[Pkg-owncloud-commits] [owncloud] 88/258: Move BasicAuth check to "isLoggedIn()"

Sat Oct 11 17:22:24 UTC 2014

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository owncloud.

commit 37632e428dff598496785d8d7d1ae24f4510d1e2
Author: Lukas Reschke <lukas at owncloud.com>
Date:   Thu Sep 18 16:02:18 2014 +0200

    Move BasicAuth check to "isLoggedIn()"
    
    Ensures that Basic Auth works properly for APIs and removes the need for some even uglier lines of code.
---
 lib/base.php         | 33 ++-------------------------------
 lib/private/user.php | 10 +++++++---
 2 files changed, 9 insertions(+), 34 deletions(-)

diff --git a/lib/base.php b/lib/base.php
index 971ed00..8239539 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -752,15 +752,6 @@ class OC {
 				if (isset($_COOKIE['oc_token'])) {
 					OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
 				}
-				if (isset($_SERVER['PHP_AUTH_USER'])) {
-					if (isset($_COOKIE['oc_ignore_php_auth_user'])) {
-						// Ignore HTTP Authentication for 5 more mintues.
-						setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
-					} elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) {
-						// Ignore HTTP Authentication to allow a different user to log in.
-						setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
-					}
-				}
 				OC_User::logout();
 				// redirect to webroot and add slash if webroot is empty
 				header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
@@ -831,9 +822,8 @@ class OC {
 		} // remember was checked after last login
 		elseif (OC::tryRememberLogin()) {
 			$error[] = 'invalidcookie';
-		} // logon via web form or WebDAV
-		elseif (OC::tryFormLogin()) {}
-		elseif (OC::tryBasicAuthLogin()) {
+		} // logon via web form
+		elseif (OC::tryFormLogin()) {
 			$error[] = 'invalidpassword';
 		}
 
@@ -951,25 +941,6 @@ class OC {
 		return true;
 	}
 
-	/**
-	 * Try to login a user using HTTP authentication.
-	 * @return bool
-	 */
-	protected static function tryBasicAuthLogin() {
-		if (!isset($_SERVER["PHP_AUTH_USER"])
-			|| !isset($_SERVER["PHP_AUTH_PW"])
-			|| (isset($_COOKIE['oc_ignore_php_auth_user']) && $_COOKIE['oc_ignore_php_auth_user'] === $_SERVER['PHP_AUTH_USER'])
-		) {
-			return false;
-		}
-
-		if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) {
-			OC_User::unsetMagicInCookie();
-			$_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister();
-		}
-
-		return true;
-	}
 
 }
 
diff --git a/lib/private/user.php b/lib/private/user.php
index 5efe205..ce7b457 100644
--- a/lib/private/user.php
+++ b/lib/private/user.php
@@ -331,15 +331,19 @@ class OC_User {
 	}
 
 	/**
-	 * Check if the user is logged in
+	 * Check if the user is logged in, considers also the HTTP basic credentials
 	 * @return bool
-	 *
-	 * Checks if the user is logged in
 	 */
 	public static function isLoggedIn() {
 		if (\OC::$session->get('user_id') !== null && self::$incognitoMode === false) {
 			return self::userExists(\OC::$session->get('user_id'));
 		}
+
+		// Check whether the user has authenticated using Basic Authentication
+		if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
+			return \OC_User::login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+		}
+
 		return false;
 	}
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

