Merge pull request #23564 from owncloud/public-ajaxbasicauth
Return 401 DummyBasicAuth in case of ajax call in public link page
This commit is contained in:
Morris Jobke
commit
1fac22c2c8
2 changed files with 21 additions and 3 deletions
|
|
@ -32,7 +32,7 @@ OC_App::loadApps($RUNTIME_APPTYPES);
|
|||
OC_Util::obEnd();
|
||||
|
||||
// Backends
|
||||
$authBackend = new OCA\DAV\Connector\PublicAuth(\OC::$server->getConfig());
|
||||
$authBackend = new OCA\DAV\Connector\PublicAuth(\OC::$server->getConfig(), \OC::$server->getRequest());
|
||||
|
||||
$serverFactory = new OCA\DAV\Connector\Sabre\ServerFactory(
|
||||
\OC::$server->getConfig(),
|
||||
|
|
|
|||
|
|
@ -26,6 +26,9 @@
|
|||
|
||||
namespace OCA\DAV\Connector;
|
||||
|
||||
use OCP\IConfig;
|
||||
use OCP\IRequest;
|
||||
|
||||
class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
|
||||
|
||||
/**
|
||||
|
|
@ -36,10 +39,18 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
|
|||
private $share;
|
||||
|
||||
/**
|
||||
* @param \OCP\IConfig $config
|
||||
* @var IRequest
|
||||
*/
|
||||
public function __construct($config) {
|
||||
private $request;
|
||||
|
||||
/**
|
||||
* @param \OCP\IConfig $config
|
||||
* @param IRequest $request
|
||||
*/
|
||||
public function __construct(IConfig $config,
|
||||
IRequest $request) {
|
||||
$this->config = $config;
|
||||
$this->request = $request;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -52,6 +63,7 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
|
|||
* @param string $password
|
||||
*
|
||||
* @return bool
|
||||
* @throws \Sabre\DAV\Exception\NotAuthenticated
|
||||
*/
|
||||
protected function validateUserPass($username, $password) {
|
||||
$linkItem = \OCP\Share::getShareByToken($username, false);
|
||||
|
|
@ -92,6 +104,12 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
|
|||
&& \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id']) {
|
||||
return true;
|
||||
} else {
|
||||
if (in_array('XMLHttpRequest', explode(',', $this->request->getHeader('X-Requested-With')))) {
|
||||
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
|
||||
http_response_code(401);
|
||||
header('WWW-Authenticate', 'DummyBasic real="ownCloud"');
|
||||
throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
|
||||
}
|
||||
return false;
|
||||
}
|
||||
} else if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_REMOTE) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue