diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2015-11-27 13:16:01 +0100 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-11-27 13:16:01 +0100 |
| commit | 1d30f0fcdb38f82d7b5a79cb334a1f670b01d846 (patch) | |
| tree | 59ce552572bcb31cfda27aee0e70bef810f2f9e9 | |
| parent | d0059da7f395a4d86d896a4bfaf4e03f942f5fe1 (diff) | |
| parent | d02e0eaaf1e2c467ee0b2acb99f85414eac4a813 (diff) | |
| download | nextcloud-server-1d30f0fcdb38f82d7b5a79cb334a1f670b01d846.tar.gz nextcloud-server-1d30f0fcdb38f82d7b5a79cb334a1f670b01d846.zip | |
Merge pull request #20760 from owncloud/webdav-authredirectfix
Only reject ajax auth if user is really logged out
| -rw-r--r-- | apps/dav/lib/connector/sabre/auth.php | 2 | ||||
| -rw-r--r-- | apps/dav/tests/unit/connector/sabre/auth.php | 30 |
2 files changed, 31 insertions, 1 deletions
diff --git a/apps/dav/lib/connector/sabre/auth.php b/apps/dav/lib/connector/sabre/auth.php index 803db78ecd7..4f319770234 100644 --- a/apps/dav/lib/connector/sabre/auth.php +++ b/apps/dav/lib/connector/sabre/auth.php @@ -160,7 +160,7 @@ class Auth extends AbstractBasic { return [true, $this->principalPrefix . $user]; } - if ($request->getHeader('X-Requested-With') === 'XMLHttpRequest') { + if (!$this->userSession->isLoggedIn() && $request->getHeader('X-Requested-With') === 'XMLHttpRequest') { // do not re-authenticate over ajax, use dummy auth name to prevent browser popup $response->addHeader('WWW-Authenticate','DummyBasic realm="' . $this->realm . '"'); $response->setStatus(401); diff --git a/apps/dav/tests/unit/connector/sabre/auth.php b/apps/dav/tests/unit/connector/sabre/auth.php index 47dd237b761..217ff5fc3fa 100644 --- a/apps/dav/tests/unit/connector/sabre/auth.php +++ b/apps/dav/tests/unit/connector/sabre/auth.php @@ -309,6 +309,10 @@ class Auth extends TestCase { $httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface') ->disableOriginalConstructor() ->getMock(); + $this->userSession + ->expects($this->any()) + ->method('isLoggedIn') + ->will($this->returnValue(false)); $httpRequest ->expects($this->once()) ->method('getHeader') @@ -317,6 +321,32 @@ class Auth extends TestCase { $this->auth->check($httpRequest, $httpResponse); } + public function testAuthenticateNoBasicAuthenticateHeadersProvidedWithAjaxButUserIsStillLoggedIn() { + /** @var \Sabre\HTTP\RequestInterface $httpRequest */ + $httpRequest = $this->getMockBuilder('\Sabre\HTTP\RequestInterface') + ->disableOriginalConstructor() + ->getMock(); + /** @var \Sabre\HTTP\ResponseInterface $httpResponse */ + $httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface') + ->disableOriginalConstructor() + ->getMock(); + $this->userSession + ->expects($this->any()) + ->method('isLoggedIn') + ->will($this->returnValue(true)); + $this->session + ->expects($this->once()) + ->method('get') + ->with('AUTHENTICATED_TO_DAV_BACKEND') + ->will($this->returnValue('MyTestUser')); + $httpRequest + ->expects($this->once()) + ->method('getHeader') + ->with('Authorization') + ->will($this->returnValue(null)); + $this->auth->check($httpRequest, $httpResponse); + } + public function testAuthenticateValidCredentials() { $server = $this->getMockBuilder('\Sabre\DAV\Server') ->disableOriginalConstructor() |