Move BasicAuth check to "isLoggedIn()"

Ensures that Basic Auth works properly for APIs and removes the need for some even uglier lines of code.

diff --git a/lib/base.php b/lib/base.php
index 971ed003dc319ab74b0953ba32bc2e2fa73bba2d..8239539fa857a29df7215ae8a63e6e4a17c500d6 100644 (file)
--- a/lib/base.php
+++ b/lib/base.php
@@ -752,15 +752,6 @@ class OC {
                                if (isset($_COOKIE['oc_token'])) {
                                        OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
                                }
-                               if (isset($_SERVER['PHP_AUTH_USER'])) {
-                                       if (isset($_COOKIE['oc_ignore_php_auth_user'])) {
-                                               // Ignore HTTP Authentication for 5 more mintues.
-                                               setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
-                                       } elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) {
-                                               // Ignore HTTP Authentication to allow a different user to log in.
-                                               setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
-                                       }
-                               }
                                OC_User::logout();
                                // redirect to webroot and add slash if webroot is empty
                                header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
@@ -831,9 +822,8 @@ class OC {
                } // remember was checked after last login
                elseif (OC::tryRememberLogin()) {
                        $error[] = 'invalidcookie';
-               } // logon via web form or WebDAV
-               elseif (OC::tryFormLogin()) {}
-               elseif (OC::tryBasicAuthLogin()) {
+               } // logon via web form
+               elseif (OC::tryFormLogin()) {
                        $error[] = 'invalidpassword';
                }
 
@@ -951,25 +941,6 @@ class OC {
                return true;
        }
 
-       /**
-        * Try to login a user using HTTP authentication.
-        * @return bool
-        */
-       protected static function tryBasicAuthLogin() {
-               if (!isset($_SERVER["PHP_AUTH_USER"])
-                       || !isset($_SERVER["PHP_AUTH_PW"])
-                       || (isset($_COOKIE['oc_ignore_php_auth_user']) && $_COOKIE['oc_ignore_php_auth_user'] === $_SERVER['PHP_AUTH_USER'])
-               ) {
-                       return false;
-               }
-
-               if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) {
-                       OC_User::unsetMagicInCookie();
-                       $_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister();
-               }
-
-               return true;
-       }
 
 }
 

diff --git a/lib/private/user.php b/lib/private/user.php
index 5efe205ced9d66e8c0a3592f1d072bbb47da4b69..ce7b457798fff12844476512b2e35a1d7403a2de 100644 (file)
--- a/lib/private/user.php
+++ b/lib/private/user.php
@@ -331,15 +331,19 @@ class OC_User {
        }
 
        /**
-        * Check if the user is logged in
+        * Check if the user is logged in, considers also the HTTP basic credentials
         * @return bool
-        *
-        * Checks if the user is logged in
         */
        public static function isLoggedIn() {
                if (\OC::$session->get('user_id') !== null && self::$incognitoMode === false) {
                        return self::userExists(\OC::$session->get('user_id'));
                }
+
+               // Check whether the user has authenticated using Basic Authentication
+               if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
+                       return \OC_User::login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+               }
+
                return false;
        }