summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Müller <thomas.mueller@tmit.eu>2016-01-08 20:09:16 +0100
committerThomas Müller <thomas.mueller@tmit.eu>2016-01-08 20:09:16 +0100
commit1f21f0eb7334730a11b51f8bbef84253add765b3 (patch)
treeda48f97a4402562444f9370242dba1bb85eb0e65
parent2659661cb03e23930e9cd47fefd2b1e39fdcad78 (diff)
parent4a38793d111f68d9b00eaff4804293fd10d89a5f (diff)
downloadnextcloud-server-1f21f0eb7334730a11b51f8bbef84253add765b3.tar.gz
nextcloud-server-1f21f0eb7334730a11b51f8bbef84253add765b3.zip
Merge pull request #21491 from owncloud/webdav_auth_no_basic_auth
Also allow 'only cookie' auth to webdav
-rw-r--r--apps/dav/lib/connector/sabre/auth.php5
-rw-r--r--apps/dav/tests/unit/connector/sabre/auth.php18
2 files changed, 19 insertions, 4 deletions
diff --git a/apps/dav/lib/connector/sabre/auth.php b/apps/dav/lib/connector/sabre/auth.php
index 7f4f4a531b1..02b88390bad 100644
--- a/apps/dav/lib/connector/sabre/auth.php
+++ b/apps/dav/lib/connector/sabre/auth.php
@@ -151,7 +151,10 @@ class Auth extends AbstractBasic {
*/
private function auth(RequestInterface $request, ResponseInterface $response) {
if (\OC_User::handleApacheAuth() ||
- ($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED)))
+ //Fix for broken webdav clients
+ ($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) ||
+ //Well behaved clients that only send the cookie are allowed
+ ($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null)
) {
$user = $this->userSession->getUser()->getUID();
\OC_Util::setupFS($user);
diff --git a/apps/dav/tests/unit/connector/sabre/auth.php b/apps/dav/tests/unit/connector/sabre/auth.php
index 217ff5fc3fa..5e1cdfb03d8 100644
--- a/apps/dav/tests/unit/connector/sabre/auth.php
+++ b/apps/dav/tests/unit/connector/sabre/auth.php
@@ -21,6 +21,7 @@
namespace OCA\DAV\Tests\Unit\Connector\Sabre;
+use OCP\IUser;
use Test\TestCase;
use OCP\ISession;
use OCP\IUserSession;
@@ -29,6 +30,7 @@ use OCP\IUserSession;
* Class Auth
*
* @package OCA\DAV\Connector\Sabre
+ * @group DB
*/
class Auth extends TestCase {
/** @var ISession */
@@ -330,21 +332,31 @@ class Auth extends TestCase {
$httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface')
->disableOriginalConstructor()
->getMock();
+ /** @var IUser */
+ $user = $this->getMock('OCP\IUser');
+ $user->method('getUID')->willReturn('MyTestUser');
$this->userSession
->expects($this->any())
->method('isLoggedIn')
->will($this->returnValue(true));
+ $this->userSession
+ ->expects($this->any())
+ ->method('getUser')
+ ->willReturn($user);
$this->session
- ->expects($this->once())
+ ->expects($this->atLeastOnce())
->method('get')
->with('AUTHENTICATED_TO_DAV_BACKEND')
->will($this->returnValue('MyTestUser'));
$httpRequest
- ->expects($this->once())
+ ->expects($this->atLeastOnce())
->method('getHeader')
->with('Authorization')
->will($this->returnValue(null));
- $this->auth->check($httpRequest, $httpResponse);
+ $this->assertEquals(
+ [true, 'principals/users/MyTestUser'],
+ $this->auth->check($httpRequest, $httpResponse)
+ );
}
public function testAuthenticateValidCredentials() {