diff options
| author | Christian Seiler <christian@iwakd.de> | 2015-02-16 23:34:49 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-02-23 10:25:42 +0100 |
| commit | 62029c354168a13c1a0a14ea67d36bb00a42e533 (patch) | |
| tree | b1e5d36e909831900caf2e7103172cd03948c0d3 /lib/private/connector | |
| parent | 9735fbb0f4565e428a3472dc9e9237f748e974c4 (diff) | |
| download | nextcloud-server-62029c354168a13c1a0a14ea67d36bb00a42e533.tar.gz nextcloud-server-62029c354168a13c1a0a14ea67d36bb00a42e533.zip | |
DAV authentication: use Owncloud's internal user instead of HTTP-supplied one
Fixes: #14048, #14104, calendar#712
Diffstat (limited to 'lib/private/connector')
| -rw-r--r-- | lib/private/connector/sabre/auth.php | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/private/connector/sabre/auth.php b/lib/private/connector/sabre/auth.php index 533d250d68e..6f7c429fd38 100644 --- a/lib/private/connector/sabre/auth.php +++ b/lib/private/connector/sabre/auth.php @@ -60,8 +60,11 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic { } else { OC_Util::setUpFS(); //login hooks may need early access to the filesystem if(OC_User::login($username, $password)) { - OC_Util::setUpFS(OC_User::getUser()); - \OC::$server->getSession()->set(self::DAV_AUTHENTICATED, $username); + // make sure we use owncloud's internal username here + // and not the HTTP auth supplied one, see issue #14048 + $ocUser = OC_User::getUser(); + OC_Util::setUpFS($ocUser); + \OC::$server->getSession()->set(self::DAV_AUTHENTICATED, $ocUser); \OC::$server->getSession()->close(); return true; } else { |