Move basic auth login out of `isLoggedIn`

Potentially fixes https://github.com/owncloud/core/issues/12915 and opens the door for potential other bugs... Please test very carefully, this includes: - Testing from OCS via cURL (as in #12915) - Testing from OCS via browser (Open the "Von Dir geteilt" shares overview) - WebDAV - CalDAV - CardDAV

Move basic auth login out of `isLoggedIn`
b91a435e · Lukas Reschke · c20be245 · b91a435e · b91a435e
Commit b91a435e authored Dec 17, 2014 by Lukas Reschke
--- a/lib/base.php
+++ b/lib/base.php
@@ -760,6 +760,7 @@ class OC {
 		// Load minimum set of apps
 		if (!self::checkUpgrade(false)) {
 			// For logged-in users: Load everything
+			\OC_User::tryBasicAuthLogin();
 			if(OC_User::isLoggedIn()) {
 				OC_App::loadApps();
 			} else {

--- a/lib/private/user.php
+++ b/lib/private/user.php
@@ -319,6 +319,15 @@ class OC_User {
 		self::getUserSession()->logout();
 	}
+	/**
+	 * Tries to login the user with HTTP Basic Authentication
+	 */
+	public static function tryBasicAuthLogin() {
+		if(!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
+			\OC_User::login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+		}
+	}
 	/**
 	 * Check if the user is logged in, considers also the HTTP basic credentials
 	 * @return bool
@@ -328,11 +337,6 @@ class OC_User {
 			return self::userExists(\OC::$server->getSession()->get('user_id'));
 		}
-		// Check whether the user has authenticated using Basic Authentication
-		if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
-			return \OC_User::login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-		}
 		return false;
 	}