Merge pull request #13497 from owncloud/fix-basic-auth-for-session

Fix WebDAV auth for session authentication only

lib/private/connector/sabre/auth.php

@@ -101,7 +101,6 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
 	public function authenticate(\Sabre\DAV\Server $server, $realm) {
 
 		$result = $this->auth($server, $realm);
-
 		return $result;
     }
 
@@ -111,10 +110,13 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
 	 * @return bool
 	 */
 	private function auth(\Sabre\DAV\Server $server, $realm) {
-		if (OC_User::handleApacheAuth()) {
+		if (OC_User::handleApacheAuth() ||
+			(OC_User::isLoggedIn() && is_null(\OC::$server->getSession()->get(self::DAV_AUTHENTICATED)))
+		) {
 			$user = OC_User::getUser();
 			OC_Util::setupFS($user);
 			$this->currentUser = $user;
+			\OC::$server->getSession()->close();
 			return true;
 		}
 

lib/private/user.php

@@ -320,7 +320,7 @@ class OC_User {
 	 * Tries to login the user with HTTP Basic Authentication
 	 */
 	public static function tryBasicAuthLogin() {
-		if(!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
+		if(!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
 			\OC_User::login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
 		}
 	}