fix: Fix theming for disabled usersfix-theming-for-disabled-users

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

6 files changed, 154 insertions, 2 deletions

diff --git a/.github/workflows/integration-sqlite.yml b/.github/workflows/integration-sqlite.yml
index b067ff75674..5ece20888b4 100644
--- a/.github/workflows/integration-sqlite.yml
+++ b/.github/workflows/integration-sqlite.yml
@@ -69,6 +69,7 @@ jobs:
           - 'setup_features'
           - 'sharees_features'
           - 'sharing_features'
+          - 'theming_features'
           - 'videoverification_features'
 
         php-versions: ['8.1']
diff --git a/build/integration/config/behat.yml b/build/integration/config/behat.yml
index 45db5105838..5bee2e1a3dd 100644
--- a/build/integration/config/behat.yml
+++ b/build/integration/config/behat.yml
@@ -253,4 +253,15 @@ default:
             admin:
               - admin
               - admin
-            regular_user_password: 123456
\ No newline at end of file
+            regular_user_password: 123456
+
+    theming:
+      paths:
+        - "%paths.base%/../theming_features"
+      contexts:
+        - FeatureContext:
+            baseUrl: http://localhost:8080
+            admin:
+              - admin
+              - admin
+            regular_user_password: 123456
diff --git a/build/integration/features/bootstrap/BasicStructure.php b/build/integration/features/bootstrap/BasicStructure.php
index a8c232d6fe7..0290297dd88 100644
--- a/build/integration/features/bootstrap/BasicStructure.php
+++ b/build/integration/features/bootstrap/BasicStructure.php
@@ -19,6 +19,7 @@ trait BasicStructure {
 	use Avatar;
 	use Download;
 	use Mail;
+	use Theming;
 
 	/** @var string */
 	private $currentUser = '';
diff --git a/build/integration/features/bootstrap/Theming.php b/build/integration/features/bootstrap/Theming.php
new file mode 100644
index 00000000000..518a5d8abe9
--- /dev/null
+++ b/build/integration/features/bootstrap/Theming.php
@@ -0,0 +1,48 @@
+<?php
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+require __DIR__ . '/../../vendor/autoload.php';
+
+trait Theming {
+
+	private bool $undoAllThemingChangesAfterScenario = false;
+
+	/**
+	 * @AfterScenario
+	 */
+	public function undoAllThemingChanges() {
+		if (!$this->undoAllThemingChangesAfterScenario) {
+			return;
+		}
+
+		$this->loggingInUsingWebAs('admin');
+		$this->sendingAToWithRequesttoken('POST', '/index.php/apps/theming/ajax/undoAllChanges');
+
+		$this->undoAllThemingChangesAfterScenario = false;
+	}
+
+	/**
+	 * @When logged in admin uploads theming image for :key from file :source
+	 *
+	 * @param string $key
+	 * @param string $source
+	 */
+	public function loggedInAdminUploadsThemingImageForFromFile(string $key, string $source) {
+		$this->undoAllThemingChangesAfterScenario = true;
+
+		$file = \GuzzleHttp\Psr7\Utils::streamFor(fopen($source, 'r'));
+
+		$this->sendingAToWithRequesttoken('POST', '/index.php/apps/theming/ajax/uploadImage?key=' . $key,
+			[
+				'multipart' => [
+					[
+						'name' => 'image',
+						'contents' => $file
+					]
+				]
+			]);
+		$this->theHTTPStatusCodeShouldBe('200');
+	}
+}
diff --git a/build/integration/theming_features/theming.feature b/build/integration/theming_features/theming.feature
new file mode 100644
index 00000000000..f1bec2ecb26
--- /dev/null
+++ b/build/integration/theming_features/theming.feature
@@ -0,0 +1,82 @@
+# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: AGPL-3.0-or-later
+Feature: theming
+
+	Background:
+		Given user "user0" exists
+
+	Scenario: themed stylesheets are available for users
+		Given As an "user0"
+		When sending "GET" with exact url to "/index.php/apps/theming/theme/default.css"
+		Then the HTTP status code should be "200"
+		When sending "GET" with exact url to "/index.php/apps/theming/theme/light.css"
+		Then the HTTP status code should be "200"
+		When sending "GET" with exact url to "/index.php/apps/theming/theme/dark.css"
+		Then the HTTP status code should be "200"
+		When sending "GET" with exact url to "/index.php/apps/theming/theme/light-highcontrast.css"
+		Then the HTTP status code should be "200"
+		When sending "GET" with exact url to "/index.php/apps/theming/theme/dark-highcontrast.css"
+		Then the HTTP status code should be "200"
+		When sending "GET" with exact url to "/index.php/apps/theming/theme/opendyslexic.css"
+		Then the HTTP status code should be "200"
+
+	Scenario: themed stylesheets are available for guests
+		Given As an "anonymous"
+		When sending "GET" with exact url to "/index.php/apps/theming/theme/default.css"
+		Then the HTTP status code should be "200"
+		When sending "GET" with exact url to "/index.php/apps/theming/theme/light.css"
+		Then the HTTP status code should be "200"
+		When sending "GET" with exact url to "/index.php/apps/theming/theme/dark.css"
+		Then the HTTP status code should be "200"
+
+	Scenario: themed stylesheets are available for disabled users
+		Given As an "admin"
+		And assure user "user0" is disabled
+		And As an "user0"
+		When sending "GET" with exact url to "/index.php/apps/theming/theme/default.css"
+		Then the HTTP status code should be "200"
+		When sending "GET" with exact url to "/index.php/apps/theming/theme/light.css"
+		Then the HTTP status code should be "200"
+		When sending "GET" with exact url to "/index.php/apps/theming/theme/dark.css"
+		Then the HTTP status code should be "200"
+
+	Scenario: themed images are available for users
+		Given Logging in using web as "admin"
+		And logged in admin uploads theming image for "background" from file "data/clouds.jpg"
+		And logged in admin uploads theming image for "logo" from file "data/coloured-pattern-non-square.png"
+		And logged in admin uploads theming image for "logoheader" from file "data/coloured-pattern-non-square.png"
+		And As an "user0"
+		When sending "GET" with exact url to "/index.php/apps/theming/image/background"
+		Then the HTTP status code should be "200"
+		When sending "GET" with exact url to "/index.php/apps/theming/image/logo"
+		Then the HTTP status code should be "200"
+		When sending "GET" with exact url to "/index.php/apps/theming/image/logoheader"
+		Then the HTTP status code should be "200"
+
+	Scenario: themed images are available for guests
+		Given Logging in using web as "admin"
+		And logged in admin uploads theming image for "background" from file "data/clouds.jpg"
+		And logged in admin uploads theming image for "logo" from file "data/coloured-pattern-non-square.png"
+		And logged in admin uploads theming image for "logoheader" from file "data/coloured-pattern-non-square.png"
+		And As an "anonymous"
+		When sending "GET" with exact url to "/index.php/apps/theming/image/background"
+		Then the HTTP status code should be "200"
+		When sending "GET" with exact url to "/index.php/apps/theming/image/logo"
+		Then the HTTP status code should be "200"
+		When sending "GET" with exact url to "/index.php/apps/theming/image/logoheader"
+		Then the HTTP status code should be "200"
+
+	Scenario: themed images are available for disabled users
+		Given Logging in using web as "admin"
+		And logged in admin uploads theming image for "background" from file "data/clouds.jpg"
+		And logged in admin uploads theming image for "logo" from file "data/coloured-pattern-non-square.png"
+		And logged in admin uploads theming image for "logoheader" from file "data/coloured-pattern-non-square.png"
+		And As an "admin"
+		And assure user "user0" is disabled
+		And As an "user0"
+		When sending "GET" with exact url to "/index.php/apps/theming/image/background"
+		Then the HTTP status code should be "200"
+		When sending "GET" with exact url to "/index.php/apps/theming/image/logo"
+		Then the HTTP status code should be "200"
+		When sending "GET" with exact url to "/index.php/apps/theming/image/logoheader"
+		Then the HTTP status code should be "200"
diff --git a/lib/base.php b/lib/base.php
index 2b08137aff2..db0c0a92c7a 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -1015,7 +1015,16 @@ class OC {
 				// Don't try to login when a client is trying to get a OAuth token.
 				// OAuth needs to support basic auth too, so the login is not valid
 				// inside Nextcloud and the Login exception would ruin it.
-				if ($request->getRawPathInfo() !== '/apps/oauth2/api/v1/token') {
+				// Disabled users would not be seen as logged in and trying to
+				// log them in would fail, so the login is bypassed for the main
+				// themed stylesheets and images.
+				if ($request->getRawPathInfo() !== '/apps/oauth2/api/v1/token' &&
+					$request->getRawPathInfo() !== '/apps/theming/theme/default.css' &&
+					$request->getRawPathInfo() !== '/apps/theming/theme/light.css' &&
+					$request->getRawPathInfo() !== '/apps/theming/theme/dark.css' &&
+					$request->getRawPathInfo() !== '/apps/theming/image/background' &&
+					$request->getRawPathInfo() !== '/apps/theming/image/logo' &&
+					$request->getRawPathInfo() !== '/apps/theming/image/logoheader') {
 					self::handleLogin($request);
 				}
 			}