Skip to content
Snippets Groups Projects
Commit 1fac22c2 authored by Morris Jobke's avatar Morris Jobke
Browse files

Merge pull request #23564 from owncloud/public-ajaxbasicauth 

Return 401 DummyBasicAuth in case of ajax call in public link page
parents 3b4903a3 ba69a90a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
apps/dav/appinfo/v1/publicwebdav.php
+ 1
1
View file @ 1fac22c2
...@@ -32,7 +32,7 @@ OC_App::loadApps($RUNTIME_APPTYPES); ...@@ -32,7 +32,7 @@ OC_App::loadApps($RUNTIME_APPTYPES);
OC_Util::obEnd(); OC_Util::obEnd();
// Backends // Backends
$authBackend = new OCA\DAV\Connector\PublicAuth(\OC::$server->getConfig()); $authBackend = new OCA\DAV\Connector\PublicAuth(\OC::$server->getConfig(), \OC::$server->getRequest());
$serverFactory = new OCA\DAV\Connector\Sabre\ServerFactory( $serverFactory = new OCA\DAV\Connector\Sabre\ServerFactory(
\OC::$server->getConfig(), \OC::$server->getConfig(),
......
apps/dav/lib/connector/publicauth.php
+ 19
1
View file @ 1fac22c2
...@@ -26,6 +26,9 @@ ...@@ -26,6 +26,9 @@
namespace OCA\DAV\Connector; namespace OCA\DAV\Connector;
use OCP\IConfig;
use OCP\IRequest;
class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
/** /**
...@@ -35,11 +38,19 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { ...@@ -35,11 +38,19 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
private $share; private $share;
/**
* @var IRequest
*/
private $request;
/** /**
* @param \OCP\IConfig $config * @param \OCP\IConfig $config
* @param IRequest $request
*/ */
public function __construct($config) { public function __construct(IConfig $config,
IRequest $request) {
$this->config = $config; $this->config = $config;
$this->request = $request;
} }
/** /**
...@@ -52,6 +63,7 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { ...@@ -52,6 +63,7 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
* @param string $password * @param string $password
* *
* @return bool * @return bool
* @throws \Sabre\DAV\Exception\NotAuthenticated
*/ */
protected function validateUserPass($username, $password) { protected function validateUserPass($username, $password) {
$linkItem = \OCP\Share::getShareByToken($username, false); $linkItem = \OCP\Share::getShareByToken($username, false);
...@@ -92,6 +104,12 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { ...@@ -92,6 +104,12 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
&& \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id']) { && \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id']) {
return true; return true;
} else { } else {
if (in_array('XMLHttpRequest', explode(',', $this->request->getHeader('X-Requested-With')))) {
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
http_response_code(401);
header('WWW-Authenticate', 'DummyBasic real="ownCloud"');
throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
}
return false; return false;
} }
} else if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_REMOTE) { } else if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_REMOTE) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment