Merge pull request #13416 from owncloud/reauthenticate-if-session-differs-from-basic-auth
Prioritise Basic Auth header over Cookie
This commit is contained in:
commit
870bc429b2
|
@ -206,12 +206,17 @@ class Webdav extends TestCase {
|
||||||
* handle webdav request
|
* handle webdav request
|
||||||
*
|
*
|
||||||
* @param bool $body
|
* @param bool $body
|
||||||
*
|
|
||||||
* @note this init procedure is copied from /apps/files/appinfo/remote.php
|
* @note this init procedure is copied from /apps/files/appinfo/remote.php
|
||||||
*/
|
*/
|
||||||
function handleWebdavRequest($body = false) {
|
function handleWebdavRequest($body = false) {
|
||||||
// Backends
|
// Backends
|
||||||
$authBackend = new \OC_Connector_Sabre_Auth();
|
$authBackend = $this->getMockBuilder('OC_Connector_Sabre_Auth')
|
||||||
|
->setMethods(['validateUserPass'])
|
||||||
|
->getMock();
|
||||||
|
$authBackend->expects($this->any())
|
||||||
|
->method('validateUserPass')
|
||||||
|
->will($this->returnValue(true));
|
||||||
|
|
||||||
$lockBackend = new \OC_Connector_Sabre_Locks();
|
$lockBackend = new \OC_Connector_Sabre_Locks();
|
||||||
$requestBackend = new \OC_Connector_Sabre_Request();
|
$requestBackend = new \OC_Connector_Sabre_Request();
|
||||||
|
|
||||||
|
@ -236,6 +241,10 @@ class Webdav extends TestCase {
|
||||||
$server->addPlugin(new \OC_Connector_Sabre_MaintenancePlugin());
|
$server->addPlugin(new \OC_Connector_Sabre_MaintenancePlugin());
|
||||||
$server->debugExceptions = true;
|
$server->debugExceptions = true;
|
||||||
|
|
||||||
|
// Totally ugly hack to setup the FS
|
||||||
|
\OC::$server->getUserSession()->login($this->userId, $this->userId);
|
||||||
|
\OC_Util::setupFS($this->userId);
|
||||||
|
|
||||||
// And off we go!
|
// And off we go!
|
||||||
if ($body) {
|
if ($body) {
|
||||||
$server->httpRequest->setBody($body);
|
$server->httpRequest->setBody($body);
|
||||||
|
|
|
@ -22,25 +22,50 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
|
class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
|
||||||
|
const DAV_AUTHENTICATED = 'AUTHENTICATED_TO_DAV_BACKEND';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Whether the user has initially authenticated via DAV
|
||||||
|
*
|
||||||
|
* This is required for WebDAV clients that resent the cookies even when the
|
||||||
|
* account was changed.
|
||||||
|
*
|
||||||
|
* @see https://github.com/owncloud/core/issues/13245
|
||||||
|
*
|
||||||
|
* @param string $username
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
protected function isDavAuthenticated($username) {
|
||||||
|
return !is_null(\OC::$server->getSession()->get(self::DAV_AUTHENTICATED)) &&
|
||||||
|
\OC::$server->getSession()->get(self::DAV_AUTHENTICATED) === $username;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Validates a username and password
|
* Validates a username and password
|
||||||
*
|
*
|
||||||
* This method should return true or false depending on if login
|
* This method should return true or false depending on if login
|
||||||
* succeeded.
|
* succeeded.
|
||||||
*
|
*
|
||||||
|
* @param string $username
|
||||||
|
* @param string $password
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
protected function validateUserPass($username, $password) {
|
protected function validateUserPass($username, $password) {
|
||||||
if (OC_User::isLoggedIn()) {
|
if (OC_User::isLoggedIn() &&
|
||||||
|
$this->isDavAuthenticated($username)
|
||||||
|
) {
|
||||||
OC_Util::setupFS(OC_User::getUser());
|
OC_Util::setupFS(OC_User::getUser());
|
||||||
|
\OC::$server->getSession()->close();
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
OC_Util::setUpFS();//login hooks may need early access to the filesystem
|
OC_Util::setUpFS(); //login hooks may need early access to the filesystem
|
||||||
if(OC_User::login($username, $password)) {
|
if(OC_User::login($username, $password)) {
|
||||||
OC_Util::setUpFS(OC_User::getUser());
|
OC_Util::setUpFS(OC_User::getUser());
|
||||||
|
\OC::$server->getSession()->set(self::DAV_AUTHENTICATED, $username);
|
||||||
|
\OC::$server->getSession()->close();
|
||||||
return true;
|
return true;
|
||||||
}
|
} else {
|
||||||
else{
|
\OC::$server->getSession()->close();
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -55,10 +80,10 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
|
||||||
*/
|
*/
|
||||||
public function getCurrentUser() {
|
public function getCurrentUser() {
|
||||||
$user = OC_User::getUser();
|
$user = OC_User::getUser();
|
||||||
if(!$user) {
|
if($user && $this->isDavAuthenticated($user)) {
|
||||||
return null;
|
return $user;
|
||||||
}
|
}
|
||||||
return $user;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -77,9 +102,6 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
|
||||||
|
|
||||||
$result = $this->auth($server, $realm);
|
$result = $this->auth($server, $realm);
|
||||||
|
|
||||||
// close the session - right after authentication there is not need to write to the session any more
|
|
||||||
\OC::$server->getSession()->close();
|
|
||||||
|
|
||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -89,7 +111,7 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
private function auth(\Sabre\DAV\Server $server, $realm) {
|
private function auth(\Sabre\DAV\Server $server, $realm) {
|
||||||
if (OC_User::handleApacheAuth() || OC_User::isLoggedIn()) {
|
if (OC_User::handleApacheAuth()) {
|
||||||
$user = OC_User::getUser();
|
$user = OC_User::getUser();
|
||||||
OC_Util::setupFS($user);
|
OC_Util::setupFS($user);
|
||||||
$this->currentUser = $user;
|
$this->currentUser = $user;
|
||||||
|
|
Loading…
Reference in New Issue