Merge pull request #24826 from owncloud/cors-client-login

use client login method on CORS routes

2 files changed, 12 insertions, 11 deletions

diff --git a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
index 2b9a072e59a..d84e9963436 100644
--- a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
@@ -26,13 +26,13 @@ namespace OC\AppFramework\Middleware\Security;
 
 use OC\AppFramework\Middleware\Security\Exceptions\SecurityException;
 use OC\AppFramework\Utility\ControllerMethodReflector;
+use OC\User\Session;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\JSONResponse;
-use OCP\IRequest;
-use OCP\IUserSession;
 use OCP\AppFramework\Http\Response;
 use OCP\AppFramework\Middleware;
+use OCP\IRequest;
 
 /**
  * This middleware sets the correct CORS headers on a response if the
@@ -53,18 +53,18 @@ class CORSMiddleware extends Middleware {
 	private $reflector;
 
 	/**
-	 * @var IUserSession
+	 * @var Session
 	 */
 	private $session;
 
 	/**
 	 * @param IRequest $request
 	 * @param ControllerMethodReflector $reflector
-	 * @param IUserSession $session
+	 * @param Session $session
 	 */
 	public function __construct(IRequest $request,
 								ControllerMethodReflector $reflector,
-								IUserSession $session) {
+								Session $session) {
 		$this->request = $request;
 		$this->reflector = $reflector;
 		$this->session = $session;
@@ -89,7 +89,7 @@ class CORSMiddleware extends Middleware {
 			$pass = $this->request->server['PHP_AUTH_PW'];
 
 			$this->session->logout();
-			if(!$this->session->login($user, $pass)) {
+			if(!$this->session->logClientIn($user, $pass)) {
 				throw new SecurityException('CORS requires basic auth', Http::STATUS_UNAUTHORIZED);
 			}
 		}
diff --git a/tests/lib/AppFramework/Middleware/Security/CORSMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/CORSMiddlewareTest.php
index 8e53c9202cf..a398dc2320c 100644
--- a/tests/lib/AppFramework/Middleware/Security/CORSMiddlewareTest.php
+++ b/tests/lib/AppFramework/Middleware/Security/CORSMiddlewareTest.php
@@ -16,7 +16,6 @@ use OC\AppFramework\Http\Request;
 use OC\AppFramework\Middleware\Security\CORSMiddleware;
 use OC\AppFramework\Utility\ControllerMethodReflector;
 use OC\AppFramework\Middleware\Security\Exceptions\SecurityException;
-use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\JSONResponse;
 use OCP\AppFramework\Http\Response;
 
@@ -29,7 +28,9 @@ class CORSMiddlewareTest extends \Test\TestCase {
 	protected function setUp() {
 		parent::setUp();
 		$this->reflector = new ControllerMethodReflector();
-		$this->session = $this->getMock('\OCP\IUserSession');
+		$this->session = $this->getMockBuilder('\OC\User\Session')
+			->disableOriginalConstructor()
+			->getMock();
 	}
 
 	/**
@@ -127,7 +128,7 @@ class CORSMiddlewareTest extends \Test\TestCase {
 		$this->session->expects($this->never())
 			->method('logout');
 		$this->session->expects($this->never())
-			->method('login')
+			->method('logClientIn')
 			->with($this->equalTo('user'), $this->equalTo('pass'))
 			->will($this->returnValue(true));
 		$this->reflector->reflect($this, __FUNCTION__);
@@ -150,7 +151,7 @@ class CORSMiddlewareTest extends \Test\TestCase {
 		$this->session->expects($this->once())
 			->method('logout');
 		$this->session->expects($this->once())
-			->method('login')
+			->method('logClientIn')
 			->with($this->equalTo('user'), $this->equalTo('pass'))
 			->will($this->returnValue(true));
 		$this->reflector->reflect($this, __FUNCTION__);
@@ -175,7 +176,7 @@ class CORSMiddlewareTest extends \Test\TestCase {
 		$this->session->expects($this->once())
 			->method('logout');
 		$this->session->expects($this->once())
-			->method('login')
+			->method('logClientIn')
 			->with($this->equalTo('user'), $this->equalTo('pass'))
 			->will($this->returnValue(false));
 		$this->reflector->reflect($this, __FUNCTION__);