diff options
| author | Arthur Schiwon <blizzz@owncloud.com> | 2013-12-11 13:56:45 +0100 |
|---|---|---|
| committer | Arthur Schiwon <blizzz@owncloud.com> | 2013-12-13 16:58:03 +0100 |
| commit | 91d6a6dd7c350c5ab6e879089a1b7b1be3e82b0f (patch) | |
| tree | 80d8b603bc1c607101ab74851c4aaaf6b61f2fc1 | |
| parent | 6408125edcb648661f4dd42e8fa1233dcbdf262b (diff) | |
| download | nextcloud-server-91d6a6dd7c350c5ab6e879089a1b7b1be3e82b0f.tar.gz nextcloud-server-91d6a6dd7c350c5ab6e879089a1b7b1be3e82b0f.zip | |
On webdav sesssions, loginname was compared to username which does not need to match necessarily
| -rw-r--r-- | lib/base.php | 7 | ||||
| -rw-r--r-- | lib/private/user/session.php | 34 |
2 files changed, 37 insertions, 4 deletions
diff --git a/lib/base.php b/lib/base.php index a6033f03f8c..473be9da4b3 100644 --- a/lib/base.php +++ b/lib/base.php @@ -527,10 +527,9 @@ class OC { OC_User::useBackend(new OC_User_Database()); OC_Group::useBackend(new OC_Group_Database()); - if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('user_id') - && $_SERVER['PHP_AUTH_USER'] != self::$session->get('user_id')) { - $sessionUser = self::$session->get('user_id'); + && $_SERVER['PHP_AUTH_USER'] != self::$session->get('loginname')) { + $sessionUser = self::$session->get('loginname'); $serverUser = $_SERVER['PHP_AUTH_USER']; OC_Log::write('core', "Session user-id ($sessionUser) doesn't match SERVER[PHP_AUTH_USER] ($serverUser).", @@ -805,7 +804,7 @@ class OC { if ( OC_Config::getValue('log_authfailip', false) ) { OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:'.$_SERVER['REMOTE_ADDR'], OC_Log::WARN); - } else { + } else { OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:set log_authfailip=true in conf', OC_Log::WARN); } diff --git a/lib/private/user/session.php b/lib/private/user/session.php index 9c9bee3da25..c2885d00413 100644 --- a/lib/private/user/session.php +++ b/lib/private/user/session.php @@ -113,6 +113,38 @@ class Session implements Emitter, \OCP\IUserSession { } /** + * set the login name + * + * @param string login name for the logged in user + */ + public function setLoginname($loginname) { + if (is_null($loginname)) { + $this->session->remove('loginname'); + } else { + $this->session->set('loginname', $loginname); + } + } + + /** + * get the login name of the current user + * + * @return string + */ + public function getLoginname() { + if ($this->activeUser) { + return $this->session->get('loginname'); + } else { + $uid = $this->session->get('user_id'); + if ($uid) { + $this->activeUser = $this->manager->get($uid); + return $this->session->get('loginname'); + } else { + return null; + } + } + } + + /** * try to login with the provided credentials * * @param string $uid @@ -126,6 +158,7 @@ class Session implements Emitter, \OCP\IUserSession { if (!is_null($user)) { if ($user->isEnabled()) { $this->setUser($user); + $this->setLoginname($uid); $this->manager->emit('\OC\User', 'postLogin', array($user, $password)); return true; } else { @@ -143,6 +176,7 @@ class Session implements Emitter, \OCP\IUserSession { public function logout() { $this->manager->emit('\OC\User', 'logout'); $this->setUser(null); + $this->setLoginname(null); $this->unsetMagicInCookie(); } |