Skip to content

[Bug] Creating Talk room for event on shared calendar fails: CalDavEventListener uses calendar owner instead of acting user #18120

Open
Open
[Bug] Creating Talk room for event on shared calendar fails: CalDavEventListener uses calendar owner instead of acting user#18120
Labels
Needs triagebug
@leuedaniel

Description

@leuedaniel
leuedaniel
opened on May 27, 2026

Steps to reproduce

  1. User A shares a calendar with User B
  2. User B opens the shared calendar in Nextcloud Calendar
  3. User B creates a new event on the shared calendar, clicks "Create Talk room for this event" and invites User A (the calendar owner) as attendee
  4. User B tries to save the event

Expected behaviour

The event is saved successfully and the Talk room is linked to the calendar event, without any error message.

Actual behaviour

The CalDAV PUT request returns 400 Bad Request. An error message is displayed saying the event could not be saved, even though the event is actually saved. The Talk room integration is broken — the room is not properly linked to the event.

The server log shows:

{"reqId":"n5kspFT3unoc1XkpWAZ1","level":2,"time":"2026-05-27T12:05:40+00:00","remoteAddr":"2a0a:e805:617:34::","user":"admin","app":"spreed","method":"PUT","url":"/remote.php/dav/calendars/admin/edvk_shared_by_christianguggisberg/E002DA07-1DF4-46D5-B7C2-09A7D8302FC5.ics","scriptName":"/remote.php","message":"Room with hsb6xitr not found for calendar event integration","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36","version":"32.0.8.2","data":{"app":"spreed"}}

The browser console shows:

PUT https://cloud.example.com/remote.php/dav/calendars/[owner]/[calendar]/[event].ics 400 (Bad Request)
[ERROR] calendar: Failed to save event

Root cause analysis:
The bug is in lib/Listener/CalDavEventListener.php line 114. The listener extracts the userId from the calendar's principaluri (= calendar owner, User A), but uses it to look up the Talk room which was created by the acting user (User B, who is editing the shared calendar). Since the room was created by User B and not the calendar owner User A, getRoomForUserByToken($roomToken, $calendarOwnerUserId) throws a RoomNotFoundException.

The issue is specifically triggered when the calendar owner (User A) is invited as an attendee to the event. The event system (CalendarObjectCreatedEvent) does not expose the acting user, only the principaluri of the calendar — which in a shared calendar scenario is a different user than the one performing the action. A proper fix may require the event to carry an actingUserId field, potentially in nextcloud/server.

Talk app

Talk app version: 22.0.12
Custom Signaling server configured: allinone
Custom TURN server configured: allinone
Custom STUN server configured: allinone

Browser

Microphone available: yes
Camera available: yes
Operating system: Win 11
Browser name: Chrome
Browser version: 148.0.7778.179

Browser log

Details 
calendarObjects.js:122  PUT https://cloud.ehv.ch/remote.php/dav/calendars/admin/edvk_shared_by_christianguggisberg/E002DA07-1DF4-46D5-B7C2-09A7D8302FC5.ics 400 (Bad Request)
(anonymous) @ xhr.js:210
(anonymous) @ xhr.js:12
aborted @ dispatchRequest.js:46
_request @ Axios.js:211
request @ Axios.js:39
(anonymous) @ bind.js:10
request @ index.mjs:821
put @ index.mjs:663
this @ index.mjs:1390
createVObject @ index.mjs:1981
updateCalendarObject @ calendarObjects.js:122
(anonymous) @ pinia.mjs:1396
saveCalendarObjectInstance @ calendarObjectInstance.js:1513
(anonymous) @ pinia.mjs:1396
save @ EditorMixin.js:634
saveAndLeave @ EditorMixin.js:658
saveAndView @ EditSimple.vue:809
EditorMixin.js:639 [ERROR] calendar: Failed to save event

Server configuration

Operating system: allinone on Ubuntu
Web server: nginx
Database: pgsql
PHP version: 8.3.30
Nextcloud Version: 32.0.8

List of activated apps:

Details 
Enabled:
  - activity: 5.0.0
  - admin_audit: 1.22.0
  - announcementcenter: 7.4.0
  - bruteforcesettings: 5.0.0
  - calendar: 6.4.2
  - circles: 32.0.0
  - cloud_federation_api: 1.16.0
  - comments: 1.22.0
  - contacts: 8.3.12
  - contactsinteraction: 1.13.1
  - dashboard: 7.12.0
  - dav: 1.34.2
  - drawio: 4.1.4
  - external: 7.0.1
  - federatedfilesharing: 1.22.0
  - files: 2.4.0
  - files_antivirus: 6.2.0
  - files_downloadlimit: 5.0.0
  - files_external: 1.24.1
  - files_fulltextsearch: 32.0.2
  - files_pdfviewer: 5.0.0
  - files_reminders: 1.5.0
  - files_sharing: 1.24.1
  - files_trashbin: 1.22.0
  - files_versions: 1.25.0
  - forms: 5.2.8
  - fulltextsearch: 32.0.0
  - fulltextsearch_elasticsearch: 32.0.2
  - groupfolders: 20.1.13
  - impersonate: 3.0.1
  - logreader: 5.0.0
  - lookup_server_connector: 1.20.0
  - mail: 5.8.1
  - nextcloud-aio: 0.8.0
  - nextcloud_announcements: 4.0.0
  - notifications: 5.0.0
  - notify_push: 1.3.3
  - oauth2: 1.20.0
  - polls: 9.1.4
  - previewgenerator: 5.13.0
  - profile: 1.1.0
  - provisioning_api: 1.22.0
  - quota_warning: 1.23.0
  - related_resources: 3.0.0
  - richdocuments: 9.0.6
  - serverinfo: 4.0.0
  - settings: 1.15.1
  - sharebymail: 1.22.0
  - spreed: 22.0.12
  - support: 4.0.0
  - suspicious_login: 10.0.0
  - tasks: 0.17.1
  - terms_of_service: 4.6.1
  - theming: 2.7.0
  - theming_customcss: 1.20.0
  - twofactor_backupcodes: 1.21.0
  - updatenotification: 1.22.0
  - user_saml: 8.0.1
  - user_status: 1.12.0
  - viewer: 5.0.0
  - weather_status: 1.12.0
  - webhook_listeners: 1.3.0
  - welcome: 2.0.0
  - workflowengine: 2.14.0
Disabled:
  - app_api: 32.0.0 (installed 4.0.5)
  - encryption: 2.20.0
  - federation: 1.22.0 (installed 1.5.0)
  - firstrunwizard: 5.0.0 (installed 2.15.0)
  - password_policy: 4.0.0 (installed 1.18.0)
  - photos: 5.0.0 (installed 1.0.0)
  - privacy: 4.0.0 (installed 1.6.0)
  - recommendations: 5.0.0 (installed 0.4.0)
  - survey_client: 4.0.0 (installed 1.3.0)
  - systemtags: 1.22.0 (installed 1.5.0)
  - text: 6.0.1 (installed 2.0.0)
  - twofactor_nextcloud_notification: 6.0.0 (installed 3.8.0)
  - twofactor_totp: 14.0.0 (installed 10.0.0-beta.2)
  - user_ldap: 1.23.0 (installed 1.21.0)

Nextcloud configuration:

Details 
{
    "system": {
        "one-click-instance": true,
        "one-click-instance.user-limit": 100,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "appsallowlist": false,
        "check_data_directory_permissions": false,
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "overwritehost": "cloud.ehv.ch",
        "overwriteprotocol": "https",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "cloud.ehv.ch"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "skeletondirectory": "",
        "dbtype": "pgsql",
        "version": "32.0.8.2",
        "overwrite.cli.url": "https:\/\/cloud.ehv.ch\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "updatedirectory": "\/nc-updater",
        "default_phone_region": "CH",
        "loglevel": 1,
        "log_type": "file",
        "logfile": "\/var\/www\/html\/data\/nextcloud.log",
        "log_rotate_size": "10485760",
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "preview_max_x": "2048",
        "preview_max_y": "2048",
        "jpeg_quality": "60",
        "maintenance_window_start": 100,
        "enabledPreviewProviders": {
            "1": "OC\\Preview\\Image",
            "2": "OC\\Preview\\MarkDown",
            "3": "OC\\Preview\\MP3",
            "4": "OC\\Preview\\TXT",
            "5": "OC\\Preview\\OpenDocument",
            "6": "OC\\Preview\\Movie",
            "7": "OC\\Preview\\Krita",
            "0": "OC\\Preview\\Imaginary",
            "23": "OC\\Preview\\ImaginaryPDF"
        },
        "enable_previews": true,
        "upgrade.disable-web": true,
        "mail_smtpmode": "smtp",
        "trashbin_retention_obligation": "auto, 30",
        "versions_retention_obligation": "auto, 30",
        "activity_expire_days": "30",
        "simpleSignUpLink.shown": false,
        "share_folder": "\/Shared",
        "one-click-instance.link": "https:\/\/nextcloud.com\/all-in-one\/",
        "upgrade.cli-upgrade-link": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/2726",
        "allow_local_remote_servers": true,
        "davstorage.request_timeout": 3600,
        "htaccess.RewriteBase": "\/",
        "dbpersistent": false,
        "files_external_allow_create_new_local": false,
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtpauth": true,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "ssl",
        "preview_imaginary_key": "***REMOVED SENSITIVE VALUE***",
        "auth.bruteforce.protection.enabled": true,
        "ratelimit.protection.enabled": true,
        "documentation_url.server_logs": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/5425",
        "forbidden_filename_characters": [
            "\\",
            "\/"
        ],
        "forbidden_filename_extensions": [
            ".filepart",
            ".part"
        ],
        "updatechecker": false,
        "DOMAIN": "cloud.ehv.ch",
        "AIO_VERSION": "v12.9.2"
    }
}

Server log (data/nextcloud.log)

Details 
{"reqId":"n5kspFT3unoc1XkpWAZ1","level":2,"time":"2026-05-27T12:05:40+00:00","remoteAddr":"2a0a:e805:617:34::","user":"admin","app":"spreed","method":"PUT","url":"/remote.php/dav/calendars/admin/edvk_shared_by_christianguggisberg/E002DA07-1DF4-46D5-B7C2-09A7D8302FC5.ics","scriptName":"/remote.php","message":"Room with hsb6xitr not found for calendar event integration","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36","version":"32.0.8.2","data":{"app":"spreed"}}

Metadata

Metadata

Assignees

No one assigned

    Labels

    Needs triagebug

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions