Return 401 DummyBasicAuth in case of ajax call

This commit is contained in:
Vincent Petry 2016-03-24 16:02:36 +01:00 committed by Lukas Reschke
parent bfb5748f1f
commit 262547ba3d
2 changed files with 18 additions and 3 deletions

View File

@ -32,7 +32,7 @@ OC_App::loadApps($RUNTIME_APPTYPES);
OC_Util::obEnd();
// Backends
$authBackend = new OCA\DAV\Connector\PublicAuth(\OC::$server->getConfig());
$authBackend = new OCA\DAV\Connector\PublicAuth(\OC::$server->getConfig(), \OC::$server->getRequest());
$serverFactory = new OCA\DAV\Connector\Sabre\ServerFactory(
\OC::$server->getConfig(),

View File

@ -26,6 +26,8 @@
namespace OCA\DAV\Connector;
use OCP\IRequest;
class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
/**
@ -36,10 +38,17 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
private $share;
/**
* @param \OCP\IConfig $config
* @var IRequest
*/
public function __construct($config) {
private $request;
/**
* @param \OCP\IConfig $config
* @param IRequest $request
*/
public function __construct($config, $request) {
$this->config = $config;
$this->request = $request;
}
/**
@ -92,6 +101,12 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
&& \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id']) {
return true;
} else {
if (in_array('XMLHttpRequest', explode(',', $this->request->getHeader('X-Requested-With')))) {
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
header('Status: 401');
header('WWW-Authenticate', 'DummyBasic real="ownCloud"');
throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
}
return false;
}
} else if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_REMOTE) {