diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2014-04-28 21:46:52 +0200 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2014-04-28 21:46:52 +0200 |
| commit | 7c0340c63c5559abad481bd1d5da9e7f1cc7e4a9 (patch) | |
| tree | 937637948afcf57562c30f20ab12e2faec47ad05 | |
| parent | 318eaa9f5603a57411b6d928ada6219aebba15fc (diff) | |
| parent | 2d9b46e3b9dc2ceb8e21c23a905891aa9c33151e (diff) | |
| download | nextcloud-server-7c0340c63c5559abad481bd1d5da9e7f1cc7e4a9.tar.gz nextcloud-server-7c0340c63c5559abad481bd1d5da9e7f1cc7e4a9.zip | |
Merge pull request #7852 from josh4trunks/basic_auth_fix
Fixes login / logout when HTTP Basic Headers are avilable.
| -rwxr-xr-x | config/config.sample.php | 3 | ||||
| -rw-r--r-- | lib/base.php | 27 |
2 files changed, 14 insertions, 16 deletions
diff --git a/config/config.sample.php b/config/config.sample.php index 12affc1c81f..3298672bf4a 100755 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -181,9 +181,6 @@ $CONFIG = array( /* Whether ownCloud should log the last successfull cron exec */ "cron_log" => true, -/* Whether http-basic username must equal username to login */ -"basic_auth" => true, - /* * Configure the size in bytes log rotation should happen, 0 or false disables the rotation. * This rotates the current owncloud logfile to a new name, this way the total log usage diff --git a/lib/base.php b/lib/base.php index 37008b5a351..38cd272a89f 100644 --- a/lib/base.php +++ b/lib/base.php @@ -572,17 +572,6 @@ class OC { OC_User::useBackend(new OC_User_Database()); OC_Group::useBackend(new OC_Group_Database()); - $basic_auth = OC_Config::getValue('basic_auth', true); - if ($basic_auth && isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('loginname') - && $_SERVER['PHP_AUTH_USER'] !== self::$session->get('loginname')) { - $sessionUser = self::$session->get('loginname'); - $serverUser = $_SERVER['PHP_AUTH_USER']; - OC_Log::write('core', - "Session loginname ($sessionUser) doesn't match SERVER[PHP_AUTH_USER] ($serverUser).", - OC_Log::WARN); - OC_User::logout(); - } - // Load minimum set of apps - which is filesystem, authentication and logging if (!self::checkUpgrade(false)) { OC_App::loadApps(array('authentication')); @@ -732,8 +721,10 @@ class OC { self::checkUpgrade(); } - // Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP - OC::tryBasicAuthLogin(); + if (!OC_User::isLoggedIn()) { + // Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP + OC::tryBasicAuthLogin(); + } if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) { try { @@ -784,6 +775,15 @@ class OC { if (isset($_COOKIE['oc_token'])) { OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']); } + if (isset($_SERVER['PHP_AUTH_USER'])) { + if (isset($_COOKIE['oc_ignore_php_auth_user'])) { + // Ignore HTTP Authentication for 5 more mintues. + setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); + } elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) { + // Ignore HTTP Authentication to allow a different user to log in. + setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); + } + } OC_User::logout(); // redirect to webroot and add slash if webroot is empty header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); @@ -974,6 +974,7 @@ class OC { protected static function tryBasicAuthLogin() { if (!isset($_SERVER["PHP_AUTH_USER"]) || !isset($_SERVER["PHP_AUTH_PW"]) + || (isset($_COOKIE['oc_ignore_php_auth_user']) && $_COOKIE['oc_ignore_php_auth_user'] === $_SERVER['PHP_AUTH_USER']) ) { return false; } |