owncloud · TheOneRing · Jan 18, 2024 · Jan 18, 2024 · Jan 18, 2024 · Jan 18, 2024
diff --git a/changelog/unreleased/11424 b/changelog/unreleased/11424
@@ -0,0 +1,5 @@
+Enhancement: Improve handling of a server blocking an unsupported client
+
+We improved the handling of HTTP 403 status codes.
+
+https://github.com/owncloud/client/issues/11424
diff --git a/src/gui/accountstate.cpp b/src/gui/accountstate.cpp
@@ -485,6 +485,8 @@ void AccountState::slotConnectionValidatorResult(ConnectionValidator::Status sta
     case ConnectionValidator::NotConfigured:
         setState(Disconnected);
         break;
+    case ConnectionValidator::ClientUnsupported:
+        [[fallthrough]];
     case ConnectionValidator::ServerVersionMismatch:
         setState(ConfigurationError);
         break;

diff --git a/src/gui/connectionvalidator.cpp b/src/gui/connectionvalidator.cpp
@@ -137,6 +137,9 @@ void ConnectionValidator::slotCheckServerAndAuth()
             case QNetworkReply::TooManyRedirectsError:
                 reportResult(MaintenanceMode);
                 return;
+            case QNetworkReply::ContentAccessDenied:
+                reportResult(ClientUnsupported);
+                return;
             default:
                 break;
             }
@@ -218,7 +221,9 @@ void ConnectionValidator::slotAuthFailed(QNetworkReply *reply)
         qCWarning(lcConnectionValidator) << "******** Password is wrong!" << reply->error() << job;
         _errors << tr("The provided credentials are not correct");
         stat = CredentialsWrong;
-
+    } else if (reply->error() == QNetworkReply::ContentAccessDenied) {
+        stat = ClientUnsupported;
+        _errors << extractErrorMessage(job->reply()->readAll());
     } else if (reply->error() != QNetworkReply::NoError) {
         _errors << job->errorStringParsingBody();
 

diff --git a/src/gui/connectionvalidator.h b/src/gui/connectionvalidator.h
@@ -99,7 +99,8 @@ class ConnectionValidator : public QObject
         StatusNotFound, // Error retrieving status.php
         ServiceUnavailable, // 503 on authed request
         MaintenanceMode, // maintenance enabled in status.php
-        Timeout // actually also used for other errors on the authed request
+        Timeout, // actually also used for other errors on the authed request
+        ClientUnsupported // The server blocks us as an unsupported client
     };
     Q_ENUM(Status);
 

diff --git a/src/gui/newwizard/CMakeLists.txt b/src/gui/newwizard/CMakeLists.txt
@@ -40,9 +40,6 @@ add_library(newwizard STATIC
     jobs/resolveurljobfactory.cpp
     jobs/resolveurljobfactory.h
 
-    jobs/checkbasicauthjobfactory.cpp
-    jobs/checkbasicauthjobfactory.h
-
     jobs/discoverwebfingerservicejobfactory.cpp
     jobs/discoverwebfingerservicejobfactory.h
 

diff --git a/src/gui/newwizard/jobs/checkbasicauthjobfactory.cpp b/src/gui/newwizard/jobs/checkbasicauthjobfactory.cpp
diff --git a/src/gui/newwizard/jobs/checkbasicauthjobfactory.h b/src/gui/newwizard/jobs/checkbasicauthjobfactory.h
diff --git a/src/gui/newwizard/states/basiccredentialssetupwizardstate.cpp b/src/gui/newwizard/states/basiccredentialssetupwizardstate.cpp
@@ -13,7 +13,6 @@
  */
 
 #include "basiccredentialssetupwizardstate.h"
-#include "jobs/checkbasicauthjobfactory.h"
 #include "networkjobs/fetchuserinfojobfactory.h"
 
 namespace OCC::Wizard {

diff --git a/src/gui/owncloudgui.cpp b/src/gui/owncloudgui.cpp
@@ -852,7 +852,11 @@ void ownCloudGui::runNewAccountWizard()
 
                     QObject::connect(validator, &ConnectionValidator::connectionResult, accountStatePtr.data(),
                         [accountStatePtr, syncMode, dynamicRegistrationData](ConnectionValidator::Status status, const QStringList &) {
-                            if (OC_ENSURE(status == ConnectionValidator::Connected || status == ConnectionValidator::ServerVersionMismatch)) {
+                            switch (status) {
+                            // a server we no longer support but that might work
+                            case ConnectionValidator::ServerVersionMismatch:
+                                [[fallthrough]];
+                            case ConnectionValidator::Connected: {
                                 // saving once after adding makes sure the account is stored in the config in a working state
                                 // this is needed to ensure a consistent state in the config file upon unexpected terminations of the client
                                 // (for instance, when running from a debugger and stopping the process from there)
@@ -919,6 +923,11 @@ void ownCloudGui::runNewAccountWizard()
                                     Q_UNREACHABLE();
                                 }
                             }
+                            case ConnectionValidator::ClientUnsupported:
+                                break;
+                            default:
+                                Q_UNREACHABLE();
+                            }
                         });
 
 

diff --git a/src/libsync/creds/httpcredentials.cpp b/src/libsync/creds/httpcredentials.cpp
@@ -181,7 +181,12 @@ void HttpCredentials::fetchFromKeychain()
 
 void HttpCredentials::fetchFromKeychainHelper()
 {
-    Q_ASSERT(!_user.isEmpty());
+    if (_user.isEmpty()) {
+        _password.clear();
+        _ready = false;
+        emit fetched();
+        return;
+    }
     auto job = _account->credentialManager()->get(isUsingOAuth() ? refreshTokenKeyC() : passwordKeyC());
     connect(job, &CredentialJob::finished, this, [job, this] {
         auto handleError = [job, this] {

diff --git a/test/testconnectionvalidator/testconnectionvalidator.cpp b/test/testconnectionvalidator/testconnectionvalidator.cpp
@@ -64,10 +64,12 @@ private Q_SLOTS:
             return value;
         }() << ConnectionValidator::MaintenanceMode;
         QTest::newRow("stauts.php ServiceUnavailable") << FailStage::StatusPhp << defaultValue << ConnectionValidator::StatusNotFound;
+        QTest::newRow("stauts.php UnsupportedClient") << FailStage::StatusPhp << defaultValue << ConnectionValidator::ClientUnsupported;
 
         QTest::newRow("auth 401") << FailStage::AuthValidation << defaultValue << ConnectionValidator::CredentialsWrong;
         QTest::newRow("auth timeout") << FailStage::AuthValidation << defaultValue << ConnectionValidator::Timeout;
         QTest::newRow("auth ServiceUnavailable") << FailStage::AuthValidation << defaultValue << ConnectionValidator::ServiceUnavailable;
+        QTest::newRow("auth UnsupportedClient") << FailStage::AuthValidation << defaultValue << ConnectionValidator::ClientUnsupported;
 
         QTest::newRow("capabilites timeout") << FailStage::Capabilities << defaultValue << ConnectionValidator::CredentialsWrong;
         QTest::newRow("capabilites 401") << FailStage::Capabilities << defaultValue << ConnectionValidator::Timeout;
@@ -103,6 +105,8 @@ private Q_SLOTS:
                             return new FakeHangingReply(op, request, this);
                         } else if (status == ConnectionValidator::StatusNotFound) {
                             return new FakeErrorReply(op, request, this, 500);
+                        } else if (status == ConnectionValidator::ClientUnsupported) {
+                            return new FakeErrorReply(op, request, this, 403);
                         }
                     }
                     return new FakePayloadReply(op, request, getPayloadTemplated(QStringLiteral("status.php.json.in"), values), this);
@@ -135,6 +139,8 @@ private Q_SLOTS:
                     return new FakeHangingReply(op, request, this);
                 } else if (status == ConnectionValidator::ServiceUnavailable) {
                     return new FakeErrorReply(op, request, this, 503);
+                } else if (status == ConnectionValidator::ClientUnsupported) {
+                    return new FakeErrorReply(op, request, this, 403);
                 }
             }
             return nullptr;

diff --git a/test/testremotediscovery.cpp b/test/testremotediscovery.cpp
@@ -76,7 +76,7 @@ private slots:
 
         QTest::newRow("400") << 400 << itemErrorMessage << false;
         QTest::newRow("401") << 401 << QStringLiteral("Fake credentials error") << false;
-        QTest::newRow("403") << 403 << itemErrorMessage << true;
+        QTest::newRow("403") << 403 << QStringLiteral("Fake access denied error") << true;
         QTest::newRow("404") << 404 << itemErrorMessage << true;
         QTest::newRow("500") << 500 << itemErrorMessage << true;
         QTest::newRow("503") << 503 << itemErrorMessage << true;

diff --git a/test/testutils/syncenginetestutils.cpp b/test/testutils/syncenginetestutils.cpp
@@ -819,9 +819,14 @@ FakeErrorReply::FakeErrorReply(QNetworkAccessManager::Operation op, const QNetwo
     setOperation(op);
     open(QIODevice::ReadOnly);
     setAttribute(QNetworkRequest::HttpStatusCodeAttribute, httpErrorCode);
-    if (httpErrorCode == 401) {
+    switch (httpErrorCode) {
+    case 401:
         setError(AuthenticationRequiredError, QStringLiteral("Fake credentials error"));
-    } else {
+        break;
+    case 403:
+        setError(ContentAccessDenied, QStringLiteral("Fake access denied error"));
+        break;
+    default:
         setError(InternalServerError, QStringLiteral("Internal Server Fake Error"));
     }
     QMetaObject::invokeMethod(this, &FakeErrorReply::respond, Qt::QueuedConnection);