steps to reproduce

N/A 👆

Expected behavior

Sync token reflects the correct sync step

Nextcloud Server version

master

Operating system

None

PHP engine version

None

Web server

None

Database engine version

None

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

List of activated Apps

Nextcloud Signing status

Nextcloud Logs

Additional info

No response

[tcitworld]

Indeed.

When truncation occurs, the DAV:sync-token value returned in the response MUST represent the correct state for the partial set of changes returned. That allows the client to use the returned DAV:sync-token to fetch the next set of changes. In this way, the client can effectively "page" through the entire set of changes in a consistent manner.

https://www.rfc-editor.org/rfc/rfc6578#section-3.6