Merge pull request #11158 from owncloud/fix_basic_auth

Move BasicAuth check to isLoggedIn
This commit is contained in:
Lukas Reschke 2014-09-19 13:39:13 +02:00
commit 4c6bad7f71
2 changed files with 9 additions and 34 deletions

View File

@ -780,15 +780,6 @@ class OC {
if (isset($_COOKIE['oc_token'])) { if (isset($_COOKIE['oc_token'])) {
OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']); OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
} }
if (isset($_SERVER['PHP_AUTH_USER'])) {
if (isset($_COOKIE['oc_ignore_php_auth_user'])) {
// Ignore HTTP Authentication for 5 more mintues.
setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
} elseif ($_SERVER['PHP_AUTH_USER'] === self::$server->getSession()->get('loginname')) {
// Ignore HTTP Authentication to allow a different user to log in.
setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
}
}
OC_User::logout(); OC_User::logout();
// redirect to webroot and add slash if webroot is empty // redirect to webroot and add slash if webroot is empty
header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
@ -833,9 +824,8 @@ class OC {
} // remember was checked after last login } // remember was checked after last login
elseif (OC::tryRememberLogin()) { elseif (OC::tryRememberLogin()) {
$error[] = 'invalidcookie'; $error[] = 'invalidcookie';
} // logon via web form or WebDAV } // logon via web form
elseif (OC::tryFormLogin()) {} elseif (OC::tryFormLogin()) {
elseif (OC::tryBasicAuthLogin()) {
$error[] = 'invalidpassword'; $error[] = 'invalidpassword';
} }
@ -953,25 +943,6 @@ class OC {
return true; return true;
} }
/**
* Try to login a user using HTTP authentication.
* @return bool
*/
protected static function tryBasicAuthLogin() {
if (!isset($_SERVER["PHP_AUTH_USER"])
|| !isset($_SERVER["PHP_AUTH_PW"])
|| (isset($_COOKIE['oc_ignore_php_auth_user']) && $_COOKIE['oc_ignore_php_auth_user'] === $_SERVER['PHP_AUTH_USER'])
) {
return false;
}
if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) {
OC_User::unsetMagicInCookie();
$_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister();
}
return true;
}
} }

View File

@ -335,15 +335,19 @@ class OC_User {
} }
/** /**
* Check if the user is logged in * Check if the user is logged in, considers also the HTTP basic credentials
* @return bool * @return bool
*
* Checks if the user is logged in
*/ */
public static function isLoggedIn() { public static function isLoggedIn() {
if (\OC::$server->getSession()->get('user_id') !== null && self::$incognitoMode === false) { if (\OC::$server->getSession()->get('user_id') !== null && self::$incognitoMode === false) {
return self::userExists(\OC::$server->getSession()->get('user_id')); return self::userExists(\OC::$server->getSession()->get('user_id'));
} }
// Check whether the user has authenticated using Basic Authentication
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
return \OC_User::login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
return false; return false;
} }