]> source.dussan.org Git - nextcloud-server.git/commitdiff
Only catch anonymous OPTIONS for Office 20681/head
authorJulius Härtl <jus@bitgrid.net>
Fri, 24 Apr 2020 11:31:17 +0000 (13:31 +0200)
committerbackportbot[bot] <backportbot[bot]@users.noreply.github.com>
Mon, 27 Apr 2020 08:41:54 +0000 (08:41 +0000)
Signed-off-by: Julius Härtl <jus@bitgrid.net>
apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php
apps/dav/tests/unit/DAV/AnonymousOptionsTest.php

index 63c2c95c04aa4a6898070ddb04443288e982fce1..afb2b622ba1e0f9cb835e7f0d6e5df16ee0dec05 100644 (file)
@@ -61,9 +61,9 @@ class AnonymousOptionsPlugin extends ServerPlugin {
                $emptyAuth = $request->getHeader('Authorization') === null
                        || $request->getHeader('Authorization') === ''
                        || trim($request->getHeader('Authorization')) === 'Bearer';
-               $isAnonymousOption = $request->getMethod() === 'OPTIONS' && $emptyAuth;
+               $isAnonymousOfficeOption = $request->getMethod() === 'OPTIONS' && $isOffice && $emptyAuth;
                $isOfficeHead = $request->getMethod() === 'HEAD' && $isOffice && $emptyAuth;
-               if ($isAnonymousOption || $isOfficeHead) {
+               if ($isAnonymousOfficeOption || $isOfficeHead) {
                        /** @var CorePlugin $corePlugin */
                        $corePlugin = $this->server->getPlugin('core');
                        // setup a fake tree for anonymous access
index 1b226753978d839136d1355dbf5682c0d7de18e8..9f105532fb93fde50f7044aa59a2ed861268ee8c 100644 (file)
@@ -49,18 +49,36 @@ class AnonymousOptionsTest extends TestCase {
        public function testAnonymousOptionsRoot() {
                $response = $this->sendRequest('OPTIONS', '');
 
-               $this->assertEquals(200, $response->getStatus());
+               $this->assertEquals(401, $response->getStatus());
        }
 
        public function testAnonymousOptionsNonRoot() {
                $response = $this->sendRequest('OPTIONS', 'foo');
 
-               $this->assertEquals(200, $response->getStatus());
+               $this->assertEquals(401, $response->getStatus());
        }
 
        public function testAnonymousOptionsNonRootSubDir() {
                $response = $this->sendRequest('OPTIONS', 'foo/bar');
 
+               $this->assertEquals(401, $response->getStatus());
+       }
+
+       public function testAnonymousOptionsRootOffice() {
+               $response = $this->sendRequest('OPTIONS', '', 'Microsoft Office does strange things');
+
+               $this->assertEquals(200, $response->getStatus());
+       }
+
+       public function testAnonymousOptionsNonRootOffice() {
+               $response = $this->sendRequest('OPTIONS', 'foo', 'Microsoft Office does strange things');
+
+               $this->assertEquals(200, $response->getStatus());
+       }
+
+       public function testAnonymousOptionsNonRootSubDirOffice() {
+               $response = $this->sendRequest('OPTIONS', 'foo/bar', 'Microsoft Office does strange things');
+
                $this->assertEquals(200, $response->getStatus());
        }