Verify authentication before initializing apps and routing

The current behaviour of the authenticion logic in base.php prevents REST APIs in ownCloud applications to work.

Because `!self::$CLI` is usually always a true statement the previously above block was entered which returned, thus the authentication logic for this part does not trigger in.

This can be reproduced by installing apps such as the News app and issuing the following command:

`curl -u admin:admin http://localhost/index.php/apps/news/api/v1-2/feeds`

The following parts needs to get throughly tested:

- [ ] OCS
- [ ] remote.php's DAV features
- [ ] Regular login features

This bug affects master and stable7. I'd propose that we merge this for 8.0 since this has the potential to break every component that relies on Basic Auth features. A backport would also be very nice.

Remark to myself: We really need to move out the authentication code for 8.1 out of base.php - I already have a local branch that does that somewhere which I will get in shape for 8.1... - This untested code is a night-mare.

Fixes itself.
This commit is contained in:
Lukas Reschke 2015-01-09 20:59:23 +01:00
parent 59a1d16d0f
commit 1c75b73239
1 changed files with 13 additions and 13 deletions

View File

@ -736,6 +736,19 @@ class OC {
self::checkUpgrade();
}
// Load minimum set of apps
if (!self::checkUpgrade(false)) {
// For logged-in users: Load everything
if(OC_User::isLoggedIn()) {
OC_App::loadApps();
} else {
// For guests: Load only authentication, filesystem and logging
OC_App::loadApps(array('authentication'));
OC_App::loadApps(array('filesystem', 'logging'));
\OC_User::tryBasicAuthLogin();
}
}
if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) {
try {
if (!$systemConfig->getValue('maintenance', false) && !\OCP\Util::needUpgrade()) {
@ -755,19 +768,6 @@ class OC {
}
}
// Load minimum set of apps
if (!self::checkUpgrade(false)) {
// For logged-in users: Load everything
if(OC_User::isLoggedIn()) {
OC_App::loadApps();
} else {
// For guests: Load only authentication, filesystem and logging
OC_App::loadApps(array('authentication'));
OC_App::loadApps(array('filesystem', 'logging'));
\OC_User::tryBasicAuthLogin();
}
}
// Handle redirect URL for logged in users
if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
$location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));