From: Arthur Schiwon Date: Wed, 11 Dec 2013 12:56:45 +0000 (+0100) Subject: On webdav sesssions, loginname was compared to username which does not need to match... X-Git-Tag: v7.0.0alpha2~1036 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=91d6a6dd7c350c5ab6e879089a1b7b1be3e82b0f;p=nextcloud-server.git On webdav sesssions, loginname was compared to username which does not need to match necessarily --- diff --git a/lib/base.php b/lib/base.php index a6033f03f8c..473be9da4b3 100644 --- a/lib/base.php +++ b/lib/base.php @@ -527,10 +527,9 @@ class OC { OC_User::useBackend(new OC_User_Database()); OC_Group::useBackend(new OC_Group_Database()); - if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('user_id') - && $_SERVER['PHP_AUTH_USER'] != self::$session->get('user_id')) { - $sessionUser = self::$session->get('user_id'); + && $_SERVER['PHP_AUTH_USER'] != self::$session->get('loginname')) { + $sessionUser = self::$session->get('loginname'); $serverUser = $_SERVER['PHP_AUTH_USER']; OC_Log::write('core', "Session user-id ($sessionUser) doesn't match SERVER[PHP_AUTH_USER] ($serverUser).", @@ -805,7 +804,7 @@ class OC { if ( OC_Config::getValue('log_authfailip', false) ) { OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:'.$_SERVER['REMOTE_ADDR'], OC_Log::WARN); - } else { + } else { OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:set log_authfailip=true in conf', OC_Log::WARN); } diff --git a/lib/private/user/session.php b/lib/private/user/session.php index 9c9bee3da25..c2885d00413 100644 --- a/lib/private/user/session.php +++ b/lib/private/user/session.php @@ -112,6 +112,38 @@ class Session implements Emitter, \OCP\IUserSession { } } + /** + * set the login name + * + * @param string login name for the logged in user + */ + public function setLoginname($loginname) { + if (is_null($loginname)) { + $this->session->remove('loginname'); + } else { + $this->session->set('loginname', $loginname); + } + } + + /** + * get the login name of the current user + * + * @return string + */ + public function getLoginname() { + if ($this->activeUser) { + return $this->session->get('loginname'); + } else { + $uid = $this->session->get('user_id'); + if ($uid) { + $this->activeUser = $this->manager->get($uid); + return $this->session->get('loginname'); + } else { + return null; + } + } + } + /** * try to login with the provided credentials * @@ -126,6 +158,7 @@ class Session implements Emitter, \OCP\IUserSession { if (!is_null($user)) { if ($user->isEnabled()) { $this->setUser($user); + $this->setLoginname($uid); $this->manager->emit('\OC\User', 'postLogin', array($user, $password)); return true; } else { @@ -143,6 +176,7 @@ class Session implements Emitter, \OCP\IUserSession { public function logout() { $this->manager->emit('\OC\User', 'logout'); $this->setUser(null); + $this->setLoginname(null); $this->unsetMagicInCookie(); }