Browse Source
Merge pull request #7852 from josh4trunks/basic_auth_fix
Fixes login / logout when HTTP Basic Headers are avilable.tags/v7.0.0alpha2
Thomas Müller
10 years ago
2 changed files with 14 additions and 16 deletions
+ 0
- 3
config/config.sample.php
View File
| @@ -181,9 +181,6 @@ $CONFIG = array( | |||
| /* Whether ownCloud should log the last successfull cron exec */ | |||
| "cron_log" => true, | |||
| /* Whether http-basic username must equal username to login */ | |||
| "basic_auth" => true, | |||
| /* | |||
| * Configure the size in bytes log rotation should happen, 0 or false disables the rotation. | |||
| * This rotates the current owncloud logfile to a new name, this way the total log usage | |||
+ 14
- 13
lib/base.php
View File
| @@ -572,17 +572,6 @@ class OC { | |||
| OC_User::useBackend(new OC_User_Database()); | |||
| OC_Group::useBackend(new OC_Group_Database()); | |||
| $basic_auth = OC_Config::getValue('basic_auth', true); | |||
| if ($basic_auth && isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('loginname') | |||
| && $_SERVER['PHP_AUTH_USER'] !== self::$session->get('loginname')) { | |||
| $sessionUser = self::$session->get('loginname'); | |||
| $serverUser = $_SERVER['PHP_AUTH_USER']; | |||
| OC_Log::write('core', | |||
| "Session loginname ($sessionUser) doesn't match SERVER[PHP_AUTH_USER] ($serverUser).", | |||
| OC_Log::WARN); | |||
| OC_User::logout(); | |||
| } | |||
| // Load minimum set of apps - which is filesystem, authentication and logging | |||
| if (!self::checkUpgrade(false)) { | |||
| OC_App::loadApps(array('authentication')); | |||
| @@ -732,8 +721,10 @@ class OC { | |||
| self::checkUpgrade(); | |||
| } | |||
| // Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP | |||
| OC::tryBasicAuthLogin(); | |||
| if (!OC_User::isLoggedIn()) { | |||
| // Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP | |||
| OC::tryBasicAuthLogin(); | |||
| } | |||
| if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) { | |||
| try { | |||
| @@ -784,6 +775,15 @@ class OC { | |||
| if (isset($_COOKIE['oc_token'])) { | |||
| OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']); | |||
| } | |||
| if (isset($_SERVER['PHP_AUTH_USER'])) { | |||
| if (isset($_COOKIE['oc_ignore_php_auth_user'])) { | |||
| // Ignore HTTP Authentication for 5 more mintues. | |||
| setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); | |||
| } elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) { | |||
| // Ignore HTTP Authentication to allow a different user to log in. | |||
| setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); | |||
| } | |||
| } | |||
| OC_User::logout(); | |||
| // redirect to webroot and add slash if webroot is empty | |||
| header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); | |||
| @@ -974,6 +974,7 @@ class OC { | |||
| protected static function tryBasicAuthLogin() { | |||
| if (!isset($_SERVER["PHP_AUTH_USER"]) | |||
| || !isset($_SERVER["PHP_AUTH_PW"]) | |||
| || (isset($_COOKIE['oc_ignore_php_auth_user']) && $_COOKIE['oc_ignore_php_auth_user'] === $_SERVER['PHP_AUTH_USER']) | |||
| ) { | |||
| return false; | |||
| } | |||
Loading…