Fix compatibility with twofactor

Conflicts: htdocs/api/class/api_login.class.php htdocs/dav/fileserver.php
Dolibarr · Aug 22, 2019 · a19228c · a19228c
1 parent 9bd229b
commit a19228c
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/htdocs/api/class/api_login.class.php b/htdocs/api/class/api_login.class.php
@@ -63,6 +63,8 @@ public function index($login, $password, $entity = '', $reset = 0)
 		// Authentication mode
 		if (empty($dolibarr_main_authentication))
 			$dolibarr_main_authentication = 'http,dolibarr';
+		$dolibarr_main_authentication = preg_replace('/twofactor/', 'dolibarr', $dolibarr_main_authentication);
+
 		// Authentication mode: forceuser
 		if ($dolibarr_main_authentication == 'forceuser')
 		{

diff --git a/htdocs/dav/fileserver.php b/htdocs/dav/fileserver.php
@@ -81,6 +81,19 @@
 	// Authentication mode
 	if (empty($dolibarr_main_authentication))
 		$dolibarr_main_authentication='http,dolibarr';
+	$dolibarr_main_authentication = preg_replace('/twofactor/', 'dolibarr', $dolibarr_main_authentication);
+
+	// Authentication mode: forceuser
+	if ($dolibarr_main_authentication == 'forceuser')
+	{
+		if (empty($dolibarr_auto_user)) $dolibarr_auto_user='auto';
+		if ($dolibarr_auto_user != $username)
+		{
+			dol_syslog("Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user."' that is not the requested login. DAV usage is forbidden in this mode.");
+			return false;
+		}
+	}
+
 	$authmode = explode(',', $dolibarr_main_authentication);
 	$entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : (!empty($conf->entity) ? $conf->entity : 1));