aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2015-01-09 20:59:23 +0100
committerLukas Reschke <lukas@owncloud.com>2015-01-09 21:07:29 +0100
commit1c75b73239348f5c21846c502e563ffbf679f156 (patch)
treeb3d728e4bc9a616fb03cc02ab6cd259a08b1e655 /lib
parent59a1d16d0fd3d67833bfb728ce03cebc7fec4043 (diff)
downloadnextcloud-server-1c75b73239348f5c21846c502e563ffbf679f156.tar.gz
nextcloud-server-1c75b73239348f5c21846c502e563ffbf679f156.zip
Verify authentication before initializing apps and routing
The current behaviour of the authenticion logic in base.php prevents REST APIs in ownCloud applications to work. Because `!self::$CLI` is usually always a true statement the previously above block was entered which returned, thus the authentication logic for this part does not trigger in. This can be reproduced by installing apps such as the News app and issuing the following command: `curl -u admin:admin http://localhost/index.php/apps/news/api/v1-2/feeds` The following parts needs to get throughly tested: - [ ] OCS - [ ] remote.php's DAV features - [ ] Regular login features This bug affects master and stable7. I'd propose that we merge this for 8.0 since this has the potential to break every component that relies on Basic Auth features. A backport would also be very nice. Remark to myself: We really need to move out the authentication code for 8.1 out of base.php - I already have a local branch that does that somewhere which I will get in shape for 8.1... - This untested code is a night-mare. Fixes itself.
Diffstat (limited to 'lib')
-rw-r--r--lib/base.php26
1 files changed, 13 insertions, 13 deletions
diff --git a/lib/base.php b/lib/base.php
index 34fa178ebf7..f4021b543b2 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -736,6 +736,19 @@ class OC {
self::checkUpgrade();
}
+ // Load minimum set of apps
+ if (!self::checkUpgrade(false)) {
+ // For logged-in users: Load everything
+ if(OC_User::isLoggedIn()) {
+ OC_App::loadApps();
+ } else {
+ // For guests: Load only authentication, filesystem and logging
+ OC_App::loadApps(array('authentication'));
+ OC_App::loadApps(array('filesystem', 'logging'));
+ \OC_User::tryBasicAuthLogin();
+ }
+ }
+
if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) {
try {
if (!$systemConfig->getValue('maintenance', false) && !\OCP\Util::needUpgrade()) {
@@ -755,19 +768,6 @@ class OC {
}
}
- // Load minimum set of apps
- if (!self::checkUpgrade(false)) {
- // For logged-in users: Load everything
- if(OC_User::isLoggedIn()) {
- OC_App::loadApps();
- } else {
- // For guests: Load only authentication, filesystem and logging
- OC_App::loadApps(array('authentication'));
- OC_App::loadApps(array('filesystem', 'logging'));
- \OC_User::tryBasicAuthLogin();
- }
- }
-
// Handle redirect URL for logged in users
if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
$location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));