Fixes login / logout when HTTP Basic Headers are avilable.

[josh4trunks]

This patch..

1. Ignores HTTP Basic Auth Headers when they are incorrect.
2. Adds a cookie 'oc_ignore_php_auth_user' when a user with successful 'BasicAuthLogin' wants to logout.
   • Fixes impossible logout with matching HTTP Basic User/Pass bug
3. Decreases the timelimit of the 'oc_ignore_php_auth_user' cookie to 5 minutes when a user who needed the cookie logs out.
   • Reallows HTTP Basic Auth for that browsing session
4. HTTP Basic Username must match the value of the 'oc_ignore_php_auth_user' cookie for it to take affect.

---

Fixes #6922 #4556
In my opinion this is much cleaner and HTTP compliant than using http://whatever@domain.com as it has been depreciated in Chrome and IE.

[josh4trunks]

@PVince81 @DamnDam

@Kondou-ger - Can you test if this works in your environment described here? da19109#commitcomment-5770399. I believe it should without needing the extra configurable 'basic_auth'.

[ghost]

🚀 Test Passed. 🚀
Refer to this link for build results: https://ci.owncloud.org/job/pull-request-analyser/3844/

[ghost]

🚀 Test Passed. 🚀
Refer to this link for build results: https://ci.owncloud.org/job/pull-request-analyser/3845/

[josh4trunks]

Logout still seems very spotty when you have an _incorrect_ HTTP Basic Auth header. All other cases seem to work as expected.

EDIT
This isn't caused by my patch. I tested without patch and just removing the block containing..
"Session loginname ($sessionUser) doesn't match SERVER[PHP_AUTH_USER] ($serverUser).",
and it is still an issue. I'll continue investigating.

[ghost]

🚀 Test Passed. 🚀
Refer to this link for build results: https://ci.owncloud.org/job/pull-request-analyser/3846/

[josh4trunks]

OK, all fixed. Every combination should now work =]

• Correct Headers + Login
• Correct Headers + Logout
• Incorrect Headers + Login
• Incorrect Headers + Logout

[ghost]

🚀 Test Passed. 🚀
Refer to this link for build results: https://ci.owncloud.org/job/pull-request-analyser/3847/

[PVince81]

@bantu @LukasReschke can you help reviewing this ?

[ghost]

🚀 Test Passed. 🚀
Refer to this link for build results: https://ci.owncloud.org/job/pull-request-analyser/3861/

[DamnDam]

My setup changed, but I'll try and test it.
It feels a lot less hacky ^^

[DamnDam]

What is the expected behaviour when cookies are disabled ?
I suppose Basic Authentication is especially usefull for clients with disabled cookies, does it break support for them ?

[josh4trunks]

OC is usable without cookies disabled in a browser? I don't see how that would work because it never asks for basic login. I don't think this should affect clients without cookies but we should test it.

all this commit does is..

1. not overwrite regular login with http headers
2. ignore http headers when asking to logout

[Niduroki]

There's a typo here.

[Niduroki]

Tested it with my setup and works fine. 👍
This needs a rebase/merge though.

[ghost]

🚀 Test Passed. 🚀
Refer to this link for build results: https://ci.owncloud.org/job/pull-request-analyser/4035/

[josh4trunks]

@Kondou-ger done.

[scrutinizer-notifier]

The inspection completed: 3 new issues, 2 updated code elements

[ghost]

🚀 Test Passed. 🚀
Refer to this link for build results: https://ci.owncloud.org/job/pull-request-analyser/4058/

[DeepDiver1975]

I will perform some tests regarding shibboleth, ocs api and clients. Please don't merge until my explicit approval. Thanks a lot

[Niduroki]

@DeepDiver1975 test and merge pls. kthxbye.

This screws my testing instance big time, having an untracked change in my base.php is a pain when git pulling

[DeepDiver1975]

Tested:

• Shibboleth
• ocs api
• web dav

[DeepDiver1975]

👍

[ColinFinck]

Same problem occurs on 6.0.4 with basic auth enabled and can be fixed by applying this patch.
So please backport to stable6 branch and release a new minor version.