summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoeland Jago Douma <rullzer@owncloud.com>2016-01-06 20:48:33 +0100
committerRoeland Jago Douma <rullzer@owncloud.com>2016-01-07 10:44:26 +0100
commit4a38793d111f68d9b00eaff4804293fd10d89a5f (patch)
tree85975c85f429d298c4734b1526dc7bfb98db6648
parent336fe868b2ee3a4105b93b71a1e739c9e412237b (diff)
downloadnextcloud-server-4a38793d111f68d9b00eaff4804293fd10d89a5f.tar.gz
nextcloud-server-4a38793d111f68d9b00eaff4804293fd10d89a5f.zip
Allow only cookie auth to webdav
-rw-r--r--apps/dav/lib/connector/sabre/auth.php5
-rw-r--r--apps/dav/tests/unit/connector/sabre/auth.php18
2 files changed, 19 insertions, 4 deletions
diff --git a/apps/dav/lib/connector/sabre/auth.php b/apps/dav/lib/connector/sabre/auth.php
index 7f4f4a531b1..02b88390bad 100644
--- a/apps/dav/lib/connector/sabre/auth.php
+++ b/apps/dav/lib/connector/sabre/auth.php
@@ -151,7 +151,10 @@ class Auth extends AbstractBasic {
*/
private function auth(RequestInterface $request, ResponseInterface $response) {
if (\OC_User::handleApacheAuth() ||
- ($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED)))
+ //Fix for broken webdav clients
+ ($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) ||
+ //Well behaved clients that only send the cookie are allowed
+ ($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null)
) {
$user = $this->userSession->getUser()->getUID();
\OC_Util::setupFS($user);
diff --git a/apps/dav/tests/unit/connector/sabre/auth.php b/apps/dav/tests/unit/connector/sabre/auth.php
index 217ff5fc3fa..5e1cdfb03d8 100644
--- a/apps/dav/tests/unit/connector/sabre/auth.php
+++ b/apps/dav/tests/unit/connector/sabre/auth.php
@@ -21,6 +21,7 @@
namespace OCA\DAV\Tests\Unit\Connector\Sabre;
+use OCP\IUser;
use Test\TestCase;
use OCP\ISession;
use OCP\IUserSession;
@@ -29,6 +30,7 @@ use OCP\IUserSession;
* Class Auth
*
* @package OCA\DAV\Connector\Sabre
+ * @group DB
*/
class Auth extends TestCase {
/** @var ISession */
@@ -330,21 +332,31 @@ class Auth extends TestCase {
$httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface')
->disableOriginalConstructor()
->getMock();
+ /** @var IUser */
+ $user = $this->getMock('OCP\IUser');
+ $user->method('getUID')->willReturn('MyTestUser');
$this->userSession
->expects($this->any())
->method('isLoggedIn')
->will($this->returnValue(true));
+ $this->userSession
+ ->expects($this->any())
+ ->method('getUser')
+ ->willReturn($user);
$this->session
- ->expects($this->once())
+ ->expects($this->atLeastOnce())
->method('get')
->with('AUTHENTICATED_TO_DAV_BACKEND')
->will($this->returnValue('MyTestUser'));
$httpRequest
- ->expects($this->once())
+ ->expects($this->atLeastOnce())
->method('getHeader')
->with('Authorization')
->will($this->returnValue(null));
- $this->auth->check($httpRequest, $httpResponse);
+ $this->assertEquals(
+ [true, 'principals/users/MyTestUser'],
+ $this->auth->check($httpRequest, $httpResponse)
+ );
}
public function testAuthenticateValidCredentials() {