diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2015-01-19 22:23:02 +0100 |
|---|---|---|
| committer | Morris Jobke <hey@morrisjobke.de> | 2015-01-19 22:23:02 +0100 |
| commit | 870bc429b26460734da900ccbab1b760fb9dcb08 (patch) | |
| tree | 09edaa801208c6d44cf7159382823c636eb8feb4 | |
| parent | cbffaff7a00e9d029969d63f795d38a464448dfc (diff) | |
| parent | 730460c9fa758ae2968299d9dcfa82c23e83f5bb (diff) | |
| download | nextcloud-server-870bc429b26460734da900ccbab1b760fb9dcb08.tar.gz nextcloud-server-870bc429b26460734da900ccbab1b760fb9dcb08.zip | |
Merge pull request #13416 from owncloud/reauthenticate-if-session-differs-from-basic-auth
Prioritise Basic Auth header over Cookie
| -rwxr-xr-x | apps/files_encryption/tests/webdav.php | 13 | ||||
| -rw-r--r-- | lib/private/connector/sabre/auth.php | 44 |
2 files changed, 44 insertions, 13 deletions
diff --git a/apps/files_encryption/tests/webdav.php b/apps/files_encryption/tests/webdav.php index 83f4c0a77de..bdbc9d7ef02 100755 --- a/apps/files_encryption/tests/webdav.php +++ b/apps/files_encryption/tests/webdav.php @@ -206,12 +206,17 @@ class Webdav extends TestCase { * handle webdav request * * @param bool $body - * * @note this init procedure is copied from /apps/files/appinfo/remote.php */ function handleWebdavRequest($body = false) { // Backends - $authBackend = new \OC_Connector_Sabre_Auth(); + $authBackend = $this->getMockBuilder('OC_Connector_Sabre_Auth') + ->setMethods(['validateUserPass']) + ->getMock(); + $authBackend->expects($this->any()) + ->method('validateUserPass') + ->will($this->returnValue(true)); + $lockBackend = new \OC_Connector_Sabre_Locks(); $requestBackend = new \OC_Connector_Sabre_Request(); @@ -236,6 +241,10 @@ class Webdav extends TestCase { $server->addPlugin(new \OC_Connector_Sabre_MaintenancePlugin()); $server->debugExceptions = true; + // Totally ugly hack to setup the FS + \OC::$server->getUserSession()->login($this->userId, $this->userId); + \OC_Util::setupFS($this->userId); + // And off we go! if ($body) { $server->httpRequest->setBody($body); diff --git a/lib/private/connector/sabre/auth.php b/lib/private/connector/sabre/auth.php index 6e1baca9332..f40706b73e3 100644 --- a/lib/private/connector/sabre/auth.php +++ b/lib/private/connector/sabre/auth.php @@ -22,25 +22,50 @@ */ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic { + const DAV_AUTHENTICATED = 'AUTHENTICATED_TO_DAV_BACKEND'; + + /** + * Whether the user has initially authenticated via DAV + * + * This is required for WebDAV clients that resent the cookies even when the + * account was changed. + * + * @see https://github.com/owncloud/core/issues/13245 + * + * @param string $username + * @return bool + */ + protected function isDavAuthenticated($username) { + return !is_null(\OC::$server->getSession()->get(self::DAV_AUTHENTICATED)) && + \OC::$server->getSession()->get(self::DAV_AUTHENTICATED) === $username; + } + /** * Validates a username and password * * This method should return true or false depending on if login * succeeded. * + * @param string $username + * @param string $password * @return bool */ protected function validateUserPass($username, $password) { - if (OC_User::isLoggedIn()) { + if (OC_User::isLoggedIn() && + $this->isDavAuthenticated($username) + ) { OC_Util::setupFS(OC_User::getUser()); + \OC::$server->getSession()->close(); return true; } else { - OC_Util::setUpFS();//login hooks may need early access to the filesystem + OC_Util::setUpFS(); //login hooks may need early access to the filesystem if(OC_User::login($username, $password)) { OC_Util::setUpFS(OC_User::getUser()); + \OC::$server->getSession()->set(self::DAV_AUTHENTICATED, $username); + \OC::$server->getSession()->close(); return true; - } - else{ + } else { + \OC::$server->getSession()->close(); return false; } } @@ -55,10 +80,10 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic { */ public function getCurrentUser() { $user = OC_User::getUser(); - if(!$user) { - return null; + if($user && $this->isDavAuthenticated($user)) { + return $user; } - return $user; + return null; } /** @@ -77,9 +102,6 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic { $result = $this->auth($server, $realm); - // close the session - right after authentication there is not need to write to the session any more - \OC::$server->getSession()->close(); - return $result; } @@ -89,7 +111,7 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic { * @return bool */ private function auth(\Sabre\DAV\Server $server, $realm) { - if (OC_User::handleApacheAuth() || OC_User::isLoggedIn()) { + if (OC_User::handleApacheAuth()) { $user = OC_User::getUser(); OC_Util::setupFS($user); $this->currentUser = $user; |