Prevent sending second WWW-Authenticate header
Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard. Fixes https://github.com/nextcloud/server/issues/5088 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
parent
b7761be4d9
commit
633396001f
|
@ -25,6 +25,8 @@ use OCP\IRequest;
|
|||
use OCP\ISession;
|
||||
use OCP\IUserSession;
|
||||
use Sabre\DAV\Auth\Backend\AbstractBearer;
|
||||
use Sabre\HTTP\RequestInterface;
|
||||
use Sabre\HTTP\ResponseInterface;
|
||||
|
||||
class BearerAuth extends AbstractBearer {
|
||||
/** @var IUserSession */
|
||||
|
@ -77,4 +79,16 @@ class BearerAuth extends AbstractBearer {
|
|||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* \Sabre\DAV\Auth\Backend\AbstractBearer::challenge sets an WWW-Authenticate
|
||||
* header which some DAV clients can't handle. Thus we override this function
|
||||
* and make it simply return a 401.
|
||||
*
|
||||
* @param RequestInterface $request
|
||||
* @param ResponseInterface $response
|
||||
*/
|
||||
public function challenge(RequestInterface $request, ResponseInterface $response) {
|
||||
$response->setStatus(401);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -21,9 +21,6 @@
|
|||
|
||||
namespace OCA\DAV\Tests\unit\Connector\Sabre;
|
||||
|
||||
use OC\Authentication\TwoFactorAuth\Manager;
|
||||
use OC\Security\Bruteforce\Throttler;
|
||||
use OC\User\Session;
|
||||
use OCA\DAV\Connector\Sabre\BearerAuth;
|
||||
use OCP\IRequest;
|
||||
use OCP\ISession;
|
||||
|
@ -85,4 +82,13 @@ class BearerAuthTest extends TestCase {
|
|||
|
||||
$this->assertSame('principals/users/admin', $this->bearerAuth->validateBearerToken('Token'));
|
||||
}
|
||||
|
||||
public function testChallenge() {
|
||||
/** @var \PHPUnit_Framework_MockObject_MockObject|RequestInterface $request */
|
||||
$request = $this->createMock(RequestInterface::class);
|
||||
/** @var \PHPUnit_Framework_MockObject_MockObject|ResponseInterface $response */
|
||||
$response = $this->createMock(ResponseInterface::class);
|
||||
$result = $this->bearerAuth->challenge($request, $response);
|
||||
$this->assertEmpty($result);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@ Feature: webdav-related
|
|||
Then the HTTP status code should be "401"
|
||||
And there are no duplicate headers
|
||||
And The following headers should be set
|
||||
|WWW-Authenticate|Basic realm="Nextcloud", Bearer realm="Nextcloud"|
|
||||
|WWW-Authenticate|Basic realm="Nextcloud"|
|
||||
|
||||
Scenario: Unauthenticated call new dav path
|
||||
Given using new dav path
|
||||
|
@ -16,7 +16,7 @@ Feature: webdav-related
|
|||
Then the HTTP status code should be "401"
|
||||
And there are no duplicate headers
|
||||
And The following headers should be set
|
||||
|WWW-Authenticate|Bearer realm="Nextcloud", Basic realm="Nextcloud"|
|
||||
|WWW-Authenticate|Basic realm="Nextcloud"|
|
||||
|
||||
Scenario: Moving a file
|
||||
Given using old dav path
|
||||
|
|
Loading…
Reference in New Issue