From 670d2f8cad0b64f83577b689e4a9fd8f55495c36 Mon Sep 17 00:00:00 2001
From: Jonas <jonas@freesources.org>
Date: Fri, 15 Mar 2024 11:53:24 +0100
Subject: [PATCH 1/6] fix(sync): If `baseVersionEtag` changed, reset frontend

`baseVersionEtag` changes when a new document session got initialized,
e.g. after an old document session without session clients got cleaned
up, or because the markdown file got changed via webdav.

Detect this in the client and ask the user to reload the page for
resetting the session.

Signed-off-by: Jonas <jonas@freesources.org>
---
 lib/Controller/PublicSessionController.php | 4 ++--
 lib/Controller/SessionController.php       | 4 ++--
 lib/Service/ApiService.php                 | 5 ++++-
 src/components/Editor.vue                  | 1 +
 src/services/SessionApi.js                 | 3 ++-
 src/services/SyncService.js                | 6 ++++--
 6 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/lib/Controller/PublicSessionController.php b/lib/Controller/PublicSessionController.php
index 3d0da080e8c..be38220f2ff 100644
--- a/lib/Controller/PublicSessionController.php
+++ b/lib/Controller/PublicSessionController.php
@@ -80,8 +80,8 @@ protected function isPasswordProtected(): bool {
 
 	#[NoAdminRequired]
 	#[PublicPage]
-	public function create(string $token, ?string $file = null, ?string $guestName = null): DataResponse {
-		return $this->apiService->create(null, $file, $token, $guestName);
+	public function create(string $token, ?string $file = null, ?string $baseVersionEtag = null, ?string $guestName = null): DataResponse {
+		return $this->apiService->create(null, $file, $baseVersionEtag, $token, $guestName);
 	}
 
 	#[NoAdminRequired]
diff --git a/lib/Controller/SessionController.php b/lib/Controller/SessionController.php
index aa935f57879..09b056da07d 100644
--- a/lib/Controller/SessionController.php
+++ b/lib/Controller/SessionController.php
@@ -57,8 +57,8 @@ public function __construct(
 	}
 
 	#[NoAdminRequired]
-	public function create(?int $fileId = null, ?string $file = null): DataResponse {
-		return $this->apiService->create($fileId, $file, null, null);
+	public function create(?int $fileId = null, ?string $file = null, ?string $baseVersionEtag = null): DataResponse {
+		return $this->apiService->create($fileId, $file, $baseVersionEtag, null, null);
 	}
 
 	#[NoAdminRequired]
diff --git a/lib/Service/ApiService.php b/lib/Service/ApiService.php
index 9d3fd6410e3..95dc3310215 100644
--- a/lib/Service/ApiService.php
+++ b/lib/Service/ApiService.php
@@ -71,7 +71,7 @@ public function __construct(IRequest $request,
 		$this->l10n = $l10n;
 	}
 
-	public function create(?int $fileId = null, ?string $filePath = null, ?string $token = null, ?string $guestName = null): DataResponse {
+	public function create(?int $fileId = null, ?string $filePath = null, ?string $baseVersionEtag = null, ?string $token = null, ?string $guestName = null): DataResponse {
 		try {
 			if ($token) {
 				$file = $this->documentService->getFileByShareToken($token, $this->request->getParam('filePath'));
@@ -115,6 +115,9 @@ public function create(?int $fileId = null, ?string $filePath = null, ?string $t
 			$this->sessionService->removeInactiveSessionsWithoutSteps($file->getId());
 			$document = $this->documentService->getDocument($file->getId());
 			$freshSession = $document === null;
+			if ($baseVersionEtag && $baseVersionEtag !== $document?->getBaseVersionEtag()) {
+				return new DataResponse($this->l10n->t('Editing session has expired. Please reload the page.'), Http::STATUS_CONFLICT);
+			}
 
 			if ($freshSession) {
 				$this->logger->info('Create new document of ' . $file->getId());
diff --git a/src/components/Editor.vue b/src/components/Editor.vue
index 6378aded67d..ddd0b122359 100644
--- a/src/components/Editor.vue
+++ b/src/components/Editor.vue
@@ -374,6 +374,7 @@ export default {
 				guestName,
 				shareToken: this.shareToken,
 				filePath: this.relativePath,
+				baseVersionEtag: this.$syncService?.baseVersionEtag,
 				forceRecreate: this.forceRecreate,
 				serialize: this.isRichEditor
 					? (content) => createMarkdownSerializer(this.$editor.schema).serialize(content ?? this.$editor.state.doc)
diff --git a/src/services/SessionApi.js b/src/services/SessionApi.js
index 69d848b3cd3..96bf299ad0a 100644
--- a/src/services/SessionApi.js
+++ b/src/services/SessionApi.js
@@ -38,9 +38,10 @@ class SessionApi {
 		this.#options = options
 	}
 
-	open({ fileId }) {
+	open({ fileId, baseVersionEtag }) {
 		return axios.put(this.#url(`session/${fileId}/create`), {
 			fileId,
+			baseVersionEtag,
 			filePath: this.#options.filePath,
 			token: this.#options.shareToken,
 			guestName: this.#options.guestName,
diff --git a/src/services/SyncService.js b/src/services/SyncService.js
index 8172f0aba01..3c753b3624b 100644
--- a/src/services/SyncService.js
+++ b/src/services/SyncService.js
@@ -68,7 +68,7 @@ class SyncService {
 
 	#sendIntervalId
 
-	constructor({ serialize, getDocumentState, ...options }) {
+	constructor({ baseVersionEtag, serialize, getDocumentState, ...options }) {
 		/** @type {import('mitt').Emitter<import('./SyncService').EventTypes>} _bus */
 		this._bus = mitt()
 
@@ -82,6 +82,7 @@ class SyncService {
 		this.lastStepPush = Date.now()
 
 		this.version = null
+		this.baseVersionEtag = baseVersionEtag
 		this.sending = false
 		this.#sendIntervalId = null
 
@@ -94,7 +95,7 @@ class SyncService {
 
 		const connect = initialSession
 			? Promise.resolve(new Connection({ data: initialSession }, {}))
-			: this._api.open({ fileId })
+			: this._api.open({ fileId, baseVersionEtag: this.baseVersionEtag })
 				.catch(error => this._emitError(error))
 
 		this.connection = await connect
@@ -104,6 +105,7 @@ class SyncService {
 		}
 		this.backend = new PollingBackend(this, this.connection)
 		this.version = this.connection.docStateVersion
+		this.baseVersionEtag = this.connection.document.baseVersionEtag
 		this.emit('opened', {
 			...this.connection.state,
 			version: this.version,

From f61fb6f69dbdb177cc22dc6db4b63ffedc72c531 Mon Sep 17 00:00:00 2001
From: Jonas <jonas@freesources.org>
Date: Mon, 18 Mar 2024 19:05:30 +0100
Subject: [PATCH 2/6] fix(Middleware): Response with 412 if `baseVersionEtag`
 doesn't match

Signed-off-by: Jonas <jonas@freesources.org>
---
 composer/composer/autoload_classmap.php       |  2 ++
 composer/composer/autoload_static.php         |  2 ++
 lib/Controller/PublicSessionController.php    |  4 +++
 lib/Controller/SessionController.php          |  4 +++
 ...nvalidDocumentBaseVersionEtagException.php |  9 +++++
 .../RequireDocumentBaseVersionEtag.php        |  9 +++++
 lib/Middleware/SessionMiddleware.php          | 33 +++++++++++++++++--
 lib/Service/ApiService.php                    |  6 ++--
 src/services/PollingBackend.js                |  3 ++
 src/services/SessionApi.js                    |  3 ++
 src/services/SyncService.js                   |  4 ++-
 11 files changed, 72 insertions(+), 7 deletions(-)
 create mode 100644 lib/Exception/InvalidDocumentBaseVersionEtagException.php
 create mode 100644 lib/Middleware/Attribute/RequireDocumentBaseVersionEtag.php

diff --git a/composer/composer/autoload_classmap.php b/composer/composer/autoload_classmap.php
index dcff792ea42..dd4f029eb45 100644
--- a/composer/composer/autoload_classmap.php
+++ b/composer/composer/autoload_classmap.php
@@ -31,6 +31,7 @@
     'OCA\\Text\\Event\\LoadEditor' => $baseDir . '/../lib/Event/LoadEditor.php',
     'OCA\\Text\\Exception\\DocumentHasUnsavedChangesException' => $baseDir . '/../lib/Exception/DocumentHasUnsavedChangesException.php',
     'OCA\\Text\\Exception\\DocumentSaveConflictException' => $baseDir . '/../lib/Exception/DocumentSaveConflictException.php',
+    'OCA\\Text\\Exception\\InvalidDocumentBaseVersionEtagException' => $baseDir . '/../lib/Exception/InvalidDocumentBaseVersionEtagException.php',
     'OCA\\Text\\Exception\\InvalidSessionException' => $baseDir . '/../lib/Exception/InvalidSessionException.php',
     'OCA\\Text\\Exception\\UploadException' => $baseDir . '/../lib/Exception/UploadException.php',
     'OCA\\Text\\Exception\\VersionMismatchException' => $baseDir . '/../lib/Exception/VersionMismatchException.php',
@@ -45,6 +46,7 @@
     'OCA\\Text\\Listeners\\LoadViewerListener' => $baseDir . '/../lib/Listeners/LoadViewerListener.php',
     'OCA\\Text\\Listeners\\NodeCopiedListener' => $baseDir . '/../lib/Listeners/NodeCopiedListener.php',
     'OCA\\Text\\Listeners\\RegisterDirectEditorEventListener' => $baseDir . '/../lib/Listeners/RegisterDirectEditorEventListener.php',
+    'OCA\\Text\\Middleware\\Attribute\\RequireDocumentBaseVersionEtag' => $baseDir . '/../lib/Middleware/Attribute/RequireDocumentBaseVersionEtag.php',
     'OCA\\Text\\Middleware\\Attribute\\RequireDocumentSession' => $baseDir . '/../lib/Middleware/Attribute/RequireDocumentSession.php',
     'OCA\\Text\\Middleware\\Attribute\\RequireDocumentSessionOrUserOrShareToken' => $baseDir . '/../lib/Middleware/Attribute/RequireDocumentSessionOrUserOrShareToken.php',
     'OCA\\Text\\Middleware\\SessionMiddleware' => $baseDir . '/../lib/Middleware/SessionMiddleware.php',
diff --git a/composer/composer/autoload_static.php b/composer/composer/autoload_static.php
index a172981b0ef..aac06275a14 100644
--- a/composer/composer/autoload_static.php
+++ b/composer/composer/autoload_static.php
@@ -46,6 +46,7 @@ class ComposerStaticInitText
         'OCA\\Text\\Event\\LoadEditor' => __DIR__ . '/..' . '/../lib/Event/LoadEditor.php',
         'OCA\\Text\\Exception\\DocumentHasUnsavedChangesException' => __DIR__ . '/..' . '/../lib/Exception/DocumentHasUnsavedChangesException.php',
         'OCA\\Text\\Exception\\DocumentSaveConflictException' => __DIR__ . '/..' . '/../lib/Exception/DocumentSaveConflictException.php',
+        'OCA\\Text\\Exception\\InvalidDocumentBaseVersionEtagException' => __DIR__ . '/..' . '/../lib/Exception/InvalidDocumentBaseVersionEtagException.php',
         'OCA\\Text\\Exception\\InvalidSessionException' => __DIR__ . '/..' . '/../lib/Exception/InvalidSessionException.php',
         'OCA\\Text\\Exception\\UploadException' => __DIR__ . '/..' . '/../lib/Exception/UploadException.php',
         'OCA\\Text\\Exception\\VersionMismatchException' => __DIR__ . '/..' . '/../lib/Exception/VersionMismatchException.php',
@@ -60,6 +61,7 @@ class ComposerStaticInitText
         'OCA\\Text\\Listeners\\LoadViewerListener' => __DIR__ . '/..' . '/../lib/Listeners/LoadViewerListener.php',
         'OCA\\Text\\Listeners\\NodeCopiedListener' => __DIR__ . '/..' . '/../lib/Listeners/NodeCopiedListener.php',
         'OCA\\Text\\Listeners\\RegisterDirectEditorEventListener' => __DIR__ . '/..' . '/../lib/Listeners/RegisterDirectEditorEventListener.php',
+        'OCA\\Text\\Middleware\\Attribute\\RequireDocumentBaseVersionEtag' => __DIR__ . '/..' . '/../lib/Middleware/Attribute/RequireDocumentBaseVersionEtag.php',
         'OCA\\Text\\Middleware\\Attribute\\RequireDocumentSession' => __DIR__ . '/..' . '/../lib/Middleware/Attribute/RequireDocumentSession.php',
         'OCA\\Text\\Middleware\\Attribute\\RequireDocumentSessionOrUserOrShareToken' => __DIR__ . '/..' . '/../lib/Middleware/Attribute/RequireDocumentSessionOrUserOrShareToken.php',
         'OCA\\Text\\Middleware\\SessionMiddleware' => __DIR__ . '/..' . '/../lib/Middleware/SessionMiddleware.php',
diff --git a/lib/Controller/PublicSessionController.php b/lib/Controller/PublicSessionController.php
index be38220f2ff..9d6177584ed 100644
--- a/lib/Controller/PublicSessionController.php
+++ b/lib/Controller/PublicSessionController.php
@@ -25,6 +25,7 @@
 
 namespace OCA\Text\Controller;
 
+use OCA\Text\Middleware\Attribute\RequireDocumentBaseVersionEtag;
 use OCA\Text\Middleware\Attribute\RequireDocumentSession;
 use OCA\Text\Service\ApiService;
 use OCP\AppFramework\Http\Attribute\NoAdminRequired;
@@ -92,6 +93,7 @@ public function close(int $documentId, int $sessionId, string $sessionToken): Da
 
 	#[NoAdminRequired]
 	#[PublicPage]
+	#[RequireDocumentBaseVersionEtag]
 	#[RequireDocumentSession]
 	public function push(int $documentId, int $sessionId, string $sessionToken, int $version, array $steps, string $awareness, string $token): DataResponse {
 		return $this->apiService->push($this->getSession(), $this->getDocument(), $version, $steps, $awareness, $token);
@@ -99,6 +101,7 @@ public function push(int $documentId, int $sessionId, string $sessionToken, int
 
 	#[NoAdminRequired]
 	#[PublicPage]
+	#[RequireDocumentBaseVersionEtag]
 	#[RequireDocumentSession]
 	public function sync(string $token, int $version = 0): DataResponse {
 		return $this->apiService->sync($this->getSession(), $this->getDocument(), $version, $token);
@@ -106,6 +109,7 @@ public function sync(string $token, int $version = 0): DataResponse {
 
 	#[NoAdminRequired]
 	#[PublicPage]
+	#[RequireDocumentBaseVersionEtag]
 	#[RequireDocumentSession]
 	public function save(string $token, int $version = 0, ?string $autosaveContent = null, ?string $documentState = null, bool $force = false, bool $manualSave = false): DataResponse {
 		return $this->apiService->save($this->getSession(), $this->getDocument(), $version, $autosaveContent, $documentState, $force, $manualSave, $token);
diff --git a/lib/Controller/SessionController.php b/lib/Controller/SessionController.php
index 09b056da07d..19b241d0ce5 100644
--- a/lib/Controller/SessionController.php
+++ b/lib/Controller/SessionController.php
@@ -25,6 +25,7 @@
 
 namespace OCA\Text\Controller;
 
+use OCA\Text\Middleware\Attribute\RequireDocumentBaseVersionEtag;
 use OCA\Text\Middleware\Attribute\RequireDocumentSession;
 use OCA\Text\Service\ApiService;
 use OCA\Text\Service\NotificationService;
@@ -69,6 +70,7 @@ public function close(int $documentId, int $sessionId, string $sessionToken): Da
 
 	#[NoAdminRequired]
 	#[PublicPage]
+	#[RequireDocumentBaseVersionEtag]
 	#[RequireDocumentSession]
 	public function push(int $version, array $steps, string $awareness): DataResponse {
 		try {
@@ -81,6 +83,7 @@ public function push(int $version, array $steps, string $awareness): DataRespons
 
 	#[NoAdminRequired]
 	#[PublicPage]
+	#[RequireDocumentBaseVersionEtag]
 	#[RequireDocumentSession]
 	public function sync(int $version = 0): DataResponse {
 		try {
@@ -93,6 +96,7 @@ public function sync(int $version = 0): DataResponse {
 
 	#[NoAdminRequired]
 	#[PublicPage]
+	#[RequireDocumentBaseVersionEtag]
 	#[RequireDocumentSession]
 	public function save(int $version = 0, ?string $autosaveContent = null, ?string $documentState = null, bool $force = false, bool $manualSave = false): DataResponse {
 		try {
diff --git a/lib/Exception/InvalidDocumentBaseVersionEtagException.php b/lib/Exception/InvalidDocumentBaseVersionEtagException.php
new file mode 100644
index 00000000000..1bb13ca65a2
--- /dev/null
+++ b/lib/Exception/InvalidDocumentBaseVersionEtagException.php
@@ -0,0 +1,9 @@
+<?php
+
+declare(strict_types=1);
+
+namespace OCA\Text\Exception;
+
+class InvalidDocumentBaseVersionEtagException extends \Exception {
+
+}
diff --git a/lib/Middleware/Attribute/RequireDocumentBaseVersionEtag.php b/lib/Middleware/Attribute/RequireDocumentBaseVersionEtag.php
new file mode 100644
index 00000000000..d9780b3f194
--- /dev/null
+++ b/lib/Middleware/Attribute/RequireDocumentBaseVersionEtag.php
@@ -0,0 +1,9 @@
+<?php
+
+namespace OCA\Text\Middleware\Attribute;
+
+use Attribute;
+
+#[Attribute(Attribute::TARGET_METHOD)]
+class RequireDocumentBaseVersionEtag {
+}
diff --git a/lib/Middleware/SessionMiddleware.php b/lib/Middleware/SessionMiddleware.php
index 31ef6afe1da..6697dc544d4 100644
--- a/lib/Middleware/SessionMiddleware.php
+++ b/lib/Middleware/SessionMiddleware.php
@@ -4,17 +4,21 @@
 
 use OC\User\NoUserException;
 use OCA\Text\Controller\ISessionAwareController;
+use OCA\Text\Exception\InvalidDocumentBaseVersionEtagException;
 use OCA\Text\Exception\InvalidSessionException;
+use OCA\Text\Middleware\Attribute\RequireDocumentBaseVersionEtag;
 use OCA\Text\Middleware\Attribute\RequireDocumentSession;
 use OCA\Text\Middleware\Attribute\RequireDocumentSessionOrUserOrShareToken;
 use OCA\Text\Service\DocumentService;
 use OCA\Text\Service\SessionService;
 use OCP\AppFramework\Controller;
-use OCP\AppFramework\Http\DataResponse;
+use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\JSONResponse;
 use OCP\AppFramework\Http\Response;
 use OCP\AppFramework\Middleware;
 use OCP\Files\IRootFolder;
 use OCP\Files\NotPermittedException;
+use OCP\IL10N;
 use OCP\IRequest;
 use OCP\IUserSession;
 use OCP\Share\Exceptions\ShareNotFound;
@@ -30,11 +34,13 @@ public function __construct(
 		private IUserSession $userSession,
 		private IRootFolder $rootFolder,
 		private ShareManager $shareManager,
+		private IL10N $l10n,
 	) {
 	}
 
 	/**
 	 * @throws ReflectionException
+	 * @throws InvalidDocumentBaseVersionEtagException
 	 * @throws InvalidSessionException
 	 */
 	public function beforeController(Controller $controller, string $methodName): void {
@@ -52,11 +58,28 @@ public function beforeController(Controller $controller, string $methodName): vo
 			}
 		}
 
+		if (!empty($reflectionMethod->getAttributes(RequireDocumentBaseVersionEtag::class))) {
+			$this->assertDocumentBaseVersionEtag();
+		}
+
 		if (!empty($reflectionMethod->getAttributes(RequireDocumentSession::class))) {
 			$this->assertDocumentSession($controller);
 		}
 	}
 
+	/**
+	 * @throws InvalidDocumentBaseVersionEtagException
+	 */
+	private function assertDocumentBaseVersionEtag(): void {
+		$documentId = (int)$this->request->getParam('documentId');
+		$baseVersionEtag = $this->request->getParam('baseVersionEtag');
+
+		$document = $this->documentService->getDocument($documentId);
+		if ($baseVersionEtag && $document?->getBaseVersionEtag() !== $baseVersionEtag) {
+			throw new InvalidDocumentBaseVersionEtagException();
+		}
+	}
+
 	/**
 	 * @throws InvalidSessionException
 	 */
@@ -118,9 +141,13 @@ private function assertUserOrShareToken(ISessionAwareController $controller): vo
 		$controller->setDocument($document);
 	}
 
-	public function afterException($controller, $methodName, \Exception $exception): DataResponse|Response {
+	public function afterException($controller, $methodName, \Exception $exception): JSONResponse|Response {
+		if ($exception instanceof InvalidDocumentBaseVersionEtagException) {
+			return new JSONResponse($this->l10n->t('Editing session has expired. Please reload the page.'), Http::STATUS_PRECONDITION_FAILED);
+		}
+
 		if ($exception instanceof InvalidSessionException) {
-			return new DataResponse([], 403);
+			return new JSONResponse([], 403);
 		}
 
 		return parent::afterException($controller, $methodName, $exception);
diff --git a/lib/Service/ApiService.php b/lib/Service/ApiService.php
index 95dc3310215..1be3bf51d97 100644
--- a/lib/Service/ApiService.php
+++ b/lib/Service/ApiService.php
@@ -116,7 +116,7 @@ public function create(?int $fileId = null, ?string $filePath = null, ?string $b
 			$document = $this->documentService->getDocument($file->getId());
 			$freshSession = $document === null;
 			if ($baseVersionEtag && $baseVersionEtag !== $document?->getBaseVersionEtag()) {
-				return new DataResponse($this->l10n->t('Editing session has expired. Please reload the page.'), Http::STATUS_CONFLICT);
+				return new DataResponse($this->l10n->t('Editing session has expired. Please reload the page.'), Http::STATUS_PRECONDITION_FAILED);
 			}
 
 			if ($freshSession) {
@@ -193,7 +193,7 @@ public function push(Session $session, Document $document, int $version, array $
 			$session = $this->sessionService->updateSessionAwareness($session, $awareness);
 		} catch (DoesNotExistException $e) {
 			// Session was removed in the meantime. #3875
-			return new DataResponse([], 403);
+			return new DataResponse($this->l10n->t('Editing session has expired. Please reload the page.'), Http::STATUS_PRECONDITION_FAILED);
 		}
 		if (empty($steps)) {
 			return new DataResponse([]);
@@ -204,7 +204,7 @@ public function push(Session $session, Document $document, int $version, array $
 			return new DataResponse($e->getMessage(), 422);
 		} catch (DoesNotExistException|NotPermittedException) {
 			// Either no write access or session was removed in the meantime (#3875).
-			return new DataResponse([], 403);
+			return new DataResponse($this->l10n->t('Editing session has expired. Please reload the page.'), Http::STATUS_PRECONDITION_FAILED);
 		}
 		return new DataResponse($result);
 	}
diff --git a/src/services/PollingBackend.js b/src/services/PollingBackend.js
index 39595db05cd..3cbb3537f5e 100644
--- a/src/services/PollingBackend.js
+++ b/src/services/PollingBackend.js
@@ -170,6 +170,9 @@ class PollingBackend {
 					outsideChange: e.response.data.outsideChange,
 				},
 			})
+		} else if (e.response.status === 412) {
+			this.#syncService.emit('error', { type: ERROR_TYPE.LOAD_ERROR, data: e.response })
+			this.disconnect()
 		} else if (e.response.status === 403) {
 			this.#syncService.emit('error', { type: ERROR_TYPE.SOURCE_NOT_FOUND, data: {} })
 			this.disconnect()
diff --git a/src/services/SessionApi.js b/src/services/SessionApi.js
index 96bf299ad0a..c8f49e0a77b 100644
--- a/src/services/SessionApi.js
+++ b/src/services/SessionApi.js
@@ -114,6 +114,7 @@ export class Connection {
 		return this.#post(this.#url(`session/${this.#document.id}/sync`), {
 			...this.#defaultParams,
 			filePath: this.#options.filePath,
+			baseVersionEtag: this.#document.baseVersionEtag,
 			version,
 		})
 	}
@@ -122,6 +123,7 @@ export class Connection {
 		return this.#post(this.#url(`session/${this.#document.id}/save`), {
 			...this.#defaultParams,
 			filePath: this.#options.filePath,
+			baseVersionEtag: this.#document.baseVersionEtag,
 			version,
 			autosaveContent,
 			documentState,
@@ -134,6 +136,7 @@ export class Connection {
 		return this.#post(this.#url(`session/${this.#document.id}/push`), {
 			...this.#defaultParams,
 			filePath: this.#options.filePath,
+			baseVersionEtag: this.#document.baseVersionEtag,
 			steps,
 			version,
 			awareness,
diff --git a/src/services/SyncService.js b/src/services/SyncService.js
index 3c753b3624b..0bdd707ca25 100644
--- a/src/services/SyncService.js
+++ b/src/services/SyncService.js
@@ -179,7 +179,9 @@ class SyncService {
 				if (!response || code === 'ECONNABORTED') {
 					this.emit('error', { type: ERROR_TYPE.CONNECTION_FAILED, data: {} })
 				}
-				if (response?.status === 403) {
+				if (response?.status === 412) {
+					this.emit('error', { type: ERROR_TYPE.LOAD_ERROR, data: response })
+				} else if (response?.status === 403) {
 					if (!data.document) {
 						// either the session is invalid or the document is read only.
 						logger.error('failed to write to document - not allowed')

From f3439d708d38da3398a7d5074cff4a0320cbd82d Mon Sep 17 00:00:00 2001
From: Jonas <jonas@freesources.org>
Date: Mon, 18 Mar 2024 19:58:16 +0100
Subject: [PATCH 3/6] fix(DocumentStatus): Refactor and migrate to `NcNoteCard`

Fixes: #4905

Signed-off-by: Jonas <jonas@freesources.org>
---
 cypress/e2e/conflict.spec.js             |  3 +-
 cypress/e2e/share.spec.js                |  2 +-
 cypress/e2e/sync.spec.js                 |  8 +--
 src/components/Editor/DocumentStatus.vue | 85 +++++++++++-------------
 4 files changed, 47 insertions(+), 51 deletions(-)

diff --git a/cypress/e2e/conflict.spec.js b/cypress/e2e/conflict.spec.js
index 9e5021dc6c1..1396f6f9bef 100644
--- a/cypress/e2e/conflict.spec.js
+++ b/cypress/e2e/conflict.spec.js
@@ -54,7 +54,8 @@ variants.forEach(function({ fixture, mime }) {
 			cy.get('#viewer .modal-header button.header-close').click()
 			cy.get('#viewer').should('not.exist')
 			cy.openFile(fileName)
-			cy.get('.text-editor .document-status .icon-error')
+			cy.get('.text-editor .document-status')
+				.should('contain', 'Document has been changed outside of the editor.')
 			getWrapper()
 				.find('#read-only-editor')
 				.should('contain', 'Hello world')
diff --git a/cypress/e2e/share.spec.js b/cypress/e2e/share.spec.js
index 5eb124baf8c..e8282d5b775 100644
--- a/cypress/e2e/share.spec.js
+++ b/cypress/e2e/share.spec.js
@@ -151,7 +151,7 @@ describe('Open test.md in viewer', function() {
 			cy.login(recipient)
 			cy.visit('/apps/files')
 			cy.openFile('test.md')
-			cy.getModal().find('.empty-content__name').should('contain', 'Failed to load file')
+			cy.getModal().find('.document-status').should('contain', 'This file cannot be displayed as download is disabled by the share')
 			cy.getModal().getContent().should('not.exist')
 		})
 	})
diff --git a/cypress/e2e/sync.spec.js b/cypress/e2e/sync.spec.js
index 01a68ab7035..582157cff3a 100644
--- a/cypress/e2e/sync.spec.js
+++ b/cypress/e2e/sync.spec.js
@@ -74,7 +74,7 @@ describe('Sync', () => {
 		}).as('sessionRequests')
 		cy.wait('@dead', { timeout: 30000 })
 		cy.get('#editor-container .document-status', { timeout: 30000 })
-			.should('contain', 'File could not be loaded')
+			.should('contain', 'Document could not be loaded.')
 			.then(() => {
 				reconnect = true
 			})
@@ -83,7 +83,7 @@ describe('Sync', () => {
 			.as('syncAfterRecovery')
 		cy.wait('@syncAfterRecovery', { timeout: 30000 })
 		cy.get('#editor-container .document-status', { timeout: 30000 })
-			.should('not.contain', 'File could not be loaded')
+			.should('not.contain', 'Document could not be loaded.')
 		// FIXME: There seems to be a bug where typed words maybe lost if not waiting for the new session
 		cy.wait('@syncAfterRecovery', { timeout: 10000 })
 		cy.getContent().type('* more content added after the lost connection{enter}')
@@ -109,12 +109,12 @@ describe('Sync', () => {
 
 		cy.wait('@sessionRequests', { timeout: 30000 })
 		cy.get('#editor-container .document-status', { timeout: 30000 })
-			.should('contain', 'File could not be loaded')
+			.should('contain', 'Document could not be loaded.')
 
 		cy.wait('@syncAfterRecovery', { timeout: 60000 })
 
 		cy.get('#editor-container .document-status', { timeout: 30000 })
-			.should('not.contain', 'File could not be loaded')
+			.should('not.contain', 'Document could not be loaded.')
 		// FIXME: There seems to be a bug where typed words maybe lost if not waiting for the new session
 		cy.wait('@syncAfterRecovery', { timeout: 10000 })
 		cy.getContent().type('* more content added after the lost connection{enter}')
diff --git a/src/components/Editor/DocumentStatus.vue b/src/components/Editor/DocumentStatus.vue
index 3782b765197..014ac7a25ee 100644
--- a/src/components/Editor/DocumentStatus.vue
+++ b/src/components/Editor/DocumentStatus.vue
@@ -22,27 +22,34 @@
 
 <template>
 	<div class="document-status">
-		<NcEmptyContent v-if="isLoadingError" :name="t('text', 'Failed to load file')" :description="syncError.data.data">
+		<NcNoteCard v-if="hasWarning" type="warning">
+			<p v-if="isLoadingError">
+				{{ syncError.data.data }}
+				<!-- Display reload button on PRECONDITION_FAILED response type -->
+				<a v-if="syncError.data.status === 412" class="button primary" @click="reload">{{ t('text', 'Reload') }}</a>
+			</p>
+			<p v-else-if="hasSyncCollission">
+				{{ t('text', 'Document has been changed outside of the editor. The changes cannot be applied') }}
+			</p>
+			<p v-else-if="hasConnectionIssue">
+				{{ t('text', 'Document could not be loaded. Please check your internet connection.') }}
+				<a class="button primary" @click="reconnect">{{ t('text', 'Reconnect') }}</a>
+			</p>
+		</NcNoteCard>
+		<NcNoteCard v-else-if="idle" type="info">
+			<p>
+				{{ t('text', 'Document idle for {timeout} minutes, click to continue editing', { timeout: IDLE_TIMEOUT }) }}
+				<a class="button primary" @click="reconnect">{{ t('text', 'Reconnect') }}</a>
+			</p>
+		</NcNoteCard>
+		<NcNoteCard v-if="lock" type="info">
 			<template #icon>
-				<AlertOctagonOutline />
+				<Lock :size="20" />
 			</template>
-		</NcEmptyContent>
-
-		<p v-else-if="idle" class="msg">
-			{{ t('text', 'Document idle for {timeout} minutes, click to continue editing', { timeout: IDLE_TIMEOUT }) }} <a class="button primary" @click="reconnect">{{ t('text', 'Reconnect') }}</a>
-		</p>
-
-		<p v-else-if="hasSyncCollission" class="msg icon-error">
-			{{ t('text', 'The document has been changed outside of the editor. The changes cannot be applied.') }}
-		</p>
-
-		<p v-else-if="hasConnectionIssue" class="msg">
-			{{ t('text', 'File could not be loaded. Please check your internet connection.') }} <a class="button primary" @click="reconnect">{{ t('text', 'Reconnect') }}</a>
-		</p>
-
-		<p v-if="lock" class="msg msg-locked">
-			<Lock /> {{ t('text', 'This file is opened read-only as it is currently locked by {user}.', { user: lock.displayName }) }}
-		</p>
+			<p>
+				{{ t('text', 'This file is opened read-only as it is currently locked by {user}.', { user: lock.displayName }) }}
+			</p>
+		</NcNoteCard>
 
 		<CollisionResolveDialog v-if="hasSyncCollission" :sync-error="syncError" />
 	</div>
@@ -51,9 +58,8 @@
 <script>
 
 import { ERROR_TYPE, IDLE_TIMEOUT } from './../../services/SyncService.js'
-import AlertOctagonOutline from 'vue-material-design-icons/AlertOctagonOutline.vue'
 import Lock from 'vue-material-design-icons/Lock.vue'
-import { NcEmptyContent } from '@nextcloud/vue'
+import { NcNoteCard } from '@nextcloud/vue'
 import CollisionResolveDialog from '../CollisionResolveDialog.vue'
 
 export default {
@@ -61,9 +67,8 @@ export default {
 
 	components: {
 		CollisionResolveDialog,
-		AlertOctagonOutline,
 		Lock,
-		NcEmptyContent,
+		NcNoteCard,
 	},
 
 	props: {
@@ -79,6 +84,7 @@ export default {
 			type: Object,
 			default: null,
 		},
+
 		hasConnectionIssue: {
 			type: Boolean,
 			require: true,
@@ -98,12 +104,18 @@ export default {
 		isLoadingError() {
 			return this.syncError && this.syncError.type === ERROR_TYPE.LOAD_ERROR
 		},
+		hasWarning() {
+			return this.syncError || this.hasConnectionIssue
+		},
 	},
 
 	methods: {
 		reconnect() {
 			this.$emit('reconnect')
 		},
+		reload() {
+			window.location.reload()
+		},
 	},
 
 }
@@ -112,28 +124,11 @@ export default {
 <style scoped lang="scss">
 	.document-status {
 		position: sticky;
-		top: 0;
-		z-index: 10000;
-		max-height: 50px;
+		top: 16px;
+		z-index: 100000;
+		// max-height: 50px;
+		max-width: var(--text-editor-max-width);
+		margin: auto;
 		background-color: var(--color-main-background);
-
-		.msg {
-			padding: 12px;
-			background-position: 8px center;
-			color: var(--color-text-maxcontrast);
-
-			&.icon-error {
-				padding-left: 30px;
-			}
-
-			.button {
-				margin-left: 8px;
-			}
-
-			&.msg-locked .lock-icon {
-				padding: 0 10px;
-				float: left;
-			}
-		}
 	}
 </style>

From fc604e236f7d4dd316ff276aa0f5965433409d02 Mon Sep 17 00:00:00 2001
From: Jonas <jonas@freesources.org>
Date: Wed, 20 Mar 2024 15:10:57 +0100
Subject: [PATCH 4/6] test(cypress): Add session API tests with non-matching
 baseVersionEtag

Signed-off-by: Jonas <jonas@freesources.org>
---
 cypress/e2e/api/SessionApi.spec.js | 22 ++++++++++++++++++++++
 cypress/support/sessions.js        | 30 +++++++++++++++++++++++++-----
 src/services/SessionApi.js         |  5 +++++
 3 files changed, 52 insertions(+), 5 deletions(-)

diff --git a/cypress/e2e/api/SessionApi.spec.js b/cypress/e2e/api/SessionApi.spec.js
index 6a102316a71..666737b1ebf 100644
--- a/cypress/e2e/api/SessionApi.spec.js
+++ b/cypress/e2e/api/SessionApi.spec.js
@@ -344,6 +344,28 @@ describe('The session Api', function() {
 				.then(() => connection.close())
 		})
 
+		it('refuses create,push,sync,save with non-matching baseVersionEtag', function() {
+			cy.failToCreateTextSession(undefined, 'wrongBaseVersionEtag', { filePath: '', shareToken })
+				.its('status')
+				.should('eql', 412)
+
+			connection.setBaseVersionEtag('wrongBaseVersionEtag')
+
+			cy.failToPushSteps({ connection, steps: [messages.update], version })
+				.its('status')
+				.should('equal', 412)
+
+			cy.failToSyncSteps(connection, { version: 0 })
+				.its('status')
+				.should('equal', 412)
+
+			cy.failToSave(connection)
+				.its('status')
+				.should('equal', 412)
+
+			cy.then(() => connection.close())
+		})
+
 		it('recovers session even if last person leaves right after create', function() {
 			let joining
 			cy.log('Initial user pushes steps')
diff --git a/cypress/support/sessions.js b/cypress/support/sessions.js
index 947185529e5..8f598887481 100644
--- a/cypress/support/sessions.js
+++ b/cypress/support/sessions.js
@@ -36,13 +36,12 @@ Cypress.Commands.add('createTextSession', (fileId, options = {}) => {
 	return api.open({ fileId })
 })
 
-Cypress.Commands.add('failToCreateTextSession', (fileId) => {
-	const api = new SessionApi()
-	return api.open({ fileId })
+Cypress.Commands.add('failToCreateTextSession', (fileId, baseVersionEtag = null, options = {}) => {
+	const api = new SessionApi(options)
+	return api.open({ fileId, baseVersionEtag })
 		.then((response) => {
 			throw new Error('Expected request to fail - but it succeeded!')
-		})
-		.catch((err) => err.response)
+		}, (err) => err.response)
 })
 
 Cypress.Commands.add('pushSteps', ({ connection, steps, version, awareness = '' }) => {
@@ -50,16 +49,37 @@ Cypress.Commands.add('pushSteps', ({ connection, steps, version, awareness = ''
 		.then(response => response.data)
 })
 
+Cypress.Commands.add('failToPushSteps', ({ connection, steps, version, awareness = '' }) => {
+	return connection.push({ steps, version, awareness })
+		.then((response) => {
+			throw new Error('Expected request to fail - but it succeeded!')
+		}, (err) => err.response)
+})
+
 Cypress.Commands.add('syncSteps', (connection, options = { version: 0 }) => {
 	return connection.sync(options)
 		.then(response => response.data)
 })
 
+Cypress.Commands.add('failToSyncSteps', (connection, options = { version: 0 }) => {
+	return connection.sync(options)
+		.then((response) => {
+			throw new Error('Expected request to fail - but it succeeded!')
+		}, (err) => err.response)
+})
+
 Cypress.Commands.add('save', (connection, options = { version: 0 }) => {
 	return connection.save(options)
 		.then(response => response.data)
 })
 
+Cypress.Commands.add('failToSave', (connection, options = { version: 0 }) => {
+	return connection.save(options)
+		.then((response) => {
+			throw new Error('Expected request to fail - but it succeeded!')
+		}, (err) => err.response)
+})
+
 // Used to test for race conditions between the last push and the close request
 Cypress.Commands.add('pushAndClose', ({ connection, steps, version, awareness = '' }) => {
 	cy.log('Race between push and close')
diff --git a/src/services/SessionApi.js b/src/services/SessionApi.js
index c8f49e0a77b..b0296b19c8f 100644
--- a/src/services/SessionApi.js
+++ b/src/services/SessionApi.js
@@ -183,6 +183,11 @@ export class Connection {
 		return promise
 	}
 
+	// To be used in Cypress tests only
+	setBaseVersionEtag(baseVersionEtag) {
+		this.#document.baseVersionEtag = baseVersionEtag
+	}
+
 	#post(...args) {
 		if (this.closed) {
 			return Promise.reject(new ConnectionClosedError())

From a4e8747447f3a616d494218dd0d419c3a430f66e Mon Sep 17 00:00:00 2001
From: Jonas <jonas@freesources.org>
Date: Wed, 20 Mar 2024 15:51:35 +0100
Subject: [PATCH 5/6] text(cypress): Test browser refresh warning after
 document session cleanup

Signed-off-by: Jonas <jonas@freesources.org>
---
 cypress/e2e/sync.spec.js | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/cypress/e2e/sync.spec.js b/cypress/e2e/sync.spec.js
index 582157cff3a..c6338d82804 100644
--- a/cypress/e2e/sync.spec.js
+++ b/cypress/e2e/sync.spec.js
@@ -126,6 +126,25 @@ describe('Sync', () => {
 			.should('include', 'after the lost connection')
 	})
 
+	it('shows warning when document session got cleaned up', () => {
+		cy.get('.save-status button')
+			.click()
+		cy.wait('@save')
+		cy.uploadTestFile('test.md')
+
+		cy.get('#editor-container .document-status', { timeout: 30000 })
+			.should('contain', 'Editing session has expired.')
+
+		// Reload button works
+		cy.get('#editor-container .document-status a.button')
+			.contains('Reload')
+			.click()
+
+		cy.getContent()
+		cy.get('#editor-container .document-status .notecard')
+			.should('not.exist')
+	})
+
 	it('passes the doc content from one session to the next', () => {
 		cy.closeFile()
 		cy.intercept({ method: 'PUT', url: '**/apps/text/session/*/create' })

From ec4dc1687f7488d9b986bf5fd10036bca9d8cd27 Mon Sep 17 00:00:00 2001
From: Jonas <jonas@freesources.org>
Date: Wed, 20 Mar 2024 16:39:33 +0100
Subject: [PATCH 6/6] fix(response): Make sure JSONResponse returns valid data

Wrap error messages into an array when responding with `JSONResponse`.

Signed-off-by: Jonas <jonas@freesources.org>
---
 lib/Middleware/SessionMiddleware.php     |  2 +-
 lib/Service/ApiService.php               | 18 +++++++++---------
 src/components/Editor/DocumentStatus.vue |  2 +-
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/lib/Middleware/SessionMiddleware.php b/lib/Middleware/SessionMiddleware.php
index 6697dc544d4..e72646e404d 100644
--- a/lib/Middleware/SessionMiddleware.php
+++ b/lib/Middleware/SessionMiddleware.php
@@ -143,7 +143,7 @@ private function assertUserOrShareToken(ISessionAwareController $controller): vo
 
 	public function afterException($controller, $methodName, \Exception $exception): JSONResponse|Response {
 		if ($exception instanceof InvalidDocumentBaseVersionEtagException) {
-			return new JSONResponse($this->l10n->t('Editing session has expired. Please reload the page.'), Http::STATUS_PRECONDITION_FAILED);
+			return new JSONResponse(['error' => $this->l10n->t('Editing session has expired. Please reload the page.')], Http::STATUS_PRECONDITION_FAILED);
 		}
 
 		if ($exception instanceof InvalidSessionException) {
diff --git a/lib/Service/ApiService.php b/lib/Service/ApiService.php
index 1be3bf51d97..488b6986db0 100644
--- a/lib/Service/ApiService.php
+++ b/lib/Service/ApiService.php
@@ -85,17 +85,17 @@ public function create(?int $fileId = null, ?string $filePath = null, ?string $b
 				} catch (NotFoundException $e) {
 					return new DataResponse([], Http::STATUS_NOT_FOUND);
 				} catch (NotPermittedException $e) {
-					return new DataResponse($this->l10n->t('This file cannot be displayed as download is disabled by the share'), 404);
+					return new DataResponse(['error' => $this->l10n->t('This file cannot be displayed as download is disabled by the share')], 404);
 				}
 			} elseif ($fileId) {
 				try {
 					$file = $this->documentService->getFileById($fileId);
 				} catch (NotFoundException|NotPermittedException $e) {
 					$this->logger->error('No permission to access this file', [ 'exception' => $e ]);
-					return new DataResponse($this->l10n->t('No permission to access this file.'), Http::STATUS_NOT_FOUND);
+					return new DataResponse(['error' => $this->l10n->t('No permission to access this file.')], Http::STATUS_NOT_FOUND);
 				}
 			} else {
-				return new DataResponse('No valid file argument provided', Http::STATUS_PRECONDITION_FAILED);
+				return new DataResponse(['error' => 'No valid file argument provided'], Http::STATUS_PRECONDITION_FAILED);
 			}
 
 			$storage = $file->getStorage();
@@ -106,7 +106,7 @@ public function create(?int $fileId = null, ?string $filePath = null, ?string $b
 				$share = $storage->getShare();
 				$shareAttribtues = $share->getAttributes();
 				if ($shareAttribtues !== null && $shareAttribtues->getAttribute('permissions', 'download') === false) {
-					return new DataResponse($this->l10n->t('This file cannot be displayed as download is disabled by the share'), 403);
+					return new DataResponse(['error' => $this->l10n->t('This file cannot be displayed as download is disabled by the share')], 403);
 				}
 			}
 
@@ -116,7 +116,7 @@ public function create(?int $fileId = null, ?string $filePath = null, ?string $b
 			$document = $this->documentService->getDocument($file->getId());
 			$freshSession = $document === null;
 			if ($baseVersionEtag && $baseVersionEtag !== $document?->getBaseVersionEtag()) {
-				return new DataResponse($this->l10n->t('Editing session has expired. Please reload the page.'), Http::STATUS_PRECONDITION_FAILED);
+				return new DataResponse(['error' => $this->l10n->t('Editing session has expired. Please reload the page.')], Http::STATUS_PRECONDITION_FAILED);
 			}
 
 			if ($freshSession) {
@@ -132,7 +132,7 @@ public function create(?int $fileId = null, ?string $filePath = null, ?string $b
 			}
 		} catch (Exception $e) {
 			$this->logger->error($e->getMessage(), ['exception' => $e]);
-			return new DataResponse('Failed to create the document session', 500);
+			return new DataResponse(['error' => 'Failed to create the document session'], 500);
 		}
 
 		/** @var Document $document */
@@ -193,7 +193,7 @@ public function push(Session $session, Document $document, int $version, array $
 			$session = $this->sessionService->updateSessionAwareness($session, $awareness);
 		} catch (DoesNotExistException $e) {
 			// Session was removed in the meantime. #3875
-			return new DataResponse($this->l10n->t('Editing session has expired. Please reload the page.'), Http::STATUS_PRECONDITION_FAILED);
+			return new DataResponse(['error' => $this->l10n->t('Editing session has expired. Please reload the page.')], Http::STATUS_PRECONDITION_FAILED);
 		}
 		if (empty($steps)) {
 			return new DataResponse([]);
@@ -201,10 +201,10 @@ public function push(Session $session, Document $document, int $version, array $
 		try {
 			$result = $this->documentService->addStep($document, $session, $steps, $version, $token);
 		} catch (InvalidArgumentException $e) {
-			return new DataResponse($e->getMessage(), 422);
+			return new DataResponse(['error' => $e->getMessage()], 422);
 		} catch (DoesNotExistException|NotPermittedException) {
 			// Either no write access or session was removed in the meantime (#3875).
-			return new DataResponse($this->l10n->t('Editing session has expired. Please reload the page.'), Http::STATUS_PRECONDITION_FAILED);
+			return new DataResponse(['error' => $this->l10n->t('Editing session has expired. Please reload the page.')], Http::STATUS_PRECONDITION_FAILED);
 		}
 		return new DataResponse($result);
 	}
diff --git a/src/components/Editor/DocumentStatus.vue b/src/components/Editor/DocumentStatus.vue
index 014ac7a25ee..0061099826c 100644
--- a/src/components/Editor/DocumentStatus.vue
+++ b/src/components/Editor/DocumentStatus.vue
@@ -24,7 +24,7 @@
 	<div class="document-status">
 		<NcNoteCard v-if="hasWarning" type="warning">
 			<p v-if="isLoadingError">
-				{{ syncError.data.data }}
+				{{ syncError.data.data.error }}
 				<!-- Display reload button on PRECONDITION_FAILED response type -->
 				<a v-if="syncError.data.status === 412" class="button primary" @click="reload">{{ t('text', 'Reload') }}</a>
 			</p>