Make legacy DAV backend use the BearerAuth backend as well

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

5 files changed, 22 insertions, 7 deletions

diff --git a/apps/dav/appinfo/v1/publicwebdav.php b/apps/dav/appinfo/v1/publicwebdav.php
index 95fb71032d5..3ef1c2e62a5 100644
--- a/apps/dav/appinfo/v1/publicwebdav.php
+++ b/apps/dav/appinfo/v1/publicwebdav.php
@@ -42,6 +42,7 @@ $authBackend = new OCA\DAV\Connector\PublicAuth(
 	\OC::$server->getShareManager(),
 	\OC::$server->getSession()
 );
+$authPlugin = new \Sabre\DAV\Auth\Plugin($authBackend);
 
 $serverFactory = new OCA\DAV\Connector\Sabre\ServerFactory(
 	\OC::$server->getConfig(),
@@ -59,7 +60,7 @@ $requestUri = \OC::$server->getRequest()->getRequestUri();
 $linkCheckPlugin = new \OCA\DAV\Files\Sharing\PublicLinkCheckPlugin();
 $filesDropPlugin = new \OCA\DAV\Files\Sharing\FilesDropPlugin();
 
-$server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, function (\Sabre\DAV\Server $server) use ($authBackend, $linkCheckPlugin, $filesDropPlugin) {
+$server = $serverFactory->createServer($baseuri, $requestUri, $authPlugin, function (\Sabre\DAV\Server $server) use ($authBackend, $linkCheckPlugin, $filesDropPlugin) {
 	$isAjax = (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest');
 	$federatedSharingApp = new \OCA\FederatedFileSharing\AppInfo\Application();
 	$federatedShareProvider = $federatedSharingApp->getFederatedShareProvider();
diff --git a/apps/dav/appinfo/v1/webdav.php b/apps/dav/appinfo/v1/webdav.php
index 32f93b27760..a1ad4ab489d 100644
--- a/apps/dav/appinfo/v1/webdav.php
+++ b/apps/dav/appinfo/v1/webdav.php
@@ -52,9 +52,17 @@ $authBackend = new \OCA\DAV\Connector\Sabre\Auth(
 	\OC::$server->getBruteForceThrottler(),
 	'principals/'
 );
+$authPlugin = new \Sabre\DAV\Auth\Plugin($authBackend);
+$bearerAuthPlugin = new \OCA\DAV\Connector\Sabre\BearerAuth(
+	\OC::$server->getUserSession(),
+	\OC::$server->getSession(),
+	\OC::$server->getRequest()
+);
+$authPlugin->addBackend($bearerAuthPlugin);
+
 $requestUri = \OC::$server->getRequest()->getRequestUri();
 
-$server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, function() {
+$server = $serverFactory->createServer($baseuri, $requestUri, $authPlugin, function() {
 	// use the view for the logged in user
 	return \OC\Files\Filesystem::getView();
 });
diff --git a/apps/dav/lib/Connector/Sabre/ServerFactory.php b/apps/dav/lib/Connector/Sabre/ServerFactory.php
index f04362dfc08..329aa335ea4 100644
--- a/apps/dav/lib/Connector/Sabre/ServerFactory.php
+++ b/apps/dav/lib/Connector/Sabre/ServerFactory.php
@@ -40,6 +40,7 @@ use OCP\IRequest;
 use OCP\ITagManager;
 use OCP\IUserSession;
 use Sabre\DAV\Auth\Backend\BackendInterface;
+use Sabre\DAV\Auth\Plugin;
 
 class ServerFactory {
 	/** @var IConfig */
@@ -92,13 +93,13 @@ class ServerFactory {
 	/**
 	 * @param string $baseUri
 	 * @param string $requestUri
-	 * @param BackendInterface $authBackend
+	 * @param Plugin $authPlugin
 	 * @param callable $viewCallBack callback that should return the view for the dav endpoint
 	 * @return Server
 	 */
 	public function createServer($baseUri,
 								 $requestUri,
-								 BackendInterface $authBackend,
+								 Plugin $authPlugin,
 								 callable $viewCallBack) {
 		// Fire up server
 		$objectTree = new \OCA\DAV\Connector\Sabre\ObjectTree();
@@ -110,7 +111,7 @@ class ServerFactory {
 		// Load plugins
 		$server->addPlugin(new \OCA\DAV\Connector\Sabre\MaintenancePlugin($this->config));
 		$server->addPlugin(new \OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin($this->config));
-		$server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend));
+		$server->addPlugin($authPlugin);
 		// FIXME: The following line is a workaround for legacy components relying on being able to send a GET to /
 		$server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());
 		$server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $this->logger));
diff --git a/apps/dav/tests/unit/Connector/Sabre/RequestTest/RequestTestCase.php b/apps/dav/tests/unit/Connector/Sabre/RequestTest/RequestTestCase.php
index 50e228b7e84..58a729e18ec 100644
--- a/apps/dav/tests/unit/Connector/Sabre/RequestTest/RequestTestCase.php
+++ b/apps/dav/tests/unit/Connector/Sabre/RequestTest/RequestTestCase.php
@@ -138,8 +138,9 @@ abstract class RequestTestCase extends TestCase {
 	 */
 	protected function getSabreServer(View $view, $user, $password, ExceptionPlugin $exceptionPlugin) {
 		$authBackend = new Auth($user, $password);
+		$authPlugin = new \Sabre\DAV\Auth\Plugin($authBackend);
 
-		$server = $this->serverFactory->createServer('/', 'dummy', $authBackend, function () use ($view) {
+		$server = $this->serverFactory->createServer('/', 'dummy', $authPlugin, function () use ($view) {
 			return $view;
 		});
 		$server->addPlugin($exceptionPlugin);
diff --git a/build/integration/features/auth.feature b/build/integration/features/auth.feature
index edcca4bcd4e..679b2465659 100644
--- a/build/integration/features/auth.feature
+++ b/build/integration/features/auth.feature
@@ -53,10 +53,14 @@ Feature: auth
 		When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth
 		Then the HTTP status code should be "207"
 
-	Scenario: using WebDAV with restricted basic token auth
+	Scenario: using old WebDAV endpoint with unrestricted client token
 		When requesting "/remote.php/webdav" with "PROPFIND" using an unrestricted client token
 		Then the HTTP status code should be "207"
 
+	Scenario: using new WebDAV endpoint with unrestricted client token
+		When requesting "/remote.php/dav/" with "PROPFIND" using an unrestricted client token
+		Then the HTTP status code should be "207"
+
 	Scenario: using WebDAV with browser session
 		Given a new browser session is started
 		When requesting "/remote.php/webdav" with "PROPFIND" using browser session