Only reject ajax auth if user is really logged out
This commit is contained in:
parent
60682e1704
commit
d02e0eaaf1
|
@ -159,7 +159,7 @@ class Auth extends AbstractBasic {
|
|||
return [true, $this->principalPrefix . $user];
|
||||
}
|
||||
|
||||
if ($request->getHeader('X-Requested-With') === 'XMLHttpRequest') {
|
||||
if (!$this->userSession->isLoggedIn() && $request->getHeader('X-Requested-With') === 'XMLHttpRequest') {
|
||||
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
|
||||
$response->addHeader('WWW-Authenticate','DummyBasic realm="' . $this->realm . '"');
|
||||
$response->setStatus(401);
|
||||
|
|
|
@ -309,6 +309,10 @@ class Auth extends TestCase {
|
|||
$httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
$this->userSession
|
||||
->expects($this->any())
|
||||
->method('isLoggedIn')
|
||||
->will($this->returnValue(false));
|
||||
$httpRequest
|
||||
->expects($this->once())
|
||||
->method('getHeader')
|
||||
|
@ -317,6 +321,32 @@ class Auth extends TestCase {
|
|||
$this->auth->check($httpRequest, $httpResponse);
|
||||
}
|
||||
|
||||
public function testAuthenticateNoBasicAuthenticateHeadersProvidedWithAjaxButUserIsStillLoggedIn() {
|
||||
/** @var \Sabre\HTTP\RequestInterface $httpRequest */
|
||||
$httpRequest = $this->getMockBuilder('\Sabre\HTTP\RequestInterface')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
/** @var \Sabre\HTTP\ResponseInterface $httpResponse */
|
||||
$httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
$this->userSession
|
||||
->expects($this->any())
|
||||
->method('isLoggedIn')
|
||||
->will($this->returnValue(true));
|
||||
$this->session
|
||||
->expects($this->once())
|
||||
->method('get')
|
||||
->with('AUTHENTICATED_TO_DAV_BACKEND')
|
||||
->will($this->returnValue('MyTestUser'));
|
||||
$httpRequest
|
||||
->expects($this->once())
|
||||
->method('getHeader')
|
||||
->with('Authorization')
|
||||
->will($this->returnValue(null));
|
||||
$this->auth->check($httpRequest, $httpResponse);
|
||||
}
|
||||
|
||||
public function testAuthenticateValidCredentials() {
|
||||
$server = $this->getMockBuilder('\Sabre\DAV\Server')
|
||||
->disableOriginalConstructor()
|
||||
|
|
Loading…
Reference in New Issue