Verify authentication before initializing apps and routing

The current behaviour of the authenticion logic in base.php prevents REST APIs in ownCloud applications to work. Because `!self::$CLI` is usually always a true statement the previously above block was entered which returned, thus the authentication logic for this part does not trigger in. This can be reproduced by installing apps such as the News app and issuing the following command: `curl -u admin:admin http://localhost/index.php/apps/news/api/v1-2/feeds` The following parts needs to get throughly tested: - [ ] OCS - [ ] remote.php's DAV features - [ ] Regular login features This bug affects master and stable7. I'd propose that we merge this for 8.0 since this has the potential to break every component that relies on Basic Auth features. A backport would also be very nice. Remark to myself: We really need to move out the authentication code for 8.1 out of base.php - I already have a local branch that does that somewhere which I will get in shape for 8.1... - This untested code is a night-mare. Fixes itself.
2015-01-09 20:59:23 +01:00 · 2015-01-09 20:59:23 +01:00 · 1c75b73239
parent 59a1d16d0f
commit 1c75b73239
1 changed files with 13 additions and 13 deletions
--- a/lib/base.php
+++ b/lib/base.php
@ -736,6 +736,19 @@ class OC {
 			self::checkUpgrade();
 		}

+		// Load minimum set of apps
+		if (!self::checkUpgrade(false)) {
+			// For logged-in users: Load everything
+			if(OC_User::isLoggedIn()) {
+				OC_App::loadApps();
+			} else {
+				// For guests: Load only authentication, filesystem and logging
+				OC_App::loadApps(array('authentication'));
+				OC_App::loadApps(array('filesystem', 'logging'));
+				\OC_User::tryBasicAuthLogin();
+			}
+		}
+
 		if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) {
 			try {
 				if (!$systemConfig->getValue('maintenance', false) && !\OCP\Util::needUpgrade()) {
@ -755,19 +768,6 @@ class OC {
 			}
 		}

-		// Load minimum set of apps
-		if (!self::checkUpgrade(false)) {
-			// For logged-in users: Load everything
-			if(OC_User::isLoggedIn()) {
-				OC_App::loadApps();
-			} else {
-				// For guests: Load only authentication, filesystem and logging
-				OC_App::loadApps(array('authentication'));
-				OC_App::loadApps(array('filesystem', 'logging'));
-				\OC_User::tryBasicAuthLogin();
-			}
-		}
-
 		// Handle redirect URL for logged in users
 		if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
 			$location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));