Merge pull request #13416 from owncloud/reauthenticate-if-session-differs-from-basic-auth
Prioritise Basic Auth header over Cookie
This commit is contained in:
commit
870bc429b2
|
@ -206,12 +206,17 @@ class Webdav extends TestCase {
|
|||
* handle webdav request
|
||||
*
|
||||
* @param bool $body
|
||||
*
|
||||
* @note this init procedure is copied from /apps/files/appinfo/remote.php
|
||||
*/
|
||||
function handleWebdavRequest($body = false) {
|
||||
// Backends
|
||||
$authBackend = new \OC_Connector_Sabre_Auth();
|
||||
$authBackend = $this->getMockBuilder('OC_Connector_Sabre_Auth')
|
||||
->setMethods(['validateUserPass'])
|
||||
->getMock();
|
||||
$authBackend->expects($this->any())
|
||||
->method('validateUserPass')
|
||||
->will($this->returnValue(true));
|
||||
|
||||
$lockBackend = new \OC_Connector_Sabre_Locks();
|
||||
$requestBackend = new \OC_Connector_Sabre_Request();
|
||||
|
||||
|
@ -236,6 +241,10 @@ class Webdav extends TestCase {
|
|||
$server->addPlugin(new \OC_Connector_Sabre_MaintenancePlugin());
|
||||
$server->debugExceptions = true;
|
||||
|
||||
// Totally ugly hack to setup the FS
|
||||
\OC::$server->getUserSession()->login($this->userId, $this->userId);
|
||||
\OC_Util::setupFS($this->userId);
|
||||
|
||||
// And off we go!
|
||||
if ($body) {
|
||||
$server->httpRequest->setBody($body);
|
||||
|
|
|
@ -22,25 +22,50 @@
|
|||
*/
|
||||
|
||||
class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
|
||||
const DAV_AUTHENTICATED = 'AUTHENTICATED_TO_DAV_BACKEND';
|
||||
|
||||
/**
|
||||
* Whether the user has initially authenticated via DAV
|
||||
*
|
||||
* This is required for WebDAV clients that resent the cookies even when the
|
||||
* account was changed.
|
||||
*
|
||||
* @see https://github.com/owncloud/core/issues/13245
|
||||
*
|
||||
* @param string $username
|
||||
* @return bool
|
||||
*/
|
||||
protected function isDavAuthenticated($username) {
|
||||
return !is_null(\OC::$server->getSession()->get(self::DAV_AUTHENTICATED)) &&
|
||||
\OC::$server->getSession()->get(self::DAV_AUTHENTICATED) === $username;
|
||||
}
|
||||
|
||||
/**
|
||||
* Validates a username and password
|
||||
*
|
||||
* This method should return true or false depending on if login
|
||||
* succeeded.
|
||||
*
|
||||
* @param string $username
|
||||
* @param string $password
|
||||
* @return bool
|
||||
*/
|
||||
protected function validateUserPass($username, $password) {
|
||||
if (OC_User::isLoggedIn()) {
|
||||
if (OC_User::isLoggedIn() &&
|
||||
$this->isDavAuthenticated($username)
|
||||
) {
|
||||
OC_Util::setupFS(OC_User::getUser());
|
||||
\OC::$server->getSession()->close();
|
||||
return true;
|
||||
} else {
|
||||
OC_Util::setUpFS();//login hooks may need early access to the filesystem
|
||||
OC_Util::setUpFS(); //login hooks may need early access to the filesystem
|
||||
if(OC_User::login($username, $password)) {
|
||||
OC_Util::setUpFS(OC_User::getUser());
|
||||
\OC::$server->getSession()->set(self::DAV_AUTHENTICATED, $username);
|
||||
\OC::$server->getSession()->close();
|
||||
return true;
|
||||
}
|
||||
else{
|
||||
} else {
|
||||
\OC::$server->getSession()->close();
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
@ -55,10 +80,10 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
|
|||
*/
|
||||
public function getCurrentUser() {
|
||||
$user = OC_User::getUser();
|
||||
if(!$user) {
|
||||
return null;
|
||||
if($user && $this->isDavAuthenticated($user)) {
|
||||
return $user;
|
||||
}
|
||||
return $user;
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -77,9 +102,6 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
|
|||
|
||||
$result = $this->auth($server, $realm);
|
||||
|
||||
// close the session - right after authentication there is not need to write to the session any more
|
||||
\OC::$server->getSession()->close();
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
@ -89,7 +111,7 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
|
|||
* @return bool
|
||||
*/
|
||||
private function auth(\Sabre\DAV\Server $server, $realm) {
|
||||
if (OC_User::handleApacheAuth() || OC_User::isLoggedIn()) {
|
||||
if (OC_User::handleApacheAuth()) {
|
||||
$user = OC_User::getUser();
|
||||
OC_Util::setupFS($user);
|
||||
$this->currentUser = $user;
|
||||
|
|
Loading…
Reference in New Issue