diff options
| author | Julius Härtl <jus@bitgrid.net> | 2019-12-23 13:08:10 +0100 |
|---|---|---|
| committer | Julius Härtl <jus@bitgrid.net> | 2020-02-04 15:35:23 +0100 |
| commit | 8fba05db965f188ff49705af5b55eef87373dd8d (patch) | |
| tree | 1dc7b31dd68c77e946d78085392e55dbdf844c09 /apps | |
| parent | d63fc8eea498c2035c54e3081c4256f02193235d (diff) | |
| download | nextcloud-server-8fba05db965f188ff49705af5b55eef87373dd8d.tar.gz nextcloud-server-8fba05db965f188ff49705af5b55eef87373dd8d.zip | |
Check for empty authorization headers for office requests and allow anonymous option on the whole tree
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php | 7 | ||||
| -rw-r--r-- | apps/dav/tests/unit/DAV/AnonymousOptionsTest.php | 17 |
2 files changed, 20 insertions, 4 deletions
diff --git a/apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php b/apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php index e222eb18857..e0aa19c50b3 100644 --- a/apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php +++ b/apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php @@ -62,8 +62,11 @@ class AnonymousOptionsPlugin extends ServerPlugin { */ public function handleAnonymousOptions(RequestInterface $request, ResponseInterface $response) { $isOffice = preg_match('/Microsoft Office/i', $request->getHeader('User-Agent')); - $isAnonymousOption = ($request->getMethod() === 'OPTIONS' && ($request->getHeader('Authorization') === null || trim($request->getHeader('Authorization')) === 'Bearer') && $this->isRequestInRoot($request->getPath())); - $isOfficeHead = $request->getMethod() === 'HEAD' && $isOffice && $request->getHeader('Authorization') === 'Bearer'; + $emptyAuth = $request->getHeader('Authorization') === null + || $request->getHeader('Authorization') === '' + || trim($request->getHeader('Authorization')) === 'Bearer'; + $isAnonymousOption = $request->getMethod() === 'OPTIONS' && $emptyAuth; + $isOfficeHead = $request->getMethod() === 'HEAD' && $isOffice && $emptyAuth; if ($isAnonymousOption || $isOfficeHead) { /** @var CorePlugin $corePlugin */ $corePlugin = $this->server->getPlugin('core'); diff --git a/apps/dav/tests/unit/DAV/AnonymousOptionsTest.php b/apps/dav/tests/unit/DAV/AnonymousOptionsTest.php index a0abac0712a..a61c8e1e550 100644 --- a/apps/dav/tests/unit/DAV/AnonymousOptionsTest.php +++ b/apps/dav/tests/unit/DAV/AnonymousOptionsTest.php @@ -33,7 +33,7 @@ use Sabre\HTTP\Sapi; use Test\TestCase; class AnonymousOptionsTest extends TestCase { - private function sendRequest($method, $path) { + private function sendRequest($method, $path, $userAgent = '') { $server = new Server(); $server->addPlugin(new AnonymousOptionsPlugin()); $server->addPlugin(new Plugin(new BasicCallBack(function() { @@ -42,6 +42,7 @@ class AnonymousOptionsTest extends TestCase { $server->httpRequest->setMethod($method); $server->httpRequest->setUrl($path); + $server->httpRequest->setHeader('User-Agent', $userAgent); $server->sapi = new SapiMock(); $server->exec(); @@ -63,7 +64,19 @@ class AnonymousOptionsTest extends TestCase { public function testAnonymousOptionsNonRootSubDir() { $response = $this->sendRequest('OPTIONS', 'foo/bar'); - $this->assertEquals(401, $response->getStatus()); + $this->assertEquals(200, $response->getStatus()); + } + + public function testAnonymousHead() { + $response = $this->sendRequest('HEAD', '', 'Microsoft Office does strange things'); + + $this->assertEquals(200, $response->getStatus()); + } + + public function testAnonymousHeadNoOffice() { + $response = $this->sendRequest('HEAD', ''); + + $this->assertEquals(401, $response->getStatus(), 'curl'); } } |