From 0d90b90d9402cbcab4037efc913728cdeb4eadbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= Date: Fri, 7 Mar 2014 20:00:34 +0100 Subject: [PATCH 1/2] we first shall check if the current session is valid - otherwise the session-id will be regenerated on login via basic auth --- lib/private/api.php | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/lib/private/api.php b/lib/private/api.php index 3f96196e6d..e9d31242e3 100644 --- a/lib/private/api.php +++ b/lib/private/api.php @@ -270,7 +270,19 @@ class OC_API { * @return string|false (username, or false on failure) */ private static function loginUser(){ - // basic auth + + // reuse existing login + $loggedIn = OC_User::isLoggedIn(); + $ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false; + if ($loggedIn === true && $ocsApiRequest) { + + // initialize the user's filesystem + \OC_Util::setUpFS(\OC_User::getUser()); + + return OC_User::getUser(); + } + + // basic auth $authUser = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : ''; $authPw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : ''; $return = OC_User::login($authUser, $authPw); @@ -283,17 +295,6 @@ class OC_API { return $authUser; } - // reuse existing login - $loggedIn = OC_User::isLoggedIn(); - $ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false; - if ($loggedIn === true && $ocsApiRequest) { - - // initialize the user's filesystem - \OC_Util::setUpFS(\OC_User::getUser()); - - return OC_User::getUser(); - } - return false; } From 25f523680ac1ed46470ea40277e578fd35ec02a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= Date: Fri, 7 Mar 2014 20:06:06 +0100 Subject: [PATCH 2/2] fixing ident --- lib/private/api.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/private/api.php b/lib/private/api.php index e9d31242e3..1537cc11dd 100644 --- a/lib/private/api.php +++ b/lib/private/api.php @@ -271,18 +271,18 @@ class OC_API { */ private static function loginUser(){ - // reuse existing login - $loggedIn = OC_User::isLoggedIn(); - $ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false; - if ($loggedIn === true && $ocsApiRequest) { + // reuse existing login + $loggedIn = OC_User::isLoggedIn(); + $ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false; + if ($loggedIn === true && $ocsApiRequest) { - // initialize the user's filesystem - \OC_Util::setUpFS(\OC_User::getUser()); + // initialize the user's filesystem + \OC_Util::setUpFS(\OC_User::getUser()); - return OC_User::getUser(); - } + return OC_User::getUser(); + } - // basic auth + // basic auth $authUser = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : ''; $authPw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : ''; $return = OC_User::login($authUser, $authPw);