Merge pull request #12917 from owncloud/fix-ocs-12915-api

Move basic auth login out of `isLoggedIn`

3 files changed, 17 insertions, 6 deletions

diff --git a/lib/base.php b/lib/base.php
index 1dd259b0914..ae87ecff394 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -766,6 +766,7 @@ class OC {
 				// For guests: Load only authentication, filesystem and logging
 				OC_App::loadApps(array('authentication'));
 				OC_App::loadApps(array('filesystem', 'logging'));
+				\OC_User::tryBasicAuthLogin();
 			}
 		}
 
diff --git a/lib/private/api.php b/lib/private/api.php
index 66b763fdc3e..35a09c5cd1b 100644
--- a/lib/private/api.php
+++ b/lib/private/api.php
@@ -47,6 +47,7 @@ class OC_API {
 	 */
 	protected static $actions = array();
 	private static $logoutRequired = false;
+	private static $isLoggedIn = false;
 
 	/**
 	 * registers an api call
@@ -269,7 +270,10 @@ class OC_API {
 	 * http basic auth
 	 * @return string|false (username, or false on failure)
 	 */
-	private static function loginUser(){
+	private static function loginUser() {
+		if(self::$isLoggedIn === true) {
+			return \OC_User::getUser();
+		}
 
 		// reuse existing login
 		$loggedIn = OC_User::isLoggedIn();
@@ -279,6 +283,7 @@ class OC_API {
 
 				// initialize the user's filesystem
 				\OC_Util::setUpFS(\OC_User::getUser());
+				self::$isLoggedIn = true;
 
 				return OC_User::getUser();
 			}
@@ -296,6 +301,7 @@ class OC_API {
 
 				// initialize the user's filesystem
 				\OC_Util::setUpFS(\OC_User::getUser());
+				self::$isLoggedIn = true;
 
 				return $authUser;
 			}
diff --git a/lib/private/user.php b/lib/private/user.php
index ff45e9e26a6..9a2ea3ef74f 100644
--- a/lib/private/user.php
+++ b/lib/private/user.php
@@ -320,6 +320,15 @@ class OC_User {
 	}
 
 	/**
+	 * Tries to login the user with HTTP Basic Authentication
+	 */
+	public static function tryBasicAuthLogin() {
+		if(!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
+			\OC_User::login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+		}
+	}
+
+	/**
 	 * Check if the user is logged in, considers also the HTTP basic credentials
 	 * @return bool
 	 */
@@ -328,11 +337,6 @@ class OC_User {
 			return self::userExists(\OC::$server->getSession()->get('user_id'));
 		}
 
-		// Check whether the user has authenticated using Basic Authentication
-		if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
-			return \OC_User::login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-		}
-
 		return false;
 	}