mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

first check if the user is already logged in and then try to authenticate via apache, this way we suppress wrong audit log messages about failed login attempts 

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
Bjoern Schiessle 2018-10-30 22:11:17 +01:00
parent ded746f821
commit 0efd29f41f
No known key found for this signature in database
GPG Key ID: 2378A753E2BF04F6
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/dav/lib/Connector/Sabre/Auth.php
View File

@ -228,11 +228,12 @@ class Auth extends AbstractBasic {
if($this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) { if($this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) {
throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.'); throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.');
} }
if (\OC_User::handleApacheAuth() || if (
//Fix for broken webdav clients //Fix for broken webdav clients
($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) || ($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) ||
//Well behaved clients that only send the cookie are allowed //Well behaved clients that only send the cookie are allowed
($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) ($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) ||
\OC_User::handleApacheAuth()
) { ) {
$user = $this->userSession->getUser()->getUID(); $user = $this->userSession->getUser()->getUID();
\OC_Util::setupFS($user); \OC_Util::setupFS($user);