Merge pull request #16114 from owncloud/stable7-backport-15510-and-15465

[stable7] block cron.php and OCS API when in single user mode or maintenance mode

5 files changed, 36 insertions, 16 deletions

diff --git a/cron.php b/cron.php
index d62650bbe9d..75c5335bb4c 100644
--- a/cron.php
+++ b/cron.php
@@ -57,6 +57,11 @@ try {
 		exit;
 	}
 
+	if (\OCP\Config::getSystemValue('singleuser', false)) {
+		\OCP\Util::writeLog('cron', 'We are in admin only mode, skipping cron', \OCP\Util::DEBUG);
+		exit;
+	}
+
 	// load all apps to get all api routes properly setup
 	OC_App::loadApps();
 
diff --git a/lib/base.php b/lib/base.php
index e74d9247c61..1714bd1e5ef 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -254,26 +254,36 @@ class OC {
 			header('Retry-After: 120');
 
 			// render error page
-			$tmpl = new OC_Template('', 'update.user', 'guest');
-			$tmpl->printPage();
+			$template = new OC_Template('', 'update.user', 'guest');
+			$template->printPage();
 			die();
 		}
 	}
 
-	public static function checkSingleUserMode() {
+	public static function checkSingleUserMode($lockIfNoUserLoggedIn = false) {
+		if (!\OCP\Config::getSystemValue('singleuser', false)) {
+			return;
+		}
 		$user = OC_User::getUserSession()->getUser();
-		$group = OC_Group::getManager()->get('admin');
-		if ($user && OC_Config::getValue('singleuser', false) && !$group->inGroup($user)) {
-			// send http status 503
-			header('HTTP/1.1 503 Service Temporarily Unavailable');
-			header('Status: 503 Service Temporarily Unavailable');
-			header('Retry-After: 120');
-
-			// render error page
-			$tmpl = new OC_Template('', 'singleuser.user', 'guest');
-			$tmpl->printPage();
-			die();
+		if ($user) {
+			$group = \OC::$server->getGroupManager()->get('admin');
+			if ($group->inGroup($user)) {
+				return;
+			}
+		} else {
+			if(!$lockIfNoUserLoggedIn) {
+				return;
+			}
 		}
+		// send http status 503
+		header('HTTP/1.1 503 Service Temporarily Unavailable');
+		header('Status: 503 Service Temporarily Unavailable');
+		header('Retry-After: 120');
+
+		// render error page
+		$template = new OC_Template('', 'singleuser.user', 'guest');
+		$template->printPage();
+		die();
 	}
 
 	/**
diff --git a/lib/private/connector/sabre/maintenanceplugin.php b/lib/private/connector/sabre/maintenanceplugin.php
index 0208f3fb5a6..9d50a70ad6f 100644
--- a/lib/private/connector/sabre/maintenanceplugin.php
+++ b/lib/private/connector/sabre/maintenanceplugin.php
@@ -45,6 +45,9 @@ class OC_Connector_Sabre_MaintenancePlugin extends \Sabre\DAV\ServerPlugin
 	 * @return bool
 	 */
 	public function checkMaintenanceMode() {
+		if (\OCP\Config::getSystemValue('singleuser', false)) {
+			throw new \Sabre\DAV\Exception\ServiceUnavailable();
+		}
 		if (OC_Config::getValue('maintenance', false)) {
 			throw new \Sabre\DAV\Exception\ServiceUnavailable();
 		}
diff --git a/ocs/v1.php b/ocs/v1.php
index 0a86fb06411..6ec6b87b8ae 100644
--- a/ocs/v1.php
+++ b/ocs/v1.php
@@ -23,7 +23,9 @@
 
 require_once '../lib/base.php';
 
-if (\OCP\Util::needUpgrade()) {
+if (\OCP\Util::needUpgrade()
+	|| \OCP\Config::getSystemValue('maintenance', false)
+	|| \OCP\Config::getSystemValue('singleuser', false)) {
 	// since the behavior of apps or remotes are unpredictable during
 	// an upgrade, return a 503 directly
 	OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
diff --git a/public.php b/public.php
index 0e04db66da7..ab6331a377a 100644
--- a/public.php
+++ b/public.php
@@ -12,7 +12,7 @@ try {
 	}
 
 	OC::checkMaintenanceMode();
-	OC::checkSingleUserMode();
+	OC::checkSingleUserMode(true);
 	$pathInfo = OC_Request::getPathInfo();
 	if (!$pathInfo && !isset($_GET['service'])) {
 		header('HTTP/1.0 404 Not Found');