From: Lukas Reschke <lukas@owncloud.com>
Date: Thu, 18 Sep 2014 14:02:18 +0000 (+0200)
Subject: Move BasicAuth check to "isLoggedIn()"
X-Git-Tag: v7.0.3alpha1~71
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=37632e428dff598496785d8d7d1ae24f4510d1e2;p=nextcloud-server.git

Move BasicAuth check to "isLoggedIn()"

Ensures that Basic Auth works properly for APIs and removes the need for some even uglier lines of code.
---

diff --git a/lib/base.php b/lib/base.php
index 971ed003dc3..8239539fa85 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -752,15 +752,6 @@ class OC {
 				if (isset($_COOKIE['oc_token'])) {
 					OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
 				}
-				if (isset($_SERVER['PHP_AUTH_USER'])) {
-					if (isset($_COOKIE['oc_ignore_php_auth_user'])) {
-						// Ignore HTTP Authentication for 5 more mintues.
-						setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
-					} elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) {
-						// Ignore HTTP Authentication to allow a different user to log in.
-						setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
-					}
-				}
 				OC_User::logout();
 				// redirect to webroot and add slash if webroot is empty
 				header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
@@ -831,9 +822,8 @@ class OC {
 		} // remember was checked after last login
 		elseif (OC::tryRememberLogin()) {
 			$error[] = 'invalidcookie';
-		} // logon via web form or WebDAV
-		elseif (OC::tryFormLogin()) {}
-		elseif (OC::tryBasicAuthLogin()) {
+		} // logon via web form
+		elseif (OC::tryFormLogin()) {
 			$error[] = 'invalidpassword';
 		}
 
@@ -951,25 +941,6 @@ class OC {
 		return true;
 	}
 
-	/**
-	 * Try to login a user using HTTP authentication.
-	 * @return bool
-	 */
-	protected static function tryBasicAuthLogin() {
-		if (!isset($_SERVER["PHP_AUTH_USER"])
-			|| !isset($_SERVER["PHP_AUTH_PW"])
-			|| (isset($_COOKIE['oc_ignore_php_auth_user']) && $_COOKIE['oc_ignore_php_auth_user'] === $_SERVER['PHP_AUTH_USER'])
-		) {
-			return false;
-		}
-
-		if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) {
-			OC_User::unsetMagicInCookie();
-			$_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister();
-		}
-
-		return true;
-	}
 
 }
 
diff --git a/lib/private/user.php b/lib/private/user.php
index 5efe205ced9..ce7b457798f 100644
--- a/lib/private/user.php
+++ b/lib/private/user.php
@@ -331,15 +331,19 @@ class OC_User {
 	}
 
 	/**
-	 * Check if the user is logged in
+	 * Check if the user is logged in, considers also the HTTP basic credentials
 	 * @return bool
-	 *
-	 * Checks if the user is logged in
 	 */
 	public static function isLoggedIn() {
 		if (\OC::$session->get('user_id') !== null && self::$incognitoMode === false) {
 			return self::userExists(\OC::$session->get('user_id'));
 		}
+
+		// Check whether the user has authenticated using Basic Authentication
+		if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
+			return \OC_User::login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+		}
+
 		return false;
 	}