From 633396001f89023b9dd39b3dc20f9e5430239600 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Tue, 13 Jun 2017 13:51:33 +0200 Subject: Prevent sending second WWW-Authenticate header Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard. Fixes https://github.com/nextcloud/server/issues/5088 Signed-off-by: Lukas Reschke --- apps/dav/lib/Connector/Sabre/BearerAuth.php | 14 ++++++++++++++ apps/dav/tests/unit/Connector/Sabre/BearerAuthTest.php | 12 +++++++++--- 2 files changed, 23 insertions(+), 3 deletions(-) (limited to 'apps') diff --git a/apps/dav/lib/Connector/Sabre/BearerAuth.php b/apps/dav/lib/Connector/Sabre/BearerAuth.php index f0e0f389c33..b7fd9116f21 100644 --- a/apps/dav/lib/Connector/Sabre/BearerAuth.php +++ b/apps/dav/lib/Connector/Sabre/BearerAuth.php @@ -25,6 +25,8 @@ use OCP\IRequest; use OCP\ISession; use OCP\IUserSession; use Sabre\DAV\Auth\Backend\AbstractBearer; +use Sabre\HTTP\RequestInterface; +use Sabre\HTTP\ResponseInterface; class BearerAuth extends AbstractBearer { /** @var IUserSession */ @@ -77,4 +79,16 @@ class BearerAuth extends AbstractBearer { return false; } + + /** + * \Sabre\DAV\Auth\Backend\AbstractBearer::challenge sets an WWW-Authenticate + * header which some DAV clients can't handle. Thus we override this function + * and make it simply return a 401. + * + * @param RequestInterface $request + * @param ResponseInterface $response + */ + public function challenge(RequestInterface $request, ResponseInterface $response) { + $response->setStatus(401); + } } diff --git a/apps/dav/tests/unit/Connector/Sabre/BearerAuthTest.php b/apps/dav/tests/unit/Connector/Sabre/BearerAuthTest.php index 5eae75eb8e9..04bb035a635 100644 --- a/apps/dav/tests/unit/Connector/Sabre/BearerAuthTest.php +++ b/apps/dav/tests/unit/Connector/Sabre/BearerAuthTest.php @@ -21,9 +21,6 @@ namespace OCA\DAV\Tests\unit\Connector\Sabre; -use OC\Authentication\TwoFactorAuth\Manager; -use OC\Security\Bruteforce\Throttler; -use OC\User\Session; use OCA\DAV\Connector\Sabre\BearerAuth; use OCP\IRequest; use OCP\ISession; @@ -85,4 +82,13 @@ class BearerAuthTest extends TestCase { $this->assertSame('principals/users/admin', $this->bearerAuth->validateBearerToken('Token')); } + + public function testChallenge() { + /** @var \PHPUnit_Framework_MockObject_MockObject|RequestInterface $request */ + $request = $this->createMock(RequestInterface::class); + /** @var \PHPUnit_Framework_MockObject_MockObject|ResponseInterface $response */ + $response = $this->createMock(ResponseInterface::class); + $result = $this->bearerAuth->challenge($request, $response); + $this->assertEmpty($result); + } } -- cgit v1.2.3