[Pkg-owncloud-commits] [owncloud] 01/32: On webdav sesssions, loginname was compared to username which does not need to match necessarily

[David Prévot]

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository owncloud.

commit aba8199a8210c21e21147e2d3eae03a9965b5046
Author: Arthur Schiwon <blizzz at owncloud.com>
Date:   Wed Dec 11 13:56:45 2013 +0100

    On webdav sesssions, loginname was compared to username which does not need to match necessarily
---
 lib/base.php                 |  7 +++----
 lib/private/user/session.php | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/lib/base.php b/lib/base.php
index baf73b2..b5d22ce 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -526,10 +526,9 @@ class OC {
 
 		OC_User::useBackend(new OC_User_Database());
 		OC_Group::useBackend(new OC_Group_Database());
-
 		if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('user_id')
-			&& $_SERVER['PHP_AUTH_USER'] != self::$session->get('user_id')) {
-			$sessionUser = self::$session->get('user_id');
+			&& $_SERVER['PHP_AUTH_USER'] != self::$session->get('loginname')) {
+			$sessionUser = self::$session->get('loginname');
 			$serverUser = $_SERVER['PHP_AUTH_USER'];
 			OC_Log::write('core',
 				"Session user-id ($sessionUser) doesn't match SERVER[PHP_AUTH_USER] ($serverUser).",
@@ -804,7 +803,7 @@ class OC {
 			if ( OC_Config::getValue('log_authfailip', false) ) {
 				OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:'.$_SERVER['REMOTE_ADDR'],
 				OC_Log::WARN);
-			} else { 
+			} else {
 				OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:set log_authfailip=true in conf',
                                 OC_Log::WARN);
 			}
diff --git a/lib/private/user/session.php b/lib/private/user/session.php
index 9c9bee3..c2885d0 100644
--- a/lib/private/user/session.php
+++ b/lib/private/user/session.php
@@ -113,6 +113,38 @@ class Session implements Emitter, \OCP\IUserSession {
 	}
 
 	/**
+	 * set the login name
+	 *
+	 * @param string login name for the logged in user
+	 */
+	public function setLoginname($loginname) {
+		if (is_null($loginname)) {
+			$this->session->remove('loginname');
+		} else {
+			$this->session->set('loginname', $loginname);
+		}
+	}
+
+	/**
+	 * get the login name of the current user
+	 *
+	 * @return string
+	 */
+	public function getLoginname() {
+		if ($this->activeUser) {
+			return $this->session->get('loginname');
+		} else {
+			$uid = $this->session->get('user_id');
+			if ($uid) {
+				$this->activeUser = $this->manager->get($uid);
+				return $this->session->get('loginname');
+			} else {
+				return null;
+			}
+		}
+	}
+
+	/**
 	 * try to login with the provided credentials
 	 *
 	 * @param string $uid
@@ -126,6 +158,7 @@ class Session implements Emitter, \OCP\IUserSession {
 			if (!is_null($user)) {
 				if ($user->isEnabled()) {
 					$this->setUser($user);
+					$this->setLoginname($uid);
 					$this->manager->emit('\OC\User', 'postLogin', array($user, $password));
 					return true;
 				} else {
@@ -143,6 +176,7 @@ class Session implements Emitter, \OCP\IUserSession {
 	public function logout() {
 		$this->manager->emit('\OC\User', 'logout');
 		$this->setUser(null);
+		$this->setLoginname(null);
 		$this->unsetMagicInCookie();
 	}
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git