first check if the user is already logged in and then try to authenticate via apache, this way we suppress wrong audit log messages about failed login attempts

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
Bjoern Schiessle 2018-10-30 22:11:17 +01:00
parent 7fba370a75
commit 1eaa4b443f
No known key found for this signature in database
GPG Key ID: 2378A753E2BF04F6
1 changed files with 3 additions and 2 deletions

View File

@ -228,11 +228,12 @@ class Auth extends AbstractBasic {
if($this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) {
throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.');
}
if (\OC_User::handleApacheAuth() ||
if (
//Fix for broken webdav clients
($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) ||
//Well behaved clients that only send the cookie are allowed
($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null)
($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) ||
\OC_User::handleApacheAuth()
) {
$user = $this->userSession->getUser()->getUID();
\OC_Util::setupFS($user);