From 0d90b90d9402cbcab4037efc913728cdeb4eadbd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20M=C3=BCller?= <thomas.mueller@tmit.eu>
Date: Fri, 7 Mar 2014 20:00:34 +0100
Subject: [PATCH] we first shall check if the current session is valid -
 otherwise the session-id will be regenerated on login via basic auth

---
 lib/private/api.php | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/lib/private/api.php b/lib/private/api.php
index 3f96196e6d..e9d31242e3 100644
--- a/lib/private/api.php
+++ b/lib/private/api.php
@@ -270,7 +270,19 @@ class OC_API {
 	 * @return string|false (username, or false on failure)
 	 */
 	private static function loginUser(){
-		// basic auth
+
+        // reuse existing login
+        $loggedIn = OC_User::isLoggedIn();
+        $ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false;
+        if ($loggedIn === true && $ocsApiRequest) {
+
+            // initialize the user's filesystem
+            \OC_Util::setUpFS(\OC_User::getUser());
+
+            return OC_User::getUser();
+        }
+
+        // basic auth
 		$authUser = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '';
 		$authPw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '';
 		$return = OC_User::login($authUser, $authPw);
@@ -283,17 +295,6 @@ class OC_API {
 			return $authUser;
 		}
 
-		// reuse existing login
-		$loggedIn = OC_User::isLoggedIn();
-		$ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false;
-		if ($loggedIn === true && $ocsApiRequest) {
-
-			// initialize the user's filesystem
-			\OC_Util::setUpFS(\OC_User::getUser());
-
-			return OC_User::getUser();
-		}
-
 		return false;
 	}