Merge pull request #774 from MartijnRas/master

remoteuser - Patch for default setting and improved checking in hasAccess()
dokuwiki · Mar 12, 2016 · 54c0fa7 · 54c0fa7
2 parents 11ac5b1 + 188eedd
commit 54c0fa7
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 1 deletion.
diff --git a/_test/tests/inc/remote.test.php b/_test/tests/inc/remote.test.php
@@ -157,6 +157,8 @@ function test_pluginMethods() {
     }
 
     function test_hasAccessSuccess() {
+        global $conf;
+        $conf['remoteuser'] = '';
         $this->assertTrue($this->remote->hasAccess());
     }
 
@@ -209,6 +211,7 @@ function test_hasAccessFailAcl2() {
     function test_forceAccessSuccess() {
         global $conf;
         $conf['remote'] = 1;
+        $conf['remoteuser'] = '';
         $this->remote->forceAccess(); // no exception should occur
     }
 
@@ -223,7 +226,11 @@ function test_forceAccessFail() {
 
     function test_generalCoreFunctionWithoutArguments() {
         global $conf;
+        global $USERINFO;
         $conf['remote'] = 1;
+        $conf['remoteuser'] = '';
+        $conf['useacl'] = 1;
+        $USERINFO['grps'] = array('grp');
         $remoteApi = new RemoteApi();
         $remoteApi->getCoreMethods(new RemoteAPICoreTest());
 
@@ -249,7 +256,10 @@ function test_generalCoreFunctionOnArgumentMismatch() {
 
     function test_generalCoreFunctionWithArguments() {
         global $conf;
+        global $USERINFO;
         $conf['remote'] = 1;
+        $conf['remoteuser'] = '';
+        $conf['useacl'] = 1;
 
         $remoteApi = new RemoteApi();
         $remoteApi->getCoreMethods(new RemoteAPICoreTest());
@@ -262,7 +272,10 @@ function test_generalCoreFunctionWithArguments() {
 
     function test_pluginCallMethods() {
         global $conf;
+        global $USERINFO;
         $conf['remote'] = 1;
+        $conf['remoteuser'] = '';
+        $conf['useacl'] = 1;
 
         $remoteApi = new RemoteApi();
         $this->assertEquals($remoteApi->call('plugin.testplugin.method1'), null);
@@ -319,6 +332,11 @@ function test_publicCallPluginDeny() {
     }
 
     function test_pluginCallCustomPath() {
+        global $conf;
+        global $USERINFO;
+        $conf['remote'] = 1;
+        $conf['remoteuser'] = '';
+        $conf['useacl'] = 1;
         global $EVENT_HANDLER;
         $EVENT_HANDLER->register_hook('RPC_CALL_ADD', 'BEFORE', $this, 'pluginCallCustomPathRegister');
 

diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php
@@ -65,7 +65,7 @@
 $conf['auth_security_timeout'] = 900;    //time (seconds) auth data is considered valid, set to 0 to recheck on every page view
 $conf['securecookie'] = 1;               //never send HTTPS cookies via HTTP
 $conf['remote']      = 0;                //Enable/disable remote interfaces
-$conf['remoteuser']  = '!!not set !!';   //user/groups that have access to remote interface (comma separated)
+$conf['remoteuser']  = '!!not set!!';    //user/groups that have access to remote interface (comma separated)
 
 /* Antispam Features */
 $conf['usewordblock']= 1;                //block spam based on words? 0|1

diff --git a/inc/remote.php b/inc/remote.php
@@ -236,6 +236,9 @@ public function hasAccess() {
         if (!$conf['remote']) {
             throw new RemoteAccessDeniedException('server error. RPC server not enabled.',-32604); //should not be here,just throw
         }
+        if(trim($conf['remoteuser']) == '!!not set!!') {
+            return false;
+        }
         if(!$conf['useacl']) {
             return true;
         }