mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #5386 from nextcloud/stable12-allow-to-share-to-local-users-via-email 

[stable12] Prevent sending second WWW-Authenticate header
This commit is contained in:
Joas Schilling 2017-06-14 14:24:01 +02:00 committed by GitHub
parent fbeb6659f8 913758dc28
commit d07a661c94
3 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
apps/dav/lib/Connector/Sabre/BearerAuth.php
View File

@ -25,6 +25,8 @@ use OCP\IRequest;
use OCP\ISession;
use OCP\IUserSession;
use Sabre\DAV\Auth\Backend\AbstractBearer;
use Sabre\HTTP\RequestInterface;
use Sabre\HTTP\ResponseInterface;
class BearerAuth extends AbstractBearer {
/** @var IUserSession */
@ -77,4 +79,16 @@ class BearerAuth extends AbstractBearer {
return false;
}
/**
* \Sabre\DAV\Auth\Backend\AbstractBearer::challenge sets an WWW-Authenticate
* header which some DAV clients can't handle. Thus we override this function
* and make it simply return a 401.
*
* @param RequestInterface $request
* @param ResponseInterface $response
*/
public function challenge(RequestInterface $request, ResponseInterface $response) {
$response->setStatus(401);
}
}

12
apps/dav/tests/unit/Connector/Sabre/BearerAuthTest.php
View File

@ -21,9 +21,6 @@
namespace OCA\DAV\Tests\unit\Connector\Sabre;
use OC\Authentication\TwoFactorAuth\Manager;
use OC\Security\Bruteforce\Throttler;
use OC\User\Session;
use OCA\DAV\Connector\Sabre\BearerAuth;
use OCP\IRequest;
use OCP\ISession;
@ -85,4 +82,13 @@ class BearerAuthTest extends TestCase {
$this->assertSame('principals/users/admin', $this->bearerAuth->validateBearerToken('Token'));
}
public function testChallenge() {
/** @var \PHPUnit_Framework_MockObject_MockObject|RequestInterface $request */
$request = $this->createMock(RequestInterface::class);
/** @var \PHPUnit_Framework_MockObject_MockObject|ResponseInterface $response */
$response = $this->createMock(ResponseInterface::class);
$result = $this->bearerAuth->challenge($request, $response);
$this->assertEmpty($result);
}
}

4
build/integration/features/webdav-related.feature
View File

@ -8,7 +8,7 @@ Feature: webdav-related
Then the HTTP status code should be "401"
And there are no duplicate headers
And The following headers should be set
|WWW-Authenticate|Basic realm="Nextcloud", Bearer realm="Nextcloud"|
|WWW-Authenticate|Basic realm="Nextcloud"|
Scenario: Unauthenticated call new dav path
Given using new dav path
@ -16,7 +16,7 @@ Feature: webdav-related
Then the HTTP status code should be "401"
And there are no duplicate headers
And The following headers should be set
|WWW-Authenticate|Bearer realm="Nextcloud", Basic realm="Nextcloud"|
|WWW-Authenticate|Basic realm="Nextcloud"|
Scenario: Moving a file
Given using old dav path