OwnCloud login impossible when HTTP_AUTH is set

[Gottox]

When OwnCloud is used in a httpauth protected folder, it isn't possible to login via webform anymore.

In our setup, we want to handle httpauth independent from OwnCloud.

We tried to workaround this issue by resetting the corresponding fields in $_SERVER by adding the following to the top of index.php:

unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
$_SERVER['HTTP_AUTHORIZATION']="";
unset($_SERVER['HTTP_XAUTHORIZATION']);
unset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']);

This made it possible to log in independent from httpauth, but unfortunately as soon as I navigate from the main page, I get back to the login prompt.

[Gottox]

Update: I revert my changes for debugging, logged in to the http auth and tried to login into Owncloud with "remember me" set. This results in a redirection loop.

[butonic]

Basically using the basic auth credential to log in a user is a feature of owncloud, but I can confirm this issue. I had the same problem with a customer that used basic auth to protect his development system. It was not a big issue and I added a conditional hack like yours that would only unset PHP_AUTH_USER and PHP_AUTH_PW when it would match the basic auth credentials.

@karlitschek @icewind1991 opinions?

[Gottox]

Thanks for the tip, unsetting PHP_AUTH_USER in lib/base.php did the job.

[bantu]

@butonic Add an environment variable that allows disabling HTTP auth, so it can be used in the webserver only?

[DeepDiver1975]

@bantu no need for you to work on this - we have some developments already going on in this area.

[VicDeo]

@DeepDiver1975 IIRC you fixed it, didn't you?

[DeepDiver1975]

@DeepDiver1975 IIRC you fixed it, didn't you?

actually not - I missunderstood the original reporter - sorry

[karlitschek]

closing this. This is the intended behavior of ownCloud.