first check if the user is already logged in and then try to authenticate via apache, this way we suppress wrong audit log messages about failed login attempts
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
parent
ded746f821
commit
0efd29f41f
|
@ -228,11 +228,12 @@ class Auth extends AbstractBasic {
|
|||
if($this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) {
|
||||
throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.');
|
||||
}
|
||||
if (\OC_User::handleApacheAuth() ||
|
||||
if (
|
||||
//Fix for broken webdav clients
|
||||
($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) ||
|
||||
//Well behaved clients that only send the cookie are allowed
|
||||
($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null)
|
||||
($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) ||
|
||||
\OC_User::handleApacheAuth()
|
||||
) {
|
||||
$user = $this->userSession->getUser()->getUID();
|
||||
\OC_Util::setupFS($user);
|
||||
|
|
Loading…
Reference in New Issue