From 1eaa4b443f4ae15f041ed8e40e6f4aa3106be8bf Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Tue, 30 Oct 2018 22:11:17 +0100 Subject: [PATCH] first check if the user is already logged in and then try to authenticate via apache, this way we suppress wrong audit log messages about failed login attempts Signed-off-by: Bjoern Schiessle --- apps/dav/lib/Connector/Sabre/Auth.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/apps/dav/lib/Connector/Sabre/Auth.php b/apps/dav/lib/Connector/Sabre/Auth.php index fcd1b34edbc..292be61c9dc 100644 --- a/apps/dav/lib/Connector/Sabre/Auth.php +++ b/apps/dav/lib/Connector/Sabre/Auth.php @@ -228,11 +228,12 @@ class Auth extends AbstractBasic { if($this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) { throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.'); } - if (\OC_User::handleApacheAuth() || + if ( //Fix for broken webdav clients ($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) || //Well behaved clients that only send the cookie are allowed - ($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) + ($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) || + \OC_User::handleApacheAuth() ) { $user = $this->userSession->getUser()->getUID(); \OC_Util::setupFS($user); -- 2.39.5