Creation of duplicate poll when registered user access poll via public link

[raaaimund]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github (I've searched it).
• I agree to follow Nextcloud's Code of Conduct.

What went wrong, what did you observe?

When I create a poll, add a public link and share this public link with a person that also has a user on the same nextcloud instance the user cannot access the poll and will get the 403 page instead. Additionally the user which accessed the poll will have the same poll twice / duplicated in their "Private polls" page (/apps/polls/list/private). The user will also show up twice in the "Sharing" tab of the user who created the poll.

What did you expect, how polls should behave instead?

The poll should be accessible via the public share link whether the user has or has not an account on the same nextcloud instance. The poll should also not be duplicated.

What steps does it need to replay this bug?

1. Create a poll with public link
2. Share link to user which is on the same nextcloud instance
3. The user should open the link with an active session / logged in
4. The user will get 403
5. The user will have this poll twice in their "Private polls" page
6. The create of the poll will see the user twice in the "Sharing" options of the poll

Affected polls version

8.6.3

Installation method

Installed/updated from the appstore (Apps section of your site)

Installation type

Updated from a minor version within same major version (i.e. 8.0.0 to 8.1.2)

Can you rule out that any extension you use is involved in the issue?

• I have checked all browser extension

Which browser did you use, when experiencing the bug?

• Firefox
• Chrome
• Chromium/Chromium based (i.e. Edge)
• Safari
• Other/Don't know

Other browser

No response

Add your browser log here

[ERROR] polls: Error retrieving share 
Object { app: "polls", uid: "nextcloud.user.that.opened.the.public.link", level: 2, error: {…} }
​
app: "polls"
​
error: Object { message: "Request failed with status code 500", name: "AxiosError", code: "ERR_BAD_RESPONSE", … }
​​
code: "ERR_BAD_RESPONSE"
​​
config: Object { timeout: 0, xsrfCookieName: "XSRF-TOKEN", xsrfHeaderName: "X-XSRF-TOKEN", … }
​​
message: "Request failed with status code 500"
​​
name: "AxiosError"
​​
request: XMLHttpRequest { readyState: 4, timeout: 0, withCredentials: false, … }
​​
response: Object { data: '<!DOCTYPE html>\n<html class="ng-csp" data-placeholder-focus="false" lang="en" data-locale="en" translate="no" >\n\t<head\n data-requesttoken="">\n\t\t<meta charset="utf-8">\n\t\t<title>\n\t\t\tnextcloud.some-instance.com\t\t</title>\n\t\t<meta name="csp-nonce" nonce="0QfqKqpz39/fB54sIRcD3G9Qb/G0KHOhWZ95DlMrX+A=">\n\t\t<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0">\n\t\t\t\t<meta name="apple-itunes-app" content="app-id=1125420102">\n\t\t\t\t<meta name="theme-color" content="#b6469d">\n\t\t<link rel="icon" href="/themes/core/img/favicon.ico">\n\t\t<link rel="apple-touch-icon" href="/themes/core/img/favicon-touch.png">\n\t\t<link rel="mask-icon" sizes="any" href="/core/img/favicon-mask.svg" color="#b6469d">\n\t\t<link rel="manifest" href="/apps/theming/manifest?v=36090b55" crossorigin="use-credentials">\n\t\t<link rel="stylesheet" href="/custom_apps/drawio/css/main.css?v=1f4e0050-18">\n<link rel="stylesheet" href="/core/css/styles.css?v=b4bc0771-18">\n<link rel="stylesheet" href="/core/css/header.css?v=b4bc0771-18">\n<link rel="stylesheet" href="/core/css/exception.css?v=b4bc0771-18">\n<link rel="stylesheet" href="/apps/theming/css/default.css?v=140628d2-18">\n<link rel="stylesheet" href="/core/css/guest.css?v=b4bc0771-18">\n\t\t<script nonce="0QfqKqpz39/fB54sIRcD3G9Qb/G0KHOhWZ95DlMrX+A=" defer src="/custom_apps/calendar/js/calendar-contacts-menu.js?v=b4bc0771-18"></script>\n<script nonce="0QfqKqpz39/fB54sIRcD3G9Qb/G0KHOhWZ95DlMrX+A=" defer src="/custom_apps/drawio/js/main.js?v=b4bc0771-18"></script>\n\t\t\t</head>\n\t<body id="body-login" data-theme-default  data-themes="default">\n\t\t<noscript>\n\t<div id="nojavascript">\n\t\t<div>\n\t\t\tThis application requires JavaScript for correct operation. Please <a href="https://www.enable-javascript.com/" target="_blank" rel="noreferrer noopener">enable JavaScript</a> and reload the page.\t\t</div>\n\t</div>\n</noscript>\n\t\t<div id="initial-state-container" style="display: none;">\n\t\t\t<input type="hidden" id="initial-state-core-versionHash" value="ImI0YmMwNzcxIg==">\n\t\t\t<input type="hidden" id="initial-state-comments-maxAutoCompleteResults" value="MTA=">\n\t</div>\n\t\t<div class="wrapper">\n\t\t\t<div class="v-align">\n\t\t\t\t\t\t\t\t\t<header>\n\t\t\t\t\t\t<div id="header">\n\t\t\t\t\t\t\t<div class="logo"></div>\n\t\t\t\t\t\t</div>\n\t\t\t\t\t</header>\n\t\t\t\t\t\t\t\t<div>\n\t\t\t\t\t<h1 class="hidden-visually">\n\t\t\t\t\t\tnextcloud.some-instance.com\t\t\t\t\t</h1>\n\t\t\t\t\t<div class="guest-box wide">\n\t<h2>Internal Server Error</h2>\n\t<p>The server was unable to complete your request.</p>\n\t<p>If this happens again, please send the technical details below to the server administrator.</p>\n\t<p>More details can be found in the server log.</p>\n\t\n\t<h3>Technical details</h3>\n\t<ul>\n\t\t<li>Remote Address: 188.21.100.91</li>\n\t\t<li>Request ID: U45xHrcaGEfAdp4FT2Uo</li>\n\t\t\t</ul>\n\n\t</div>\n\t\t\t\t</div>\n\t\t\t</div>\n\t\t</div>\n\t\t\t\t<footer class="guest-box ">\n\t\t\t<p class="info">\n\t\t\t\t<a href="https://nextcloud.some-instance.com" target="_blank" rel="noreferrer noopener" class="entity-name">nextcloud.some-instance.com</a> – powered by Nextcloud\t\t\t</p>\n\t\t</footer>\n\t</body>\n</html>\n', status: 500, statusText: "", … }
​​
stack: "sh@https://nextcloud.some-instance.com.at/custom_apps/polls/js/_plugin-vue_export-helper-BHapzudc.chunk.mjs:8:1083\nB@https://nextcloud.some-instance.com/custom_apps/polls/js/_plugin-vue_export-helper-BHapzudc.chunk.mjs:8:5823\n"
​​
status: 500
​​
<prototype>: Object { constructor: Ae(e, u, t, n, o), toJSON: toJSON(), stack: "", … }
​
level: 2
​
uid: "nextcloud.user.that.opened.the.public.link"
​
<prototype>: Object { … }
purify.es.mjs:1368:26

Additional client environment information

No response

NC version

Nextcloud 31

Other Nextcloud version

31.0.13, 32.0.6

PHP engine version

PHP 8.3

Other PHP version

PHP 8.3.29

Database engine

PostgreSQL

Database Engine version or other Database

No response

Which user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other/Don't know

Add your nextcloud server log here

Additional environment informations

No response

Configuration report

List of activated Apps

Nextcloud Signing status

Additional Information

No response

[dartcafe]

Seems there is more information necessary. If you got a 500, there must be a record in the nextcloud.log of your instance.

I am not able to reproduce this error.