we first shall check if the current session is valid - otherwise the session-id will...

diff --git a/lib/private/api.php b/lib/private/api.php
index 3f96196e6dfb878e51f25d0c538d925a02bf9e77..e9d31242e3a663adabef857606f34dad03013e59 100644 (file)
--- a/lib/private/api.php
+++ b/lib/private/api.php
@@ -270,7 +270,19 @@ class OC_API {
         * @return string|false (username, or false on failure)
         */
        private static function loginUser(){
-               // basic auth
+
+        // reuse existing login
+        $loggedIn = OC_User::isLoggedIn();
+        $ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false;
+        if ($loggedIn === true && $ocsApiRequest) {
+
+            // initialize the user's filesystem
+            \OC_Util::setUpFS(\OC_User::getUser());
+
+            return OC_User::getUser();
+        }
+
+        // basic auth
                $authUser = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '';
                $authPw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '';
                $return = OC_User::login($authUser, $authPw);
@@ -283,17 +295,6 @@ class OC_API {
                        return $authUser;
                }
 
-               // reuse existing login
-               $loggedIn = OC_User::isLoggedIn();
-               $ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false;
-               if ($loggedIn === true && $ocsApiRequest) {
-
-                       // initialize the user's filesystem
-                       \OC_Util::setUpFS(\OC_User::getUser());
-
-                       return OC_User::getUser();
-               }
-
                return false;
        }