mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #5386 from nextcloud/stable12-allow-to-share-to-local-users-via-email 

[stable12] Prevent sending second WWW-Authenticate header
This commit is contained in:
Joas Schilling 2017-06-14 14:24:01 +02:00 committed by GitHub
parent fbeb6659f8 913758dc28
commit d07a661c94
3 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
apps/dav/lib/Connector/Sabre/BearerAuth.php
View File

@ -25,6 +25,8 @@ use OCP\IRequest;
use OCP\ISession; use OCP\ISession;
use OCP\IUserSession; use OCP\IUserSession;
use Sabre\DAV\Auth\Backend\AbstractBearer; use Sabre\DAV\Auth\Backend\AbstractBearer;
use Sabre\HTTP\RequestInterface;
use Sabre\HTTP\ResponseInterface;
class BearerAuth extends AbstractBearer { class BearerAuth extends AbstractBearer {
/** @var IUserSession */ /** @var IUserSession */
@ -77,4 +79,16 @@ class BearerAuth extends AbstractBearer {
return false; return false;
} }
/**
* \Sabre\DAV\Auth\Backend\AbstractBearer::challenge sets an WWW-Authenticate
* header which some DAV clients can't handle. Thus we override this function
* and make it simply return a 401.
*
* @param RequestInterface $request
* @param ResponseInterface $response
*/
public function challenge(RequestInterface $request, ResponseInterface $response) {
$response->setStatus(401);
}
} }

12
apps/dav/tests/unit/Connector/Sabre/BearerAuthTest.php
View File

@ -21,9 +21,6 @@
namespace OCA\DAV\Tests\unit\Connector\Sabre; namespace OCA\DAV\Tests\unit\Connector\Sabre;
use OC\Authentication\TwoFactorAuth\Manager;
use OC\Security\Bruteforce\Throttler;
use OC\User\Session;
use OCA\DAV\Connector\Sabre\BearerAuth; use OCA\DAV\Connector\Sabre\BearerAuth;
use OCP\IRequest; use OCP\IRequest;
use OCP\ISession; use OCP\ISession;
@ -85,4 +82,13 @@ class BearerAuthTest extends TestCase {
$this->assertSame('principals/users/admin', $this->bearerAuth->validateBearerToken('Token')); $this->assertSame('principals/users/admin', $this->bearerAuth->validateBearerToken('Token'));
} }
public function testChallenge() {
/** @var \PHPUnit_Framework_MockObject_MockObject|RequestInterface $request */
$request = $this->createMock(RequestInterface::class);
/** @var \PHPUnit_Framework_MockObject_MockObject|ResponseInterface $response */
$response = $this->createMock(ResponseInterface::class);
$result = $this->bearerAuth->challenge($request, $response);
$this->assertEmpty($result);
}
} }

4
build/integration/features/webdav-related.feature
View File

@ -8,7 +8,7 @@ Feature: webdav-related
Then the HTTP status code should be "401" Then the HTTP status code should be "401"
And there are no duplicate headers And there are no duplicate headers
And The following headers should be set And The following headers should be set
|WWW-Authenticate|Basic realm="Nextcloud", Bearer realm="Nextcloud"| |WWW-Authenticate|Basic realm="Nextcloud"|
Scenario: Unauthenticated call new dav path Scenario: Unauthenticated call new dav path
Given using new dav path Given using new dav path
@ -16,7 +16,7 @@ Feature: webdav-related
Then the HTTP status code should be "401" Then the HTTP status code should be "401"
And there are no duplicate headers And there are no duplicate headers
And The following headers should be set And The following headers should be set
|WWW-Authenticate|Bearer realm="Nextcloud", Basic realm="Nextcloud"| |WWW-Authenticate|Basic realm="Nextcloud"|
Scenario: Moving a file Scenario: Moving a file
Given using old dav path Given using old dav path