Merge pull request #20760 from owncloud/webdav-authredirectfix
Only reject ajax auth if user is really logged out
This commit is contained in:
commit
1d30f0fcdb
|
@ -160,7 +160,7 @@ class Auth extends AbstractBasic {
|
||||||
return [true, $this->principalPrefix . $user];
|
return [true, $this->principalPrefix . $user];
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($request->getHeader('X-Requested-With') === 'XMLHttpRequest') {
|
if (!$this->userSession->isLoggedIn() && $request->getHeader('X-Requested-With') === 'XMLHttpRequest') {
|
||||||
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
|
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
|
||||||
$response->addHeader('WWW-Authenticate','DummyBasic realm="' . $this->realm . '"');
|
$response->addHeader('WWW-Authenticate','DummyBasic realm="' . $this->realm . '"');
|
||||||
$response->setStatus(401);
|
$response->setStatus(401);
|
||||||
|
|
|
@ -309,6 +309,10 @@ class Auth extends TestCase {
|
||||||
$httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface')
|
$httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface')
|
||||||
->disableOriginalConstructor()
|
->disableOriginalConstructor()
|
||||||
->getMock();
|
->getMock();
|
||||||
|
$this->userSession
|
||||||
|
->expects($this->any())
|
||||||
|
->method('isLoggedIn')
|
||||||
|
->will($this->returnValue(false));
|
||||||
$httpRequest
|
$httpRequest
|
||||||
->expects($this->once())
|
->expects($this->once())
|
||||||
->method('getHeader')
|
->method('getHeader')
|
||||||
|
@ -317,6 +321,32 @@ class Auth extends TestCase {
|
||||||
$this->auth->check($httpRequest, $httpResponse);
|
$this->auth->check($httpRequest, $httpResponse);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testAuthenticateNoBasicAuthenticateHeadersProvidedWithAjaxButUserIsStillLoggedIn() {
|
||||||
|
/** @var \Sabre\HTTP\RequestInterface $httpRequest */
|
||||||
|
$httpRequest = $this->getMockBuilder('\Sabre\HTTP\RequestInterface')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
/** @var \Sabre\HTTP\ResponseInterface $httpResponse */
|
||||||
|
$httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$this->userSession
|
||||||
|
->expects($this->any())
|
||||||
|
->method('isLoggedIn')
|
||||||
|
->will($this->returnValue(true));
|
||||||
|
$this->session
|
||||||
|
->expects($this->once())
|
||||||
|
->method('get')
|
||||||
|
->with('AUTHENTICATED_TO_DAV_BACKEND')
|
||||||
|
->will($this->returnValue('MyTestUser'));
|
||||||
|
$httpRequest
|
||||||
|
->expects($this->once())
|
||||||
|
->method('getHeader')
|
||||||
|
->with('Authorization')
|
||||||
|
->will($this->returnValue(null));
|
||||||
|
$this->auth->check($httpRequest, $httpResponse);
|
||||||
|
}
|
||||||
|
|
||||||
public function testAuthenticateValidCredentials() {
|
public function testAuthenticateValidCredentials() {
|
||||||
$server = $this->getMockBuilder('\Sabre\DAV\Server')
|
$server = $this->getMockBuilder('\Sabre\DAV\Server')
|
||||||
->disableOriginalConstructor()
|
->disableOriginalConstructor()
|
||||||
|
|
Loading…
Reference in New Issue