summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVincent Petry <pvince81@owncloud.com>2016-03-24 16:02:36 +0100
committerLukas Reschke <lukas@owncloud.com>2016-03-31 19:31:31 +0200
commit262547ba3d81a870521ad65bca770e9e1b14f229 (patch)
tree3e40af7415b50ae09e80956ecd296c0202d82785
parentbfb5748f1f9d0c76ce311a88ea117c0cb3d7a653 (diff)
downloadnextcloud-server-262547ba3d81a870521ad65bca770e9e1b14f229.tar.gz
nextcloud-server-262547ba3d81a870521ad65bca770e9e1b14f229.zip
Return 401 DummyBasicAuth in case of ajax call
-rw-r--r--apps/dav/appinfo/v1/publicwebdav.php2
-rw-r--r--apps/dav/lib/connector/publicauth.php17
2 files changed, 17 insertions, 2 deletions
diff --git a/apps/dav/appinfo/v1/publicwebdav.php b/apps/dav/appinfo/v1/publicwebdav.php
index b0ee264aac3..558a8238666 100644
--- a/apps/dav/appinfo/v1/publicwebdav.php
+++ b/apps/dav/appinfo/v1/publicwebdav.php
@@ -32,7 +32,7 @@ OC_App::loadApps($RUNTIME_APPTYPES);
OC_Util::obEnd();
// Backends
-$authBackend = new OCA\DAV\Connector\PublicAuth(\OC::$server->getConfig());
+$authBackend = new OCA\DAV\Connector\PublicAuth(\OC::$server->getConfig(), \OC::$server->getRequest());
$serverFactory = new OCA\DAV\Connector\Sabre\ServerFactory(
\OC::$server->getConfig(),
diff --git a/apps/dav/lib/connector/publicauth.php b/apps/dav/lib/connector/publicauth.php
index f069a214fe8..fc9b98c4834 100644
--- a/apps/dav/lib/connector/publicauth.php
+++ b/apps/dav/lib/connector/publicauth.php
@@ -26,6 +26,8 @@
namespace OCA\DAV\Connector;
+use OCP\IRequest;
+
class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
/**
@@ -36,10 +38,17 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
private $share;
/**
+ * @var IRequest
+ */
+ private $request;
+
+ /**
* @param \OCP\IConfig $config
+ * @param IRequest $request
*/
- public function __construct($config) {
+ public function __construct($config, $request) {
$this->config = $config;
+ $this->request = $request;
}
/**
@@ -92,6 +101,12 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
&& \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id']) {
return true;
} else {
+ if (in_array('XMLHttpRequest', explode(',', $this->request->getHeader('X-Requested-With')))) {
+ // do not re-authenticate over ajax, use dummy auth name to prevent browser popup
+ header('Status: 401');
+ header('WWW-Authenticate', 'DummyBasic real="ownCloud"');
+ throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
+ }
return false;
}
} else if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_REMOTE) {