On webdav sesssions, loginname was compared to username which does not need to match necessarily

2013-12-11 13:56:45 +01:00 · 2013-12-11 13:56:45 +01:00 · 91d6a6dd7c
parent 6408125edc
commit 91d6a6dd7c
2 changed files with 37 additions and 4 deletions
--- a/lib/base.php
+++ b/lib/base.php
@ -527,10 +527,9 @@ class OC {

 		OC_User::useBackend(new OC_User_Database());
 		OC_Group::useBackend(new OC_Group_Database());
-
 		if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('user_id')
-			&& $_SERVER['PHP_AUTH_USER'] != self::$session->get('user_id')) {
-			$sessionUser = self::$session->get('user_id');
+			&& $_SERVER['PHP_AUTH_USER'] != self::$session->get('loginname')) {
+			$sessionUser = self::$session->get('loginname');
 			$serverUser = $_SERVER['PHP_AUTH_USER'];
 			OC_Log::write('core',
 				"Session user-id ($sessionUser) doesn't match SERVER[PHP_AUTH_USER] ($serverUser).",
@ -805,7 +804,7 @@ class OC {
 			if ( OC_Config::getValue('log_authfailip', false) ) {
 				OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:'.$_SERVER['REMOTE_ADDR'],
 				OC_Log::WARN);
-			} else { 
+			} else {
 				OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:set log_authfailip=true in conf',
                                OC_Log::WARN);
 			}
--- a/lib/private/user/session.php
+++ b/lib/private/user/session.php
@ -112,6 +112,38 @@ class Session implements Emitter, \OCP\IUserSession {
 		}
 	}

+	/**
+	 * set the login name
+	 *
+	 * @param string login name for the logged in user
+	 */
+	public function setLoginname($loginname) {
+		if (is_null($loginname)) {
+			$this->session->remove('loginname');
+		} else {
+			$this->session->set('loginname', $loginname);
+		}
+	}
+
+	/**
+	 * get the login name of the current user
+	 *
+	 * @return string
+	 */
+	public function getLoginname() {
+		if ($this->activeUser) {
+			return $this->session->get('loginname');
+		} else {
+			$uid = $this->session->get('user_id');
+			if ($uid) {
+				$this->activeUser = $this->manager->get($uid);
+				return $this->session->get('loginname');
+			} else {
+				return null;
+			}
+		}
+	}
+
 	/**
 	 * try to login with the provided credentials
 	 *
@ -126,6 +158,7 @@ class Session implements Emitter, \OCP\IUserSession {
 			if (!is_null($user)) {
 				if ($user->isEnabled()) {
 					$this->setUser($user);
+					$this->setLoginname($uid);
 					$this->manager->emit('\OC\User', 'postLogin', array($user, $password));
 					return true;
 				} else {
@ -143,6 +176,7 @@ class Session implements Emitter, \OCP\IUserSession {
 	public function logout() {
 		$this->manager->emit('\OC\User', 'logout');
 		$this->setUser(null);
+		$this->setLoginname(null);
 		$this->unsetMagicInCookie();
 	}