mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
nextcloud/lib/private
History
Lukas Reschke dfbc405a45 Prioritise Basic Auth header over Cookie 
There are a lot of clients that support multiple WebDAV accounts in the same application. However, they resent all the cookies they received from one of the accounts also to the other one. In the case of ownCloud this means that we will always show the user from the session and not the user that is specified in the basic authentication header.

This patch adds a workaround the following way:

1. If the user authenticates via the Sabre Auth Connector add a hint to the session that this was authorized via Basic Auth (this is to prevent logout CSRF)
2. If the request contains this hint and the username specified in the basic auth header differs from the one in the session relogin the user using basic auth

Fixes https://github.com/owncloud/core/issues/11400 and https://github.com/owncloud/core/issues/13245 and probably some other issues as well.

This requires proper testing also considering LDAP / Shibboleth and whatever instances.
 		2015-01-17 13:29:07 +01:00
..
app Check new and old ways of required oC version for app compatibility 2015-01-14 13:02:02 +01:00
appframework always set url parameters when they are available in the app dispatch 2015-01-15 15:22:52 +01:00
archive Update pear/archive_tar to 1.3.13 2014-10-30 16:10:00 +01:00
assetic Fix JS asset generation 2015-01-05 15:48:04 +00:00
backgroundjob Dont try to execute jobs that no longer exist 2014-07-25 18:02:02 +02:00
cache Fix all PHPDoc types and variable names, in /lib 2014-05-13 19:08:14 +01:00
connector/sabre Prioritise Basic Auth header over Cookie 2015-01-17 13:29:07 +01:00
contacts Replace deprecated constant with new class constant 2014-11-25 16:30:21 +01:00
db Use a special filter expression for Oracle to filter the prefix - fixes #13220 2015-01-12 16:28:11 +01:00
diagnostics Allow adding events that hapend before the event logger was loaded 2014-10-20 13:38:38 +02:00
fileproxy move the private namespace OC into lib/private - OCP will stay in lib/public 2013-09-30 16:36:59 +02:00
files Remove children from the cache in one query 2015-01-15 17:26:12 +01:00
group add isAdmin and isInGroup methods for the group manager 2014-12-17 17:41:57 +01:00
hooks polish documentation based on scrutinizer patches 2014-02-06 17:02:21 +01:00
l10n Correctly fallback to english, if the plural case is not translated 2014-12-11 12:42:21 +01:00
legacy introduce preCondition for setUserValue to provide atomic check-and-update 2014-12-08 22:33:36 +01:00
log add Download logfile button to admin settings 2015-01-07 14:55:53 +01:00
memcache Add Null memcacher 2015-01-09 13:18:00 +00:00
ocs reduce OC_Preferences, OC_Config and \OCP\Config usage 2014-12-08 22:42:37 +01:00
preview Split bitmap providers into one per file 2014-11-28 09:28:33 +01:00
repair Explicily close the statement cursors 2014-08-20 23:49:15 +02:00
route Intelligent container 2014-12-23 09:50:42 +01:00
search new OC.Search, add search result formatters and handlers, use full content width for results 2015-01-02 10:28:41 +01:00
security Next step in server-to-server sharing next generation, see #12285 2014-12-19 15:20:24 +01:00
session Refactor internal session to write directly to $_SESSION 2014-08-30 08:48:13 +00:00
setup Correctly namespace DatabaseSetupException 2014-11-26 12:30:07 +01:00
share don't delete share table entries for the unique name if re-share permission was removed 2015-01-07 16:36:13 +01:00
tagging PHPDoc fixes as suggested by @MorrisJobke. 2014-10-14 00:06:33 +02:00
template Deprecate Util::formatDate() 2014-12-10 11:58:56 +01:00
user Merge pull request #12969 from owncloud/clarify-docs 2014-12-22 10:01:39 +01:00
vobject move the private namespace OC into lib/private - OCP will stay in lib/public 2013-09-30 16:36:59 +02:00
activitymanager.php Allow extensions to specify the list of special parameters 2014-12-11 14:56:46 +01:00
allconfig.php Add type of the variables to the docs 2014-12-10 15:18:06 +01:00
api.php Merge pull request #12918 from owncloud/use-uid-instead-of-login-name 2014-12-19 10:24:52 +01:00
app.php Merge pull request #13319 from owncloud/replace-line-breaks-in-app-description 2015-01-17 01:03:41 +01:00
appconfig.php port of #9500 2014-07-08 16:32:01 +02:00
apphelper.php moving file to the right location 2013-10-07 00:32:39 +02:00
archive.php Previous commit was not based on master, retry. Removed broken tar cutter, double extensions are not possible in temp files. Added tar support. Fixed extension switch. 2014-08-04 14:10:09 +02:00
arrayparser.php Replace exception with standard exception 2014-11-27 11:10:05 +01:00
avatar.php Use public api for getting l10n 2014-08-31 10:08:22 +02:00
avatarmanager.php Remove all occurences of @brief and @returns from PHPDoc 2014-05-19 17:50:53 +02:00
backgroundjob.php Remove all occurences of @brief and @returns from PHPDoc 2014-05-19 17:50:53 +02:00
cache.php More PHPDoc fixes, using scrutinizer patches as hints 2014-02-28 13:53:41 +01:00
config.php drop unused isDebugMode and setDebugMode of OC_Config 2014-12-08 22:42:44 +01:00
contactsmanager.php Fix permissions 2014-12-06 13:58:10 +01:00
databaseexception.php Correctly namespace and autoload DatabaseException 2014-11-27 11:10:04 +01:00
databasesetupexception.php Correctly namespace DatabaseSetupException 2014-11-26 12:30:07 +01:00
datetimeformatter.php Correctly inject the language into the subcall 2014-12-12 11:00:07 +01:00
datetimezone.php Move timezone logic out of server.php 2014-12-16 16:16:22 +01:00
db.php Add tableExists to public db api 2014-12-09 17:26:53 +01:00
defaults.php Support HTML in logo claim 2014-11-03 21:14:27 +01:00
eventsource.php Explicitly cast id and validate type 2014-09-04 13:26:47 +02:00
filechunking.php Fix PHPdoc in lib/private 2014-04-15 22:55:20 +02:00
fileproxy.php Fix all PHPDoc types and variable names, in /lib 2014-05-13 19:08:14 +01:00
files.php removed a little duplication 2014-12-30 22:36:13 +01:00
forbiddenexception.php Cache folder is now configurable 2014-03-24 12:57:11 +01:00
geo.php Remove all occurences of @brief and @returns from PHPDoc 2014-05-19 17:50:53 +02:00
group.php Add REST route for user & group management 2014-12-08 12:11:01 +01:00
helper.php Memcache binary executable searching 2015-01-09 13:18:00 +00:00
hintexception.php Do not show exception to the end-user 2014-09-17 13:17:52 +02:00
hook.php Dont connect hooks twice 2014-06-06 09:56:02 +02:00
httphelper.php Next step in server-to-server sharing next generation, see #12285 2014-12-19 15:20:24 +01:00
image.php Do not call filesize(null), this function expects a string. 2014-12-18 20:57:19 +01:00
installer.php Limit blacklist to php files 2014-11-27 20:26:45 +01:00
json.php Use public api for getting l10n 2014-08-31 10:08:22 +02:00
l10n.php Correctly fallback to english, if the plural case is not translated 2014-12-11 12:42:21 +01:00
largefilehelper.php Check if open_basedir is set 2014-12-11 00:09:55 +01:00
log.php Remove changes which were inadvertently pushed to master 2014-12-08 04:03:02 +01:00
mail.php Remove X-Mailer header from mails 2014-08-17 18:55:13 +02:00
mimetypes.list.php New generic class for Imagemagick conversions 2014-10-04 17:50:12 +02:00
naturalsort.php Move NaturalSort_DefaultCollator to its own file 2014-11-27 17:47:21 +01:00
naturalsort_defaultcollator.php Move NaturalSort_DefaultCollator to its own file 2014-11-27 17:47:21 +01:00
navigationmanager.php Remove all occurences of @brief and @returns from PHPDoc 2014-05-19 17:50:53 +02:00
needsupdateexception.php Throw an exception when we try to load an app that needs to be upgraded 2014-08-04 13:41:04 +02:00
notsquareexception.php move the private namespace OC into lib/private - OCP will stay in lib/public 2013-09-30 16:36:59 +02:00
ocs.php Remove invalid PHPDoc 2014-09-30 13:46:43 +02:00
ocsclient.php Cache responses from the AppStore server 2015-01-09 19:49:59 +01:00
preferences.php introduce preCondition for setUserValue to provide atomic check-and-update 2014-12-08 22:33:36 +01:00
preview.php Verify whether type is correct 2015-01-08 18:38:17 +01:00
previewmanager.php Make files non executable 2014-10-24 11:14:51 +02:00
repair.php Add a repair step to clean up orphan tags and tag entries 2015-01-14 16:49:25 +01:00
repairexception.php Added repair step for legacy storages 2014-08-20 23:14:05 +02:00
repairstep.php Added RepairStep interface and default repair step lists 2014-06-12 17:38:26 +02:00
request.php Add workaround for older instances 2014-12-03 21:13:27 +01:00
response.php Allow any outgoing XHR connections 2014-10-30 00:00:40 +01:00
search.php move search results below filelist, show hint when results are off screen, use js plugin mechanism 2015-01-02 10:28:41 +01:00
server.php Next step in server-to-server sharing next generation, see #12285 2014-12-19 15:20:24 +01:00
serviceunavailableexception.php Throw an exception when we try to load an app that needs to be upgraded 2014-08-04 13:41:04 +02:00
setup.php Add version to .htaccess 2015-01-08 12:49:02 +01:00
subadmin.php Remove all occurences of @brief and @returns from PHPDoc 2014-05-19 17:50:53 +02:00
systemconfig.php Extract interaction with config.php into SystemConfig 2014-12-08 22:29:42 +01:00
tagmanager.php Add user parameter to tag manager 2014-12-11 12:22:28 +01:00
tags.php Fix Undefined variable: result at tags.php#231 2014-12-19 19:44:43 +01:00
template.php allow css/js asset directory to be relocated (#13053) 2015-01-05 15:24:23 -08:00
templatelayout.php Merge pull request #13063 from AdamWill/assets-relocate 2015-01-07 09:36:26 +01:00
tempmanager.php Add \OC\TempManager to handle creating and cleaning temporary files 2014-10-24 12:18:46 +02:00
updater.php Add version to .htaccess 2015-01-08 12:49:02 +01:00
urlgenerator.php Introduce app info xml parser including basic unit test - necessary for #10777 2014-11-25 11:53:28 +01:00
user.php Merge pull request #12923 from owncloud/ultra-slim-version-of-incognito-mode 2014-12-19 14:54:11 +01:00
util.php ignore core 2015-01-14 15:27:37 +01:00
vobject.php Use function outside of loop 2014-10-24 12:27:53 +02:00