-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes login / logout when HTTP Basic Headers are avilable. #7852
Conversation
@Kondou-ger - Can you test if this works in your environment described here? da19109#commitcomment-5770399. I believe it should without needing the extra configurable 'basic_auth'. |
🚀 Test Passed. 🚀 |
🚀 Test Passed. 🚀 |
Logout still seems very spotty when you have an _incorrect_ HTTP Basic Auth header. All other cases seem to work as expected. EDIT |
🚀 Test Passed. 🚀 |
OK, all fixed. Every combination should now work =]
|
🚀 Test Passed. 🚀 |
@bantu @LukasReschke can you help reviewing this ? |
🚀 Test Passed. 🚀 |
My setup changed, but I'll try and test it. |
What is the expected behaviour when cookies are disabled ? |
OC is usable without cookies disabled in a browser? I don't see how that would work because it never asks for basic login. I don't think this should affect clients without cookies but we should test it. all this commit does is..
|
// Ignore HTTP Authentication for 5 more mintues. | ||
setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); | ||
} elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) { | ||
// Ignore HTTP Aunthentication to allow a different user to log in. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's a typo here.
Tested it with my setup and works fine. 👍 |
🚀 Test Passed. 🚀 |
@Kondou-ger done. |
The inspection completed: 3 new issues, 2 updated code elements |
🚀 Test Passed. 🚀 |
I will perform some tests regarding shibboleth, ocs api and clients. Please don't merge until my explicit approval. Thanks a lot |
@DeepDiver1975 test and merge pls. kthxbye. This screws my testing instance big time, having an untracked change in my base.php is a pain when |
Tested:
|
👍 |
Fixes login / logout when HTTP Basic Headers are avilable.
Same problem occurs on 6.0.4 with basic auth enabled and can be fixed by applying this patch. |
This patch..
Fixes #6922 #4556
In my opinion this is much cleaner and HTTP compliant than using http://whatever@domain.com as it has been depreciated in Chrome and IE.