Activity notifications should link the individual share link

[binarynoise]

⚠️ This issue respects the following points: ⚠️

• [x] This is a bug, not a question or a configuration/webserver/proxy issue.
• [x] This issue is not already reported on Github (I've searched it).
• [x] I agree to follow Nextcloud's Code of Conduct.

What went wrong, what did you observe?

While playing around with email notifications, I noticed that a mail with an activity report (for poll configuration changed) includes the internal link /index.php/apps/polls/vote/5 instead of either the public or personal share link.

What did you expect, how polls should behave instead?

The mail should include the private/personal share link to allow a user to immediately edit the poll.

What steps does it need to replay this bug?

1. Create poll
2. Create share link
3. Use that link in a private tab to register a guest with email address
4. As guest, Subscribe to Notifications (btw, is it normal that the checkbox won't stay checked?)
5. As creator, change one poll setting (like not allowing maybe as response option) or write a comment

Affected polls version

8.5.0

Installation method

Installed/updated from the appstore (Apps section of your site)

Installation type

Updated from a minor version within same major version (i.e. 8.0.0 to 8.1.2)

Can you rule out that any extension you use is involved in the issue?

• [x] I have checked all browser extension

Which browser did you use, when experiencing the bug?

• [x] Firefox
• [ ] Chrome
• [ ] Chromium/Chromium based (i.e. Edge)
• [ ] Safari
• [ ] Other/Don't know

Other browser

No response

Add your browser log here

No response

Additional client environment information

"Test" hat kürzliche Aktivität:

  * Umfragekonfiguration aktualisiert. Bitte überprüfe deine Stimmabgabe. ()
  * T hat abgestimmt. ()
Zur Umfrage gehen: https://.../index.php/apps/polls/vote/5

--
Du erhältst diese E-Mail, da du Benachrichtigungen zu dieser Umfrage abonniert hast. Um dich abzumelden, besuche die Umfrage und beende dein Abonnement.

NC version

Nextcloud 31

Other Nextcloud version

No response

PHP engine version

Other/Don't know

Other PHP version

the one that comes with AIO

Database engine

Other/Don't know

Database Engine version or other Database

the one that comes with AIO

Which user-backends are you using?

• [x] Default user-backend (database)
• [ ] LDAP/ Active Directory
• [ ] SSO - SAML
• [ ] Other/Don't know

Add your nextcloud server log here

Additional environment informations

I use Nextcloud AIO

Configuration report

{
    "system": {
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "overwritehost": "***REMOVED SENSITIVE VALUE***",
        "overwriteprotocol": "https",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "version": "31.0.9.1",
        "overwrite.cli.url": "https:\/\/***REMOVED SENSITIVE VALUE***\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "loglevel": 0,
        "log_type": "file",
        "logfile": "\/var\/www\/html\/data\/nextcloud.log",
        "log_rotate_size": "10485760",
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "preview_max_x": "2048",
        "preview_max_y": "2048",
        "jpeg_quality": "60",
        "enabledPreviewProviders": {
            "1": "OC\\Preview\\Image",
            "2": "OC\\Preview\\MarkDown",
            "3": "OC\\Preview\\MP3",
            "4": "OC\\Preview\\TXT",
            "5": "OC\\Preview\\OpenDocument",
            "6": "OC\\Preview\\Movie",
            "0": "OC\\Preview\\Imaginary",
            "23": "OC\\Preview\\ImaginaryPDF"
        },
        "enable_previews": true,
        "upgrade.disable-web": true,
        "mail_smtpmode": "smtp",
        "trashbin_retention_obligation": "auto, 30",
        "versions_retention_obligation": "auto, 30",
        "activity_expire_days": "30",
        "simpleSignUpLink.shown": false,
        "share_folder": "\/Shared",
        "one-click-instance": true,
        "one-click-instance.user-limit": 100,
        "htaccess.RewriteBase": "\/",
        "files_external_allow_create_new_local": false,
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "one-click-instance.link": "https:\/\/nextcloud.com\/all-in-one\/",
        "updatedirectory": "\/nc-updater",
        "default_phone_region": "DE",
        "default_language": "de",
        "default_locale": "de",
        "theme": "",
        "upgrade.cli-upgrade-link": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/2726",
        "allow_local_remote_servers": true,
        "mail_sendmailmode": "smtp",
        "mail_smtpport": "587",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "app.mail.verify-tls-peer": false,
        "mail_smtpstreamoptions": {
            "ssl": {
                "allow_self_signed": true,
                "verify_peer": false,
                "verify_peer_name": false
            }
        },
        "davstorage.request_timeout": 3600,
        "dbpersistent": false,
        "appsallowlist": false,
        "maintenance_window_start": 100,
        "preview_imaginary_key": "***REMOVED SENSITIVE VALUE***",
        "auth.bruteforce.protection.enabled": true,
        "ratelimit.protection.enabled": true,
        "documentation_url.server_logs": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/5425",
        "data-fingerprint": "cb99db0ff25bfd6525218d26bd2be47c",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "updatechecker": false,
        "app_install_overwrite": [],
        "mail_smtpauth": true,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "DOMAIN": "***REMOVED SENSITIVE VALUE***"
    }
}

List of activated Apps

Enabled:
  - activity: 4.0.0
  - admin_audit: 1.21.0
  - app_api: 5.0.2
  - bruteforcesettings: 4.0.0
  - calendar: 5.5.7
  - cfg_share_links: 7.0.1
  - cloud_federation_api: 1.14.0
  - comments: 1.21.0
  - contacts: 7.3.4
  - dav: 1.33.0
  - federatedfilesharing: 1.21.0
  - federation: 1.21.0
  - files: 2.3.1
  - files_downloadactivity: 1.18.1
  - files_downloadlimit: 4.0.0
  - files_pdfviewer: 4.0.0
  - files_reminders: 1.4.0
  - files_sharing: 1.23.1
  - files_trashbin: 1.21.0
  - files_versions: 1.24.0
  - firstrunwizard: 4.0.0
  - forms: 5.2.2
  - groupfolders: 19.1.8
  - impersonate: 2.0.0
  - logreader: 4.0.0
  - lookup_server_connector: 1.19.0
  - nextcloud-aio: 0.8.0
  - nextcloud_announcements: 3.0.0
  - notes: 4.12.3
  - notifications: 4.0.0
  - notify_push: 1.2.0
  - oauth2: 1.19.1
  - password_policy: 3.0.0
  - photos: 4.0.0
  - polls: 8.5.0
  - previewgenerator: 5.10.0
  - profile: 1.0.0
  - provisioning_api: 1.21.0
  - serverinfo: 3.0.0
  - settings: 1.14.0
  - sharebymail: 1.21.0
  - support: 3.0.0
  - survey_client: 3.0.0
  - systemtags: 1.21.1
  - tasks: 0.17.0
  - text: 5.0.0
  - theming: 2.6.1
  - theming_customcss: 1.19.0
  - twofactor_backupcodes: 1.20.0
  - twofactor_totp: 13.0.0-dev.0
  - updatenotification: 1.21.0
  - uppush: 2.3.1
  - user_migration: 8.0.0
  - viewer: 4.0.0
  - webhook_listeners: 1.2.0
  - workflowengine: 2.13.0
Disabled:
  - circles: 31.0.0 (installed 24.0.1)
  - contactsinteraction: 1.12.0 (installed 1.5.0)
  - dashboard: 7.11.0 (installed 7.4.0)
  - encryption: 2.19.0
  - files_external: 1.23.0
  - privacy: 3.0.0 (installed 1.13.0)
  - recommendations: 4.0.0 (installed 1.3.0)
  - related_resources: 2.0.0 (installed 1.4.0)
  - suspicious_login: 9.0.1 (installed 5.0.0)
  - twofactor_nextcloud_notification: 5.0.0
  - user_ldap: 1.22.0
  - user_status: 1.11.0 (installed 1.4.0)
  - weather_status: 1.11.0 (installed 1.4.0)

Nextcloud Signing status

No errors have been found.

Additional Information

No response

[github-actions[bot]]

This issue is marked as stale, because it had no activity in the last 30 days. It will be closed in 5 days.

[binarynoise]

If noone had the time to look at this yet, it probably didn't fix itself.

[dartcafe]

If noone had the time to look at this yet, it probably didn't fix itself.

What?

[dartcafe]

I can't reproduce this.

• Internal users get the internal link to the poll
• External users get their share link to the poll

btw, is it normal that the checkbox won't stay checked?

This was a falsy requested method. Fixed with this commit

[binarynoise]

If noone had the time to look at this yet, it probably didn't fix itself.

What?

Tell the stale bot this should not be closed.

I can't reproduce this.

~~I still can.~~

~~You can try yourself. I have a Nextcloud instance running at cloud.myusername.de and created a poll with ID FFLJw9Er. When you register with an email, you will get your personal link. Subscribe to activity notifications. When one arrives it will contain the raw poll ID (5) like in the email I quoted above, even though you are an external user.~~

Turns out, I registered with the email address that I had added to my user account. So even if I registered and voted as external user, the notification system classified it as internal user or confused it with the internal user which also had notifications subscribed and only sent the internal link. Is Nextcloud supposed to reject or accept using internal email addresses for external registrations?

[dartcafe]

Tell the stale bot this should not be closed.

Don't care about him. I have a watch at this, but limited time atm.

Turns out, I registered with the email address that I had added to my user account. So even if I registered and voted as external user, the notification system classified it as internal user or confused it with the internal user which also had notifications subscribed and only sent the internal link.

Valuable information. I will check this combination, if it is intentionally or a problem.

[dartcafe]

So. Now I had some time to take a look.

The subscription knows the user id of the participant who subscribed and the poll id. With this information the participant is identified.

If the user id matches an internal user, the notification is sent to the email address belonging to the internal user. In this case the internal poll URL is used as link.

If the user id matches a share's user id, the notification is sent out to the email address belonging to the share. In this case the share URL is used as link.

I cannot see, that there is a chance to get confused by identical email addresses, because they are not parameter for the identification.

I just guess, you were subscribed as the internal user, too and the external share user with the same email address was just not able to subscribe because of the bug you mentioned before.