Webdav wrong error PasswordLoginForbidden when specifying non-existing user #26123

Closed
PVince81 opened this Issue Sep 16, 2016 · 1 comment

Projects

None yet

1 participant

@PVince81
Collaborator

Steps:

  1. Pick a user that doesn't exist, for example "unexist"
  2. Run this:
 % curl -X PROPFIND http://unexist:x@localhost/owncloud/remote.php/webdav/
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:o="http://owncloud.org/ns">
  <s:exception>OCA\DAV\Connector\Sabre\Exception\PasswordLoginForbidden</s:exception>
  <s:message/>
  <o:hint xmlns:o="o:">password login forbidden</o:hint>
</d:error>

Expected result

A simple 401 without extra exception

Actual result

PasswordLoginForbidden.

Versions

master / 9.2 pre-alpha

This exception is only intended to be used for when two factor is enabled and when a client must use tokens instead of passwords.

9.1 is likely affected too.

@DeepDiver1975 @SergioBertolinSG

@PVince81 PVince81 added this to the 9.2 milestone Sep 16, 2016
@PVince81 PVince81 referenced this issue Oct 6, 2016
Merged

Fix logClientIn for non-existing users #26292

6 of 10 tasks complete
@PVince81
Collaborator
PVince81 commented Oct 6, 2016

Fix is here #26292

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment