Commit Graph

14 Commits

Author SHA1 Message Date
Lukas Reschke 9b3c4e8dc4 Require CSRF token for non WebDAV authenticated requests 2016-02-18 11:18:36 +01:00
Thomas Müller cca2ade199 Adding pre oc 9.0 CardDAV endpoint for migration of old clients 2016-02-08 10:52:30 +01:00
Thomas Müller 682821c71e Happy new year! 2016-01-12 15:02:18 +01:00
Roeland Jago Douma 4a38793d11 Allow only cookie auth to webdav 2016-01-07 10:44:26 +01:00
Vincent Petry 13ec2bda2d Properly check X-Requested-With header in case of multiple values
Saw this happening in IE8...
2015-12-11 11:22:38 +01:00
Thomas Müller 1d30f0fcdb Merge pull request #20760 from owncloud/webdav-authredirectfix
Only reject ajax auth if user is really logged out
2015-11-27 13:16:01 +01:00
Vincent Petry d02e0eaaf1 Only reject ajax auth if user is really logged out 2015-11-26 17:04:21 +01:00
Thomas Müller c25a7cc4da Users are available under it's own principal resource named 'principals/users' this will allow us to introduce e.g. groups as principals (one day) and system specific principals (needed for federation) 2015-11-25 22:23:34 +01:00
Thomas Müller ae36c01b95 Adjust sabre changes in core 2015-11-24 15:11:54 +01:00
Vincent Petry 055d58bfc3 Do not authenticate over ajax
This makes sure that whenever a Webdav call is done through Ajax, if the
session has expired, it will not send back a challenge but a simple 401
response. Without this fix, the default code would send back a challenge
and trigger the browser's basic auth dialog.
2015-11-23 09:44:30 +01:00
Scrutinizer Auto-Fixer 5573029485 Scrutinizer Auto-Fixes
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
2015-11-20 15:42:34 +00:00
Thomas Müller 0f434e0b9b Implement CSRF protection 2015-11-19 11:34:59 +01:00
Lukas Reschke cddc9abc06 Add tests for Sabre Auth plugin + make getCurrentUser compatible 2015-10-23 17:30:47 +02:00
Thomas Müller f2889dc6e4 Consolidate webdav code - move all to one app 2015-10-16 13:17:12 +02:00