New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Basic Auth is broken - again... #3487
Conversation
is it intended that you commented out redirectToDefaultPage ? |
Yes, it went into a never ending loop otherwise. When commented out it reaches the destination URL. |
Actually since basic auth is mainly (only?) used for non-browser access, maybe we should call |
The ticket description indicates there should be functional tests for HTTP auth now. ;) |
It's basically untestable, and the login logic is - absent... I' trying to make heads and tails out of it. |
Nope, without a total redesign this is the only way I can get basic auth to work, without breaking normal login, cookie validation and routing. Cookie validation is already broken in master - #854 really needs to be fixed. Anyways, until a redesign of the startup procedure, please consider this patch. |
3rdparty got changed in the last commit. Should we organize a review of base.php to clean up the login stuff? I don't want to do it alone. |
This reverts commit 138c7f6.
Thanks, hadn't noticed.
Maybe we should create an issue summarizing all the issues in OC::handleRequest(); and separate them into more manageable parts? Find out what pitfalls there are etc.
No one should have that burden alone ;) |
But if we are going to rewrite anyway, I think we should consider a design like SabreDAV, instantiating a server object and inject plugins for dealing with authentication, handling requests etc. |
👍 |
@@ -678,9 +680,8 @@ protected static function handleLogin() { | |||
$error[] = 'invalidpassword'; | |||
|
|||
// The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tanghus should the comment be moved as well? Just asking
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes it probably should ;) This hack was mostly a PoC what would work with the current base.php - a rewrite would be better but might not be feasible before the next major release? If not, tryBasicAuth() should also call OC_Util::callRegister();
if the request should be used for anything else than simple GETs.
Should I update this PR for something that can be work, or should we prioritize a rewrite like @icewind1991 described in https://gist.github.com/icewind1991/5685072 for oC 6?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OC5 and master are broken - right? -> fix it
The rewrite is too far away from my understanding.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@DeepDiver1975 Yes, oC5 is broken too. Pushed changes for master.
Any 👎 or 👍 for this temporary fix? A full rewrite is only in the far horizon. |
👍 |
@MTGap @karlitschek @DeepDiver1975 what say you? |
👍 |
Basic Auth is broken - again...
@tanghus oc5 is still broken - right? Can you please backport this? THX |
@DeepDiver1975 I deleted 2500 git msgs when I got back from vacation, so never saw this :) |
This is most likely not the 'proper' way to do it, but it works.
Please test Basic Auth whenever refactoring the code. I don't know how many time is has been broken.
@icewind1991 @DeepDiver1975 @karlitschek