diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2014-03-28 11:25:55 +0100 |
|---|---|---|
| committer | Morris Jobke <hey@morrisjobke.de> | 2014-11-26 09:19:10 +0100 |
| commit | 320a3c3784057711f38841550c12c1d6177e9588 (patch) | |
| tree | e9f56366821a1d480d38c31714b495935ed0aa2a | |
| parent | c5fa8f1bdc08b07d03fcc9f9c84033960ec4e20f (diff) | |
| download | nextcloud-server-320a3c3784057711f38841550c12c1d6177e9588.tar.gz nextcloud-server-320a3c3784057711f38841550c12c1d6177e9588.zip | |
because OC_User::login will create a new session we shall only try to login if user and pass are set
ensure to never destroy an existing session
| -rw-r--r-- | lib/private/api.php | 38 |
1 files changed, 22 insertions, 16 deletions
diff --git a/lib/private/api.php b/lib/private/api.php index f5576af2ad8..66b763fdc3e 100644 --- a/lib/private/api.php +++ b/lib/private/api.php @@ -132,7 +132,7 @@ class OC_API { * @return array|\OC_OCS_Result */ public static function mergeResponses($responses) { - // Sort into shipped and thirdparty + // Sort into shipped and third-party $shipped = array( 'succeeded' => array(), 'failed' => array(), @@ -162,7 +162,7 @@ class OC_API { if(!empty($shipped['failed'])) { // Which shipped response do we use if they all failed? // They may have failed for different reasons (different status codes) - // Which reponse code should we return? + // Which response code should we return? // Maybe any that are not OC_API::RESPOND_SERVER_ERROR // Merge failed responses if more than one $data = array(); @@ -273,26 +273,32 @@ class OC_API { // reuse existing login $loggedIn = OC_User::isLoggedIn(); - $ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false; - if ($loggedIn === true && $ocsApiRequest) { + if ($loggedIn === true) { + $ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false; + if ($ocsApiRequest) { - // initialize the user's filesystem - \OC_Util::setUpFS(\OC_User::getUser()); + // initialize the user's filesystem + \OC_Util::setUpFS(\OC_User::getUser()); - return OC_User::getUser(); + return OC_User::getUser(); + } + return false; } - // basic auth - $authUser = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : ''; - $authPw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : ''; - $return = OC_User::login($authUser, $authPw); - if ($return === true) { - self::$logoutRequired = true; + // basic auth - because OC_User::login will create a new session we shall only try to login + // if user and pass are set + if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) ) { + $authUser = $_SERVER['PHP_AUTH_USER']; + $authPw = $_SERVER['PHP_AUTH_PW']; + $return = OC_User::login($authUser, $authPw); + if ($return === true) { + self::$logoutRequired = true; - // initialize the user's filesystem - \OC_Util::setUpFS(\OC_User::getUser()); + // initialize the user's filesystem + \OC_Util::setUpFS(\OC_User::getUser()); - return $authUser; + return $authUser; + } } return false; |