Fix admin panel 412: add OCS-APIRequest header to all OCS methods

Nextcloud requires the OCS-APIRequest: true header on all OCS API calls as a CSRF protection measure. Without it, the server returns 412 Precondition Failed. The check_admin() method had the header but all other OCS methods (get_users, create_user, enable/disable/ delete_user) were missing it. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 20:51:33 -06:00
parent 9047758c38
commit 78c3c54a26
1 changed files with 19 additions and 15 deletions
--- a/app/services/nextcloud.py
+++ b/app/services/nextcloud.py
@@ -218,13 +218,17 @@ class NextcloudClient:

    # OCS User Management Methods
    
+    @property
+    def _ocs_headers(self):
+        return {'OCS-APIRequest': 'true'}
+
    def ocs_get_users(self) -> Dict[str, Any]:
        """Get list of all users via OCS API."""
        url = f"{self.ocs_root}/cloud/users"
        params = {'format': 'json'}

        try:
-            response = self._make_request('GET', url, params=params)
+            response = self._make_request('GET', url, params=params, headers=self._ocs_headers)
            data = response.json()
            
            if data.get('ocs', {}).get('meta', {}).get('statuscode') != 100:
@@ -249,7 +253,7 @@ class NextcloudClient:
        params = {'format': 'json'}

        try:
-            response = self._make_request('GET', url, params=params)
+            response = self._make_request('GET', url, params=params, headers=self._ocs_headers)
            data = response.json()
            
            if data.get('ocs', {}).get('meta', {}).get('statuscode') != 100:
@@ -286,7 +290,7 @@ class NextcloudClient:
            data['groups'] = groups

        try:
-            response = self._make_request('POST', url, params=params, data=data)
+            response = self._make_request('POST', url, params=params, data=data, headers=self._ocs_headers)
            result = response.json()
            
            meta = result.get('ocs', {}).get('meta', {})
@@ -304,7 +308,7 @@ class NextcloudClient:
        params = {'format': 'json'}

        try:
-            response = self._make_request('PUT', url, params=params)
+            response = self._make_request('PUT', url, params=params, headers=self._ocs_headers)
            result = response.json()
            
            meta = result.get('ocs', {}).get('meta', {})
@@ -321,7 +325,7 @@ class NextcloudClient:
        params = {'format': 'json'}

        try:
-            response = self._make_request('PUT', url, params=params)
+            response = self._make_request('PUT', url, params=params, headers=self._ocs_headers)
            result = response.json()
            
            meta = result.get('ocs', {}).get('meta', {})
@@ -338,7 +342,7 @@ class NextcloudClient:
        params = {'format': 'json'}

        try:
-            response = self._make_request('DELETE', url, params=params)
+            response = self._make_request('DELETE', url, params=params, headers=self._ocs_headers)
            result = response.json()
            
            meta = result.get('ocs', {}).get('meta', {})