From 1377ebc7e9b9a5bed36b5a1ca8da2c6ef35eb74a Mon Sep 17 00:00:00 2001
From: Christian Seiler <christian@iwakd.de>
Date: Mon, 16 Feb 2015 23:34:49 +0100
Subject: [PATCH] DAV authentication: use Owncloud's internal user instead of
 HTTP-supplied one

Fixes: #14048, #14104, calendar#712
---
 lib/private/connector/sabre/auth.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/private/connector/sabre/auth.php b/lib/private/connector/sabre/auth.php
index 533d250d68e..6f7c429fd38 100644
--- a/lib/private/connector/sabre/auth.php
+++ b/lib/private/connector/sabre/auth.php
@@ -60,8 +60,11 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
 		} else {
 			OC_Util::setUpFS(); //login hooks may need early access to the filesystem
 			if(OC_User::login($username, $password)) {
-				OC_Util::setUpFS(OC_User::getUser());
-				\OC::$server->getSession()->set(self::DAV_AUTHENTICATED, $username);
+			        // make sure we use owncloud's internal username here
+			        // and not the HTTP auth supplied one, see issue #14048
+			        $ocUser = OC_User::getUser();
+				OC_Util::setUpFS($ocUser);
+				\OC::$server->getSession()->set(self::DAV_AUTHENTICATED, $ocUser);
 				\OC::$server->getSession()->close();
 				return true;
 			} else {
-- 
GitLab