diff options
author | Morris Jobke <hey@morrisjobke.de> | 2016-10-24 21:35:53 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-10-24 21:35:53 +0200 |
commit | 8a231a4223a45b7e58bfeb30196c54126fc56521 (patch) | |
tree | 8803341593c58425e500bb52839d768ebf8b776b | |
parent | 567e28b01a4d852aeeec8f8b27fe1a34fde841ae (diff) | |
parent | 8dcef4fb597eab2802f44c9634ef205cb876143b (diff) | |
download | nextcloud-server-8a231a4223a45b7e58bfeb30196c54126fc56521.tar.gz nextcloud-server-8a231a4223a45b7e58bfeb30196c54126fc56521.zip |
Merge pull request #1829 from nextcloud/downstream-26256
Fix login page handling for disabled users
-rw-r--r-- | build/integration/features/bootstrap/BasicStructure.php | 9 | ||||
-rw-r--r-- | build/integration/features/provisioning-v1.feature | 23 | ||||
-rw-r--r-- | index.php | 3 | ||||
-rw-r--r-- | lib/private/legacy/response.php | 1 |
4 files changed, 32 insertions, 4 deletions
diff --git a/build/integration/features/bootstrap/BasicStructure.php b/build/integration/features/bootstrap/BasicStructure.php index a8438927731..2fc940981eb 100644 --- a/build/integration/features/bootstrap/BasicStructure.php +++ b/build/integration/features/bootstrap/BasicStructure.php @@ -179,6 +179,15 @@ trait BasicStructure { } } + /** + * @When /^sending "([^"]*)" with exact url to "([^"]*)"$/ + * @param string $verb + * @param string $url + */ + public function sendingToDirectUrl($verb, $url) { + $this->sendingToWithDirectUrl($verb, $url, null); + } + public function sendingToWithDirectUrl($verb, $url, $body) { $fullUrl = substr($this->baseUrl, 0, -5) . $url; $client = new Client(); diff --git a/build/integration/features/provisioning-v1.feature b/build/integration/features/provisioning-v1.feature index fba69cd6225..98bf321dc64 100644 --- a/build/integration/features/provisioning-v1.feature +++ b/build/integration/features/provisioning-v1.feature @@ -497,16 +497,23 @@ Feature: provisioning And As an "admin" And user "subadmin" is disabled - Scenario: Making a web request with an enabled user - Given As an "admin" + Scenario: Making a ocs request with an enabled user + Given As an "admin" And user "user0" exists And As an "user0" When sending "GET" to "/cloud/capabilities" Then the HTTP status code should be "200" And the OCS status code should be "100" - Scenario: Making a web request with a disabled user - Given As an "admin" + Scenario: Making a web request with an enabled user + Given As an "admin" + And user "user0" exists + And As an "user0" + When sending "GET" with exact url to "/index.php/apps/files" + Then the HTTP status code should be "200" + + Scenario: Making a ocs request with a disabled user + Given As an "admin" And user "user0" exists And assure user "user0" is disabled And As an "user0" @@ -514,3 +521,11 @@ Feature: provisioning Then the OCS status code should be "997" And the HTTP status code should be "401" + Scenario: Making a web request with a disabled user + Given As an "admin" + And user "user0" exists + And assure user "user0" is disabled + And As an "user0" + When sending "GET" with exact url to "/index.php/apps/files" + And the HTTP status code should be "403" + diff --git a/index.php b/index.php index ce4cdf06e7e..cd95b0c7965 100644 --- a/index.php +++ b/index.php @@ -48,6 +48,9 @@ try { } catch (\OC\HintException $ex) { OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); OC_Template::printErrorPage($ex->getMessage(), $ex->getHint()); +} catch (\OC\User\LoginException $ex) { + OC_Response::setStatus(OC_Response::STATUS_FORBIDDEN); + OC_Template::printErrorPage($ex->getMessage(), $ex->getMessage()); } catch (Exception $ex) { \OC::$server->getLogger()->logException($ex, array('app' => 'index')); diff --git a/lib/private/legacy/response.php b/lib/private/legacy/response.php index 0ec27251ba5..88725d5e30b 100644 --- a/lib/private/legacy/response.php +++ b/lib/private/legacy/response.php @@ -33,6 +33,7 @@ class OC_Response { const STATUS_NOT_MODIFIED = 304; const STATUS_TEMPORARY_REDIRECT = 307; const STATUS_BAD_REQUEST = 400; + const STATUS_FORBIDDEN = 403; const STATUS_NOT_FOUND = 404; const STATUS_INTERNAL_SERVER_ERROR = 500; const STATUS_SERVICE_UNAVAILABLE = 503; |