Unlocking a foreign lock within shared folder results in server error

[susnux]

User A shares a folder with user B.
Within that folder is a file, that is locked by user A.

If user B tries to unlock that file the server will throw an error and returns HTTP 500.

Expected result: Do not unlock but return 403 as User B should not be able to unlock a file of a different user.

Nextcloud log

{"reqId":"ZuFqOh0hoaWJsm1sfEX1","level":3,"time":"2023-09-27T10:26:39+00:00","remoteAddr":"95.90.155.253","user":"FerdinandT","app":"no app in context","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301472?format=json","message":"Call to a member function getOwner() on array in file '/var/www/html/custom_apps/files_lock/lib/Controller/LockController.php' line 150","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","exception":{"Exception":"Exception","Message":"Call to a member function getOwner() on array in file '/var/www/html/custom_apps/files_lock/lib/Controller/LockController.php' line 150","Code":0,"Trace":[{"file":"/var/www/html/lib/private/AppFramework/App.php","line":183,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[["OCA\\FilesLock\\Controller\\LockController"],"unlocking"]},{"file":"/var/www/html/lib/private/Route/Router.php","line":315,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\FilesLock\\Controller\\LockController","unlocking",["OC\\AppFramework\\DependencyInjection\\DIContainer"],["301472","ocs.files_lock.Lock.unlocking"]]},{"file":"/var/www/html/ocs/v1.php","line":64,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/ocsapp/apps/files_lock/lock/301472"]},{"file":"/var/www/html/ocs/v2.php","line":23,"args":["/var/www/html/ocs/v1.php"],"function":"require_once"}],"File":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","Line":169,"Previous":{"Exception":"Error","Message":"Call to a member function getOwner() on array","Code":0,"Trace":[{"file":"/var/www/html/custom_apps/files_lock/lib/Controller/LockController.php","line":76,"function":"buildOCSResponse","class":"OCA\\FilesLock\\Controller\\LockController","type":"->","args":["json","*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/public/AppFramework/Controller.php","line":157,"function":"OCA\\FilesLock\\Controller\\{closure}","class":"OCA\\FilesLock\\Controller\\LockController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/public/AppFramework/OCSController.php","line":96,"function":"buildResponse","class":"OCP\\AppFramework\\Controller","type":"->","args":["*** sensitive parameters replaced ***","json"]},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":245,"function":"buildResponse","class":"OCP\\AppFramework\\OCSController","type":"->","args":["*** sensitive parameters replaced ***","json"]},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":137,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[["OCA\\FilesLock\\Controller\\LockController"],"unlocking"]},{"file":"/var/www/html/lib/private/AppFramework/App.php","line":183,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[["OCA\\FilesLock\\Controller\\LockController"],"unlocking"]},{"file":"/var/www/html/lib/private/Route/Router.php","line":315,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\FilesLock\\Controller\\LockController","unlocking",["OC\\AppFramework\\DependencyInjection\\DIContainer"],["301472","ocs.files_lock.Lock.unlocking"]]},{"file":"/var/www/html/ocs/v1.php","line":64,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/ocsapp/apps/files_lock/lock/301472"]},{"file":"/var/www/html/ocs/v2.php","line":23,"args":["/var/www/html/ocs/v1.php"],"function":"require_once"}],"File":"/var/www/html/custom_apps/files_lock/lib/Controller/LockController.php","Line":150},"CustomMessage":"--"}}

Or more detailed:

{"reqId":"QwG0nw79aUergkTiRb2R","level":0,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"user_ldap","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"instance OC\\User\\Database user backend.","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"app":"user_ldap"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":0,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"user_ldap","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"instance OCA\\User_LDAP\\User_Proxy user backend.","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"app":"user_ldap"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":0,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"user_ldap","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"instance OC\\Group\\Database group backend.","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"app":"user_ldap"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":0,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"user_ldap","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"instance OCA\\User_LDAP\\Group_Proxy group backend.","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"app":"user_ldap"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":0,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"user_ldap","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"Registered action 1 to plugin OCA\\LdapWriteSupport\\LDAPUserManager","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"app":"user_ldap"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":0,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"user_ldap","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"Registered action 16 to plugin OCA\\LdapWriteSupport\\LDAPUserManager","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"app":"user_ldap"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":0,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"user_ldap","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"Registered action 1048576 to plugin OCA\\LdapWriteSupport\\LDAPUserManager","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"app":"user_ldap"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":0,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"user_ldap","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"Registered action 16777216 to plugin OCA\\LdapWriteSupport\\LDAPUserManager","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"app":"user_ldap"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":0,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"user_ldap","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"Registered action deleteUser to plugin OCA\\LdapWriteSupport\\LDAPUserManager","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"app":"user_ldap"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":0,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"user_ldap","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"Registered action 1 to plugin OCA\\LdapWriteSupport\\LDAPGroupManager","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"app":"user_ldap"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":0,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"user_ldap","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"Registered action 16 to plugin OCA\\LdapWriteSupport\\LDAPGroupManager","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"app":"user_ldap"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":0,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"user_ldap","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"Registered action 256 to plugin OCA\\LdapWriteSupport\\LDAPGroupManager","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"app":"user_ldap"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":0,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"user_ldap","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"Registered action 4096 to plugin OCA\\LdapWriteSupport\\LDAPGroupManager","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"app":"user_ldap"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":0,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"webapppassword","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"app":"webapppassword"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":0,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"user_ldap","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"Calling LDAP function ldap_explode_dn with parameters [\"FerdinandT\",0]","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"app":"user_ldap"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":0,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"workflowengine","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"Flow activation: rules were requested for operation Schlagworte automatisch zuweisen","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"level":"0","app":"workflowengine"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":0,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"workflowengine","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"No flow configurations is going to run Schlagworte automatisch zuweisen","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"level":"0","app":"workflowengine"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":1,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"files_lock","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"[notice] unlocking file -- {\"fileLock\":{}}","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","data":{"app":"files_lock"}}
{"reqId":"QwG0nw79aUergkTiRb2R","level":3,"time":"2023-09-27T10:00:21+00:00","remoteAddr":"95.90.155.253","user":"AdminFisch","app":"no app in context","method":"DELETE","url":"/ocs/v2.php/apps/files_lock/lock/301467?format=json","message":"Call to a member function getOwner() on array in file '/var/www/html/custom_apps/files_lock/lib/Controller/LockController.php' line 150","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","version":"26.0.7.0","exception":{"Exception":"Exception","Message":"Call to a member function getOwner() on array in file '/var/www/html/custom_apps/files_lock/lib/Controller/LockController.php' line 150","Code":0,"Trace":[{"file":"/var/www/html/lib/private/AppFramework/App.php","line":183,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[["OCA\\FilesLock\\Controller\\LockController"],"unlocking"]},{"file":"/var/www/html/lib/private/Route/Router.php","line":315,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\FilesLock\\Controller\\LockController","unlocking",["OC\\AppFramework\\DependencyInjection\\DIContainer"],["301467","ocs.files_lock.Lock.unlocking"]]},{"file":"/var/www/html/ocs/v1.php","line":64,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/ocsapp/apps/files_lock/lock/301467"]},{"file":"/var/www/html/ocs/v2.php","line":23,"args":["/var/www/html/ocs/v1.php"],"function":"require_once"}],"File":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","Line":169,"Previous":{"Exception":"Error","Message":"Call to a member function getOwner() on array","Code":0,"Trace":[{"file":"/var/www/html/custom_apps/files_lock/lib/Controller/LockController.php","line":76,"function":"buildOCSResponse","class":"OCA\\FilesLock\\Controller\\LockController","type":"->","args":["json","*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/public/AppFramework/Controller.php","line":157,"function":"OCA\\FilesLock\\Controller\\{closure}","class":"OCA\\FilesLock\\Controller\\LockController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/public/AppFramework/OCSController.php","line":96,"function":"buildResponse","class":"OCP\\AppFramework\\Controller","type":"->","args":["*** sensitive parameters replaced ***","json"]},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":245,"function":"buildResponse","class":"OCP\\AppFramework\\OCSController","type":"->","args":["*** sensitive parameters replaced ***","json"]},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":137,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[["OCA\\FilesLock\\Controller\\LockController"],"unlocking"]},{"file":"/var/www/html/lib/private/AppFramework/App.php","line":183,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[["OCA\\FilesLock\\Controller\\LockController"],"unlocking"]},{"file":"/var/www/html/lib/private/Route/Router.php","line":315,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\FilesLock\\Controller\\LockController","unlocking",["OC\\AppFramework\\DependencyInjection\\DIContainer"],["301467","ocs.files_lock.Lock.unlocking"]]},{"file":"/var/www/html/ocs/v1.php","line":64,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/ocsapp/apps/files_lock/lock/301467"]},{"file":"/var/www/html/ocs/v2.php","line":23,"args":["/var/www/html/ocs/v1.php"],"function":"require_once"}],"File":"/var/www/html/custom_apps/files_lock/lib/Controller/LockController.php","Line":150},"CustomMessage":"--"}}

Nextcloud version: 26.0.7
Apps see below

Enabled:

• activity: 2.18.0
• bruteforcesettings: 2.6.0
• calendar: 4.5.1
• circles: 26.0.0
• cloud_federation_api: 1.9.0
• collectives: 2.7.1
• contacts: 5.4.2
• contactsinteraction: 1.7.0
• dashboard: 7.6.0
• dav: 1.25.0
• federatedfilesharing: 1.16.0
• federation: 1.16.0
• files: 1.21.1
• files_automatedtagging: 1.16.1
• files_lock: 27.0.1
• files_pdfviewer: 2.7.0
• files_rightclick: 1.5.0
• files_sharing: 1.18.0
• files_trashbin: 1.16.0
• files_versions: 1.19.1
• forms: 3.3.1
• groupfolders: 14.0.5
• ldap_write_support: 1.8.0
• logreader: 2.11.0
• lookup_server_connector: 1.14.0
• notifications: 2.14.0
• oauth2: 1.14.1
• orders: 0.0.1
• password_policy: 1.16.0
• photos: 2.2.0
• privacy: 1.10.0
• provisioning_api: 1.16.0
• recommendations: 1.5.0
• related_resources: 1.1.0
• serverinfo: 1.16.0
• settings: 1.8.0
• sharebymail: 1.16.0
• survey_client: 1.14.0
• systemtags: 1.16.0
• tasks: 0.15.0
• text: 3.7.2
• theming: 2.1.1
• theming_customcss: 1.14.0
• twofactor_backupcodes: 1.15.0
• updatenotification: 1.16.0
• user_ldap: 1.16.0
• viewer: 1.10.0
• weather_status: 1.6.0
• webapppassword: 23.6.0
• workflowengine: 2.8.0
  Disabled:
• admin_audit: 1.16.0
• comments: 1.16.0 (installed 1.13.0)
• encryption: 2.14.0
• files_external: 1.18.0
• firstrunwizard: 2.15.0 (installed 2.9.0)
• nextcloud_announcements: 1.15.0 (installed 1.9.0)
• support: 1.9.0 (installed 1.3.0)
• suspicious_login: 4.4.0
• twofactor_totp: 8.0.0
• user_status: 1.6.0 (installed 1.0.1)
• webhooks: 0.4.3 (installed 0.4.3)

[susnux]

cc @ArtificialOwl