wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
☁️ Nextcloud server, a safe home for all your data
22419 commits 157 branches 562 tags 714 MiB
PHP 56.1%
JavaScript 40.3%
Gherkin 1.2%
Vue 1%
SCSS 0.7%
Other 0.6%
Find a file
Lukas Reschke dfbc405a45 Prioritise Basic Auth header over Cookie 
There are a lot of clients that support multiple WebDAV accounts in the same application. However, they resent all the cookies they received from one of the accounts also to the other one. In the case of ownCloud this means that we will always show the user from the session and not the user that is specified in the basic authentication header.

This patch adds a workaround the following way:

1. If the user authenticates via the Sabre Auth Connector add a hint to the session that this was authorized via Basic Auth (this is to prevent logout CSRF)
2. If the request contains this hint and the username specified in the basic auth header differs from the one in the session relogin the user using basic auth

Fixes https://github.com/owncloud/core/issues/11400 and https://github.com/owncloud/core/issues/13245 and probably some other issues as well.

This requires proper testing also considering LDAP / Shibboleth and whatever instances.
2015-01-17 13:29:07 +01:00
.idea Add newline that was removed by 15be763d46 2014-12-10 09:38:32 +01:00
3rdparty@3c5c49860e update dbal to 2.5.0 2014-12-30 16:47:30 +01:00
apps Prioritise Basic Auth header over Cookie 2015-01-17 13:29:07 +01:00
build cleaning up the build directory 2014-12-10 10:07:22 +01:00
config Note in config.sample.php that certain previews are not available in ms windows 2015-01-15 11:07:14 +01:00
core [tx-robot] updated from transifex 2015-01-17 01:54:40 -05:00
l10n Remove *.pot 2014-11-10 11:33:20 +01:00
lib Prioritise Basic Auth header over Cookie 2015-01-17 13:29:07 +01:00
ocs OCS API for server-to-server sharing 2014-12-04 13:18:13 +01:00
settings [tx-robot] updated from transifex 2015-01-17 01:54:40 -05:00
tests Merge pull request #13319 from owncloud/replace-line-breaks-in-app-description 2015-01-17 01:03:41 +01:00
themes Gitorious => Github 2012-08-26 02:39:42 +03:00
.bowerrc ability to add bower resources 2014-11-03 20:54:40 +01:00
.gitignore Add provisioning_api app 2014-12-24 22:15:20 +01:00
.gitmodules use https as submodule url 2014-03-21 19:38:22 +01:00
.htaccess Add version to .htaccess 2015-01-08 12:49:02 +01:00
.jshintrc enable laxbreak option in jshintrc to comply with our coding guide lines 2014-11-04 12:51:54 +01:00
.scrutinizer.yml bower jquery-ui - exported changes to a separate css file 2014-12-13 09:47:34 +01:00
.user.ini Create .user.ini for PHP-FPM 2014-09-10 16:08:40 +02:00
AUTHORS Add myself as author 2014-09-19 17:24:12 +02:00
autotest-external.sh Setup a docker container that holds a webdav instance to test files_external 2014-12-17 21:50:35 +01:00
autotest-hhvm.sh Adding autotest-hhvm.sh 2014-12-18 10:21:15 +01:00
autotest-js.sh remove 'set -e' - causes issues during ci execution 2014-09-12 15:42:50 +02:00
autotest.cmd Restore the development config after running the tests 2014-12-02 12:41:33 +01:00
autotest.sh Correctly run all tests again when no file is specified 2014-12-09 16:36:41 +01:00
bower.json bump jquery.strengthify to 0.4.1 2015-01-06 13:48:58 +01:00
buildjsdocs.sh Added script to build the JS documentation 2014-10-31 13:27:36 +01:00
console.php Check for the posix extension - refs https://github.com/owncloud/core/pull/13282#issuecomment-69602645 2015-01-12 20:17:02 +01:00
CONTRIBUTING.md Fix URL to developer manual 2015-01-10 00:54:38 +01:00
COPYING-AGPL Really add AGPL file 2011-02-09 15:12:09 +00:00
COPYING-README correct icon license, we use Elementary icons, not Silk anymore 2014-07-15 11:35:49 +02:00
cron.php Use the TempManager to handle temporary files 2014-10-24 12:18:49 +02:00
db_structure.xml Revert "add share index" 2014-07-17 20:56:06 +02:00
index.html Try to prefer index.php over index.html in the same directory 2013-04-24 15:11:53 +02:00
index.php Make files non executable 2014-10-24 11:14:51 +02:00
indie.json add indie.json for Indie App Store listing 2014-06-29 22:03:24 +02:00
issue_template.md Also add secret 2014-12-19 10:57:46 +01:00
occ Use a more universal shebang 2014-11-19 17:34:03 +01:00
public.php Add sabredav plugin to check if a user has access to an app 2014-11-17 15:50:24 +01:00
README.md version up 2015-01-11 16:17:57 +01:00
remote.php Add sabredav plugin to check if a user has access to an app 2014-11-17 15:50:24 +01:00
robots.txt Add robot.txt 2013-01-28 16:39:53 -06:00
status.php reduce OC_Preferences, OC_Config and \OCP\Config usage 2014-12-08 22:42:37 +01:00
version.php 8.0.0 alpha 2 2015-01-11 04:37:15 +01:00

README.md

ownCloud

ownCloud gives you freedom and control over your own data. A personal cloud which runs on your own server.

Build Status on Jenkins CI

Git master: Build Status

Quality:

  • Scrutinizer: Scrutinizer Quality Score
  • CodeClimate: Code Climate

Installation instructions

http://doc.owncloud.org/server/8.0/developer_manual/app/index.html

Contribution Guidelines

http://owncloud.org/contribute/

Get in touch

Important notice on translations

Please submit translations via Transifex: https://www.transifex.com/projects/p/owncloud/

Transifex

For more detailed information about translations: http://doc.owncloud.org/server/8.0/developer_manual/core/translation.html