Merge pull request #7632 from owncloud/fix-7582-master

we first shall check if the current session is valid - otherwise the ses...

1 files changed, 12 insertions, 11 deletions

diff --git a/lib/private/api.php b/lib/private/api.php
index 3f96196e6df..1537cc11dd0 100644
--- a/lib/private/api.php
+++ b/lib/private/api.php
@@ -270,6 +270,18 @@ class OC_API {
 	 * @return string|false (username, or false on failure)
 	 */
 	private static function loginUser(){
+
+		// reuse existing login
+		$loggedIn = OC_User::isLoggedIn();
+		$ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false;
+		if ($loggedIn === true && $ocsApiRequest) {
+
+			// initialize the user's filesystem
+			\OC_Util::setUpFS(\OC_User::getUser());
+
+			return OC_User::getUser();
+		}
+
 		// basic auth
 		$authUser = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '';
 		$authPw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '';
@@ -283,17 +295,6 @@ class OC_API {
 			return $authUser;
 		}
 
-		// reuse existing login
-		$loggedIn = OC_User::isLoggedIn();
-		$ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false;
-		if ($loggedIn === true && $ocsApiRequest) {
-
-			// initialize the user's filesystem
-			\OC_Util::setUpFS(\OC_User::getUser());
-
-			return OC_User::getUser();
-		}
-
 		return false;
 	}