diff --git a/apps/files_encryption/tests/webdav.php b/apps/files_encryption/tests/webdav.php
index 83f4c0a77de92424d29e886d12304e3c1ae19fcc..bdbc9d7ef02dddee61a52f83225a81ac15e8f78b 100755
--- a/apps/files_encryption/tests/webdav.php
+++ b/apps/files_encryption/tests/webdav.php
@@ -206,12 +206,17 @@ class Webdav extends TestCase {
* handle webdav request
*
* @param bool $body
- *
* @note this init procedure is copied from /apps/files/appinfo/remote.php
*/
function handleWebdavRequest($body = false) {
// Backends
- $authBackend = new \OC_Connector_Sabre_Auth();
+ $authBackend = $this->getMockBuilder('OC_Connector_Sabre_Auth')
+ ->setMethods(['validateUserPass'])
+ ->getMock();
+ $authBackend->expects($this->any())
+ ->method('validateUserPass')
+ ->will($this->returnValue(true));
+
$lockBackend = new \OC_Connector_Sabre_Locks();
$requestBackend = new \OC_Connector_Sabre_Request();
@@ -236,6 +241,10 @@ class Webdav extends TestCase {
$server->addPlugin(new \OC_Connector_Sabre_MaintenancePlugin());
$server->debugExceptions = true;
+ // Totally ugly hack to setup the FS
+ \OC::$server->getUserSession()->login($this->userId, $this->userId);
+ \OC_Util::setupFS($this->userId);
+
// And off we go!
if ($body) {
$server->httpRequest->setBody($body);
diff --git a/lib/private/connector/sabre/auth.php b/lib/private/connector/sabre/auth.php
index 6e1baca93323aaae9b1bc76618c280996a1ddf4b..34ccd644447097d8a8f378ff1901326deaf0cfe3 100644
--- a/lib/private/connector/sabre/auth.php
+++ b/lib/private/connector/sabre/auth.php
@@ -22,25 +22,49 @@
*/
class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
+ const DAV_AUTHENTICATED = 'AUTHENTICATED_TO_DAV_BACKEND';
+
+ /**
+ * Whether the user has initially authenticated via DAV
+ *
+ * This is required for WebDAV clients that resent the cookies even when the
+ * account was changed.
+ *
+ * @see https://github.com/owncloud/core/issues/13245
+ *
+ * @param string $username
+ * @return bool
+ */
+ protected function isDavAuthenticated($username) {
+ return !is_null(\OC::$server->getSession()->get(self::DAV_AUTHENTICATED)) &&
+ \OC::$server->getSession()->get(self::DAV_AUTHENTICATED) === $username;
+ }
+
/**
* Validates a username and password
*
* This method should return true or false depending on if login
* succeeded.
*
+ * @param string $username
+ * @param string $password
* @return bool
*/
protected function validateUserPass($username, $password) {
- if (OC_User::isLoggedIn()) {
+ if (OC_User::isLoggedIn() &&
+ $this->isDavAuthenticated($username)
+ ) {
OC_Util::setupFS(OC_User::getUser());
return true;
} else {
- OC_Util::setUpFS();//login hooks may need early access to the filesystem
+ OC_Util::setUpFS(); //login hooks may need early access to the filesystem
if(OC_User::login($username, $password)) {
OC_Util::setUpFS(OC_User::getUser());
+ \OC::$server->getSession()->set(self::DAV_AUTHENTICATED, $username);
+ \OC::$server->getSession()->close();
return true;
- }
- else{
+ } else {
+ \OC::$server->getSession()->close();
return false;
}
}
@@ -55,10 +79,10 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
*/
public function getCurrentUser() {
$user = OC_User::getUser();
- if(!$user) {
- return null;
+ if($user && $this->isDavAuthenticated($user)) {
+ return $user;
}
- return $user;
+ return null;
}
/**
@@ -77,9 +101,6 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
$result = $this->auth($server, $realm);
- // close the session - right after authentication there is not need to write to the session any more
- \OC::$server->getSession()->close();
-
return $result;
}
@@ -89,7 +110,7 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
* @return bool
*/
private function auth(\Sabre\DAV\Server $server, $realm) {
- if (OC_User::handleApacheAuth() || OC_User::isLoggedIn()) {
+ if (OC_User::handleApacheAuth()) {
$user = OC_User::getUser();
OC_Util::setupFS($user);
$this->currentUser = $user;