From 0efd29f41f924f2b48ef4dc87b8420401db49746 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <bjoern@schiessle.org>
Date: Tue, 30 Oct 2018 22:11:17 +0100
Subject: [PATCH] first check if the user is already logged in and then try to
 authenticate via apache, this way we suppress wrong audit log messages about
 failed login attempts

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
---
 apps/dav/lib/Connector/Sabre/Auth.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/apps/dav/lib/Connector/Sabre/Auth.php b/apps/dav/lib/Connector/Sabre/Auth.php
index fcd1b34edb..292be61c9d 100644
--- a/apps/dav/lib/Connector/Sabre/Auth.php
+++ b/apps/dav/lib/Connector/Sabre/Auth.php
@@ -228,11 +228,12 @@ class Auth extends AbstractBasic {
 			if($this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) {
 				throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.');
 			}
-			if (\OC_User::handleApacheAuth() ||
+			if (
 				//Fix for broken webdav clients
 				($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) ||
 				//Well behaved clients that only send the cookie are allowed
-				($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null)
+				($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) ||
+				\OC_User::handleApacheAuth()
 			) {
 				$user = $this->userSession->getUser()->getUID();
 				\OC_Util::setupFS($user);