Only reject ajax auth if user is really logged out

diff --git a/apps/dav/lib/connector/sabre/auth.php b/apps/dav/lib/connector/sabre/auth.php
index 655152a2cc17629ee3351719174f8d41e8464b84..d57fdb98f9e6b044c0645b16350039efc49c8edc 100644 (file)
--- a/apps/dav/lib/connector/sabre/auth.php
+++ b/apps/dav/lib/connector/sabre/auth.php
@@ -159,7 +159,7 @@ class Auth extends AbstractBasic {
                        return [true, $this->principalPrefix . $user];
                }
 
-               if ($request->getHeader('X-Requested-With') === 'XMLHttpRequest') {
+               if (!$this->userSession->isLoggedIn() && $request->getHeader('X-Requested-With') === 'XMLHttpRequest') {
                        // do not re-authenticate over ajax, use dummy auth name to prevent browser popup
                        $response->addHeader('WWW-Authenticate','DummyBasic realm="' . $this->realm . '"');
                        $response->setStatus(401);

diff --git a/apps/dav/tests/unit/connector/sabre/auth.php b/apps/dav/tests/unit/connector/sabre/auth.php
index 595bd441617afcb503767c97458e0ac78e0aff89..8010378f46449af2916b4fe39681a446db0c7dd2 100644 (file)
--- a/apps/dav/tests/unit/connector/sabre/auth.php
+++ b/apps/dav/tests/unit/connector/sabre/auth.php
@@ -309,6 +309,10 @@ class Auth extends TestCase {
                $httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface')
                        ->disableOriginalConstructor()
                        ->getMock();
+               $this->userSession
+                       ->expects($this->any())
+                       ->method('isLoggedIn')
+                       ->will($this->returnValue(false));
                $httpRequest
                        ->expects($this->once())
                        ->method('getHeader')
@@ -317,6 +321,32 @@ class Auth extends TestCase {
                $this->auth->check($httpRequest, $httpResponse);
        }
 
+       public function testAuthenticateNoBasicAuthenticateHeadersProvidedWithAjaxButUserIsStillLoggedIn() {
+               /** @var \Sabre\HTTP\RequestInterface $httpRequest */
+               $httpRequest = $this->getMockBuilder('\Sabre\HTTP\RequestInterface')
+                       ->disableOriginalConstructor()
+                       ->getMock();
+               /** @var \Sabre\HTTP\ResponseInterface $httpResponse */
+               $httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface')
+                       ->disableOriginalConstructor()
+                       ->getMock();
+               $this->userSession
+                       ->expects($this->any())
+                       ->method('isLoggedIn')
+                       ->will($this->returnValue(true));
+               $this->session
+                       ->expects($this->once())
+                       ->method('get')
+                       ->with('AUTHENTICATED_TO_DAV_BACKEND')
+                       ->will($this->returnValue('MyTestUser'));
+               $httpRequest
+                       ->expects($this->once())
+                       ->method('getHeader')
+                       ->with('Authorization')
+                       ->will($this->returnValue(null));
+               $this->auth->check($httpRequest, $httpResponse);
+       }
+
        public function testAuthenticateValidCredentials() {
                $server = $this->getMockBuilder('\Sabre\DAV\Server')
                        ->disableOriginalConstructor()