/**
* Override the parent `challenge` method to remove the `WWW-Authenticate`
* header in the response if the `X-Requested-With` header is present in the
* request. This last trick prevents the browser to prompt of dialog to the
* user.
*
* @param Request $request Request.
* @param Response $response Response.
* @return void
*/
function challenge(Request $request, Response $response)
{
parent::challenge($request, $response);
if ('XMLHttpRequest' === $request->getHeader('X-Requested-With')) {
$response->removeHeader('WWW-Authenticate');
}
}
/**
* @param \Sabre\DAV\Server $server
* @param $realm
* @return bool
*/
private function auth(\Sabre\DAV\Server $server, $realm)
{
if (OC_User::handleApacheAuth() || OC_User::isLoggedIn() && is_null(\OC::$server->getSession()->get(self::DAV_AUTHENTICATED))) {
$user = OC_User::getUser();
OC_Util::setupFS($user);
$this->currentUser = $user;
\OC::$server->getSession()->close();
return true;
}
return parent::authenticate($server, $realm);
}
/**
* @param RequestInterface $request
* @param ResponseInterface $response
* @return array
*/
private function auth(RequestInterface $request, ResponseInterface $response)
{
if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED)) || $this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) {
$user = $this->userSession->getUser()->getUID();
\OC_Util::setupFS($user);
$this->currentUser = $user;
$this->session->close();
return [true, $this->principalPrefix . $user];
}
if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) {
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
$response->addHeader('WWW-Authenticate', 'DummyBasic realm="' . $this->realm . '"');
$response->setStatus(401);
throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
}
return parent::check($request, $response);
}
/**
* @param RequestInterface $request
* @param ResponseInterface $response
* @return array
* @throws NotAuthenticated
*/
private function auth(RequestInterface $request, ResponseInterface $response)
{
$forcedLogout = false;
if (!$this->request->passesCSRFCheck() && $this->requiresCSRFCheck()) {
// In case of a fail with POST we need to recheck the credentials
if ($this->request->getMethod() === 'POST') {
$forcedLogout = true;
} else {
$response->setStatus(401);
throw new \Sabre\DAV\Exception\NotAuthenticated('CSRF check not passed.');
}
}
if ($forcedLogout) {
$this->userSession->logout();
} else {
if ($this->twoFactorManager->needsSecondFactor()) {
throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.');
}
if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED)) || $this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) {
$user = $this->userSession->getUser()->getUID();
\OC_Util::setupFS($user);
$this->currentUser = $user;
$this->session->close();
return [true, $this->principalPrefix . $user];
}
}
if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) {
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
$response->addHeader('WWW-Authenticate', 'DummyBasic realm="' . $this->realm . '"');
$response->setStatus(401);
throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
}
$data = parent::check($request, $response);
if ($data[0] === true) {
$startPos = strrpos($data[1], '/') + 1;
$user = $this->userSession->getUser()->getUID();
$data[1] = substr_replace($data[1], $user, $startPos);
}
return $data;
}
/**
* @param \Sabre\DAV\Server $server
* @param string $realm
* @return bool
*/
private function auth(\Sabre\DAV\Server $server, $realm)
{
if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) {
$user = $this->userSession->getUser()->getUID();
\OC_Util::setupFS($user);
$this->currentUser = $user;
$this->session->close();
return true;
}
if ($server->httpRequest->getHeader('X-Requested-With') === 'XMLHttpRequest') {
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
$server->httpResponse->addHeader('WWW-Authenticate', 'DummyBasic realm="' . $realm . '"');
$server->httpResponse->setStatus(401);
throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
}
return parent::authenticate($server, $realm);
}
/**
* @param \Sabre\DAV\Server $server
* @param $realm
* @return bool
*/
private function auth(\Sabre\DAV\Server $server, $realm)
{
if (OC_User::handleApacheAuth() || OC_User::isLoggedIn()) {
$user = OC_User::getUser();
OC_Util::setupFS($user);
$this->currentUser = $user;
return true;
}
return parent::authenticate($server, $realm);
}
/**
* @param \Sabre\DAV\Server $server
* @param $realm
* @return bool
*/
private function auth(\Sabre\DAV\Server $server, $realm) {
if (\OC_User::handleApacheAuth() ||
//Fix for broken webdav clients
(\OC_User::isLoggedIn() && is_null(\OC::$server->getSession()->get(self::DAV_AUTHENTICATED))) ||
//Well behaved clients that only send the cookie are allowed
(\OC_User::isLoggedIn() && \OC::$server->getSession()->get(self::DAV_AUTHENTICATED) === \OC_User::getUser())
) {
$user = \OC_User::getUser();
\OC_Util::setupFS($user);
$this->currentUser = $user;
\OC::$server->getSession()->close();
return true;
}
return parent::authenticate($server, $realm);
}
