diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2015-11-26 16:14:49 +0100 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2015-11-26 17:04:21 +0100 |
| commit | d02e0eaaf1e2c467ee0b2acb99f85414eac4a813 (patch) | |
| tree | 4acc87a064fb0ad4bef15f9579d7a4af4453cb9a /apps | |
| parent | 60682e17047df19c9486bfc21a993e08bbfce5ce (diff) | |
| download | nextcloud-server-d02e0eaaf1e2c467ee0b2acb99f85414eac4a813.tar.gz nextcloud-server-d02e0eaaf1e2c467ee0b2acb99f85414eac4a813.zip | |
Only reject ajax auth if user is really logged out
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/dav/lib/connector/sabre/auth.php | 2 | ||||
| -rw-r--r-- | apps/dav/tests/unit/connector/sabre/auth.php | 30 |
2 files changed, 31 insertions, 1 deletions
diff --git a/apps/dav/lib/connector/sabre/auth.php b/apps/dav/lib/connector/sabre/auth.php index 655152a2cc1..d57fdb98f9e 100644 --- a/apps/dav/lib/connector/sabre/auth.php +++ b/apps/dav/lib/connector/sabre/auth.php @@ -159,7 +159,7 @@ class Auth extends AbstractBasic { return [true, $this->principalPrefix . $user]; } - if ($request->getHeader('X-Requested-With') === 'XMLHttpRequest') { + if (!$this->userSession->isLoggedIn() && $request->getHeader('X-Requested-With') === 'XMLHttpRequest') { // do not re-authenticate over ajax, use dummy auth name to prevent browser popup $response->addHeader('WWW-Authenticate','DummyBasic realm="' . $this->realm . '"'); $response->setStatus(401); diff --git a/apps/dav/tests/unit/connector/sabre/auth.php b/apps/dav/tests/unit/connector/sabre/auth.php index 595bd441617..8010378f464 100644 --- a/apps/dav/tests/unit/connector/sabre/auth.php +++ b/apps/dav/tests/unit/connector/sabre/auth.php @@ -309,6 +309,10 @@ class Auth extends TestCase { $httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface') ->disableOriginalConstructor() ->getMock(); + $this->userSession + ->expects($this->any()) + ->method('isLoggedIn') + ->will($this->returnValue(false)); $httpRequest ->expects($this->once()) ->method('getHeader') @@ -317,6 +321,32 @@ class Auth extends TestCase { $this->auth->check($httpRequest, $httpResponse); } + public function testAuthenticateNoBasicAuthenticateHeadersProvidedWithAjaxButUserIsStillLoggedIn() { + /** @var \Sabre\HTTP\RequestInterface $httpRequest */ + $httpRequest = $this->getMockBuilder('\Sabre\HTTP\RequestInterface') + ->disableOriginalConstructor() + ->getMock(); + /** @var \Sabre\HTTP\ResponseInterface $httpResponse */ + $httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface') + ->disableOriginalConstructor() + ->getMock(); + $this->userSession + ->expects($this->any()) + ->method('isLoggedIn') + ->will($this->returnValue(true)); + $this->session + ->expects($this->once()) + ->method('get') + ->with('AUTHENTICATED_TO_DAV_BACKEND') + ->will($this->returnValue('MyTestUser')); + $httpRequest + ->expects($this->once()) + ->method('getHeader') + ->with('Authorization') + ->will($this->returnValue(null)); + $this->auth->check($httpRequest, $httpResponse); + } + public function testAuthenticateValidCredentials() { $server = $this->getMockBuilder('\Sabre\DAV\Server') ->disableOriginalConstructor() |