diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-01-20 09:53:03 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-01-20 10:03:14 +0100 |
| commit | 476579b9c64753ec4e614b64f5a931b39eb2ddaa (patch) | |
| tree | fec90ee6895687e0cb59b62e2991dc62d7b4004e /lib | |
| parent | 2ac015256fda60f684952131f220cd3db5a616ba (diff) | |
| download | nextcloud-server-476579b9c64753ec4e614b64f5a931b39eb2ddaa.tar.gz nextcloud-server-476579b9c64753ec4e614b64f5a931b39eb2ddaa.zip | |
Fix WebDAV auth for session authentication only
\Sabre\DAV\Auth\Backend\AbstractBasic::authenticate was only calling \OC_Connector_Sabre_Auth::validateUserPass when the response of \Sabre\HTTP\BasicAuth::getUserPass was not null.
However, there is a case where the value can be null and the user could be authenticated anyways: The authentication via ownCloud web-interface and then accessing WebDAV resources. This was not possible anymore with this patch because it never reached the code path in this scenario.
This patchs allows authenticating with a session without isDavAuthenticated value stored (this is for ugly WebDAV clients that send the cookie in any case) and thus the functionality should work again.
To test this go to the admin settings and test if the WebDAV check works fine. Furthermore all the usual stuff (WebDAV / Shibboleth / etc...) needs testing as well.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/connector/sabre/auth.php | 6 | ||||
| -rw-r--r-- | lib/private/user.php | 2 |
2 files changed, 5 insertions, 3 deletions
diff --git a/lib/private/connector/sabre/auth.php b/lib/private/connector/sabre/auth.php index f40706b73e3..533d250d68e 100644 --- a/lib/private/connector/sabre/auth.php +++ b/lib/private/connector/sabre/auth.php @@ -101,7 +101,6 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic { public function authenticate(\Sabre\DAV\Server $server, $realm) { $result = $this->auth($server, $realm); - return $result; } @@ -111,10 +110,13 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic { * @return bool */ private function auth(\Sabre\DAV\Server $server, $realm) { - if (OC_User::handleApacheAuth()) { + if (OC_User::handleApacheAuth() || + (OC_User::isLoggedIn() && is_null(\OC::$server->getSession()->get(self::DAV_AUTHENTICATED))) + ) { $user = OC_User::getUser(); OC_Util::setupFS($user); $this->currentUser = $user; + \OC::$server->getSession()->close(); return true; } diff --git a/lib/private/user.php b/lib/private/user.php index d66354b247d..d1fedffcaaf 100644 --- a/lib/private/user.php +++ b/lib/private/user.php @@ -320,7 +320,7 @@ class OC_User { * Tries to login the user with HTTP Basic Authentication */ public static function tryBasicAuthLogin() { - if(!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) { + if(!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { \OC_User::login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); } } |