diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2016-06-15 10:45:55 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-06-15 10:45:55 +0200 |
| commit | 3e9353dd699b4ed9a568bfbf30e115da422f7447 (patch) | |
| tree | f110d146949b71b70e73ed2dcf6e88f6d9c28202 /lib | |
| parent | 02e8021b1a8a97a41dfb66ff70b27a4717bb225c (diff) | |
| parent | 465807490d7648e5675f1cdbc5b1d232cda4feee (diff) | |
| download | nextcloud-server-3e9353dd699b4ed9a568bfbf30e115da422f7447.tar.gz nextcloud-server-3e9353dd699b4ed9a568bfbf30e115da422f7447.zip | |
Merge pull request #25082 from owncloud/fix-sessionless-clients
Fix sessionless clients
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/AppFramework/Middleware/Security/CORSMiddleware.php | 2 | ||||
| -rw-r--r-- | lib/private/User/Session.php | 18 |
2 files changed, 17 insertions, 3 deletions
diff --git a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php index d84e9963436..69bfeb5e9bb 100644 --- a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php @@ -89,7 +89,7 @@ class CORSMiddleware extends Middleware { $pass = $this->request->server['PHP_AUTH_PW']; $this->session->logout(); - if(!$this->session->logClientIn($user, $pass)) { + if(!$this->session->logClientIn($user, $pass, $this->request)) { throw new SecurityException('CORS requires basic auth', Http::STATUS_UNAUTHORIZED); } } diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index f560bb4bfc0..0cebb3e0613 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -348,10 +348,11 @@ class Session implements IUserSession, Emitter { * * @param string $user * @param string $password + * @param IRequest $request * @throws LoginException * @return boolean */ - public function logClientIn($user, $password) { + public function logClientIn($user, $password, IRequest $request) { $isTokenPassword = $this->isTokenPassword($password); if (!$isTokenPassword && $this->isTokenAuthEnforced()) { // TODO: throw LoginException instead (https://github.com/owncloud/core/pull/24616) @@ -368,9 +369,22 @@ class Session implements IUserSession, Emitter { } return false; } + + if ($this->supportsCookies($request)) { + $this->createSessionToken($request, $this->getUser()->getUID(), $user, $password); + } + return true; } + protected function supportsCookies(IRequest $request) { + if (!is_null($request->getCookie('cookie_test'))) { + return true; + } + setcookie('cookie_test', 'test', $this->timeFacory->getTime() + 3600); + return false; + } + private function isTokenAuthEnforced() { return $this->config->getSystemValue('token_auth_enforced', false); } @@ -428,7 +442,7 @@ class Session implements IUserSession, Emitter { */ public function tryBasicAuthLogin(IRequest $request) { if (!empty($request->server['PHP_AUTH_USER']) && !empty($request->server['PHP_AUTH_PW'])) { - $result = $this->logClientIn($request->server['PHP_AUTH_USER'], $request->server['PHP_AUTH_PW']); + $result = $this->logClientIn($request->server['PHP_AUTH_USER'], $request->server['PHP_AUTH_PW'], $request); if ($result === true) { /** * Add DAV authenticated. This should in an ideal world not be |