Skip to content
Snippets Groups Projects
Commit 320a3c37 authored by Thomas Müller's avatar Thomas Müller Committed by Morris Jobke
Browse files

because OC_User::login will create a new session we shall only try to login if... 

because OC_User::login will create a new session we shall only try to login if user and pass are set

ensure to never destroy an existing session
parent c5fa8f1b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 22 additions and 16 deletions
lib/private/api.php
+ 22
16
View file @ 320a3c37
...@@ -132,7 +132,7 @@ class OC_API { ...@@ -132,7 +132,7 @@ class OC_API {
* @return array|\OC_OCS_Result * @return array|\OC_OCS_Result
*/ */
public static function mergeResponses($responses) { public static function mergeResponses($responses) {
// Sort into shipped and thirdparty // Sort into shipped and third-party
$shipped = array( $shipped = array(
'succeeded' => array(), 'succeeded' => array(),
'failed' => array(), 'failed' => array(),
...@@ -162,7 +162,7 @@ class OC_API { ...@@ -162,7 +162,7 @@ class OC_API {
if(!empty($shipped['failed'])) { if(!empty($shipped['failed'])) {
// Which shipped response do we use if they all failed? // Which shipped response do we use if they all failed?
// They may have failed for different reasons (different status codes) // They may have failed for different reasons (different status codes)
// Which reponse code should we return? // Which response code should we return?
// Maybe any that are not OC_API::RESPOND_SERVER_ERROR // Maybe any that are not OC_API::RESPOND_SERVER_ERROR
// Merge failed responses if more than one // Merge failed responses if more than one
$data = array(); $data = array();
...@@ -273,26 +273,32 @@ class OC_API { ...@@ -273,26 +273,32 @@ class OC_API {
// reuse existing login // reuse existing login
$loggedIn = OC_User::isLoggedIn(); $loggedIn = OC_User::isLoggedIn();
$ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false; if ($loggedIn === true) {
if ($loggedIn === true && $ocsApiRequest) { $ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false;
if ($ocsApiRequest) {
// initialize the user's filesystem // initialize the user's filesystem
\OC_Util::setUpFS(\OC_User::getUser()); \OC_Util::setUpFS(\OC_User::getUser());
return OC_User::getUser(); return OC_User::getUser();
}
return false;
} }
// basic auth // basic auth - because OC_User::login will create a new session we shall only try to login
$authUser = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : ''; // if user and pass are set
$authPw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : ''; if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) ) {
$return = OC_User::login($authUser, $authPw); $authUser = $_SERVER['PHP_AUTH_USER'];
if ($return === true) { $authPw = $_SERVER['PHP_AUTH_PW'];
self::$logoutRequired = true; $return = OC_User::login($authUser, $authPw);
if ($return === true) {
self::$logoutRequired = true;
// initialize the user's filesystem // initialize the user's filesystem
\OC_Util::setUpFS(\OC_User::getUser()); \OC_Util::setUpFS(\OC_User::getUser());
return $authUser; return $authUser;
}
} }
return false; return false;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment