summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMorris Jobke <hey@morrisjobke.de>2016-10-24 21:35:53 +0200
committerGitHub <noreply@github.com>2016-10-24 21:35:53 +0200
commit8a231a4223a45b7e58bfeb30196c54126fc56521 (patch)
tree8803341593c58425e500bb52839d768ebf8b776b
parent567e28b01a4d852aeeec8f8b27fe1a34fde841ae (diff)
parent8dcef4fb597eab2802f44c9634ef205cb876143b (diff)
downloadnextcloud-server-8a231a4223a45b7e58bfeb30196c54126fc56521.tar.gz
nextcloud-server-8a231a4223a45b7e58bfeb30196c54126fc56521.zip
Merge pull request #1829 from nextcloud/downstream-26256
Fix login page handling for disabled users
-rw-r--r--build/integration/features/bootstrap/BasicStructure.php9
-rw-r--r--build/integration/features/provisioning-v1.feature23
-rw-r--r--index.php3
-rw-r--r--lib/private/legacy/response.php1
4 files changed, 32 insertions, 4 deletions
diff --git a/build/integration/features/bootstrap/BasicStructure.php b/build/integration/features/bootstrap/BasicStructure.php
index a8438927731..2fc940981eb 100644
--- a/build/integration/features/bootstrap/BasicStructure.php
+++ b/build/integration/features/bootstrap/BasicStructure.php
@@ -179,6 +179,15 @@ trait BasicStructure {
}
}
+ /**
+ * @When /^sending "([^"]*)" with exact url to "([^"]*)"$/
+ * @param string $verb
+ * @param string $url
+ */
+ public function sendingToDirectUrl($verb, $url) {
+ $this->sendingToWithDirectUrl($verb, $url, null);
+ }
+
public function sendingToWithDirectUrl($verb, $url, $body) {
$fullUrl = substr($this->baseUrl, 0, -5) . $url;
$client = new Client();
diff --git a/build/integration/features/provisioning-v1.feature b/build/integration/features/provisioning-v1.feature
index fba69cd6225..98bf321dc64 100644
--- a/build/integration/features/provisioning-v1.feature
+++ b/build/integration/features/provisioning-v1.feature
@@ -497,16 +497,23 @@ Feature: provisioning
And As an "admin"
And user "subadmin" is disabled
- Scenario: Making a web request with an enabled user
- Given As an "admin"
+ Scenario: Making a ocs request with an enabled user
+ Given As an "admin"
And user "user0" exists
And As an "user0"
When sending "GET" to "/cloud/capabilities"
Then the HTTP status code should be "200"
And the OCS status code should be "100"
- Scenario: Making a web request with a disabled user
- Given As an "admin"
+ Scenario: Making a web request with an enabled user
+ Given As an "admin"
+ And user "user0" exists
+ And As an "user0"
+ When sending "GET" with exact url to "/index.php/apps/files"
+ Then the HTTP status code should be "200"
+
+ Scenario: Making a ocs request with a disabled user
+ Given As an "admin"
And user "user0" exists
And assure user "user0" is disabled
And As an "user0"
@@ -514,3 +521,11 @@ Feature: provisioning
Then the OCS status code should be "997"
And the HTTP status code should be "401"
+ Scenario: Making a web request with a disabled user
+ Given As an "admin"
+ And user "user0" exists
+ And assure user "user0" is disabled
+ And As an "user0"
+ When sending "GET" with exact url to "/index.php/apps/files"
+ And the HTTP status code should be "403"
+
diff --git a/index.php b/index.php
index ce4cdf06e7e..cd95b0c7965 100644
--- a/index.php
+++ b/index.php
@@ -48,6 +48,9 @@ try {
} catch (\OC\HintException $ex) {
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
OC_Template::printErrorPage($ex->getMessage(), $ex->getHint());
+} catch (\OC\User\LoginException $ex) {
+ OC_Response::setStatus(OC_Response::STATUS_FORBIDDEN);
+ OC_Template::printErrorPage($ex->getMessage(), $ex->getMessage());
} catch (Exception $ex) {
\OC::$server->getLogger()->logException($ex, array('app' => 'index'));
diff --git a/lib/private/legacy/response.php b/lib/private/legacy/response.php
index 0ec27251ba5..88725d5e30b 100644
--- a/lib/private/legacy/response.php
+++ b/lib/private/legacy/response.php
@@ -33,6 +33,7 @@ class OC_Response {
const STATUS_NOT_MODIFIED = 304;
const STATUS_TEMPORARY_REDIRECT = 307;
const STATUS_BAD_REQUEST = 400;
+ const STATUS_FORBIDDEN = 403;
const STATUS_NOT_FOUND = 404;
const STATUS_INTERNAL_SERVER_ERROR = 500;
const STATUS_SERVICE_UNAVAILABLE = 503;