Permalink
Browse files

Contents auth_hash fix

  • Loading branch information...
1 parent 414f79c commit ceecf1f572364af1093bf14acf2899d03c0eb0fc @ghecquet ghecquet committed Sep 22, 2016
@@ -23,6 +23,7 @@
use JWT;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
+use Pydio\Core\Model\ContextInterface;
use Pydio\Core\Services\ApiKeysService;
use Pydio\Core\Services\AuthService;
use Pydio\Auth\Frontend\Core\AbstractAuthFrontend;
@@ -68,7 +69,16 @@ function retrieveParams(ServerRequestInterface &$request, ResponseInterface &$re
$httpVars["auth_token"] = $payload->token;
$httpVars["auth_hash"] = $payload->hash;
- $request = $request->withParsedBody($httpVars);
+ // NOT GREAT - WE REMOVE /contents from the uri to ensure that the auth_hash works fine
+ $uri = $request->getUri();
+ $path = str_replace("/contents", "", $uri->getPath());
+ $uri = $uri->withPath($path);
+
+ $_SERVER["REQUEST_URI"] = $uri->getPath() . '?' . $uri->getQuery();
+
+ $request = $request
+ ->withUri($uri)
+ ->withParsedBody($httpVars);
}
/**
@@ -80,11 +90,14 @@ function retrieveParams(ServerRequestInterface &$request, ResponseInterface &$re
function tryToLogUser(ServerRequestInterface &$request, ResponseInterface &$response, $isLast = false) {
// This plugin is depending on other authfront having found the current user
- $currentUser = AuthService::getLoggedUser();
- if (!isset($currentUser)) {
+ /** @var ContextInterface $context */
+ $context = $request->getAttribute("ctx");
+ if (!$context->hasUser()) {
return false;
}
+ $currentUser = $context->getUser();
+
$httpVars = $request->getParsedBody();
$jwt = $this->detectVar($httpVars, "access_token");
if (empty($jwt)) {
@@ -61,7 +61,7 @@ public static function handleRequest(ServerRequestInterface $requestInterface, R
$jwtFrontend = new AuthFrontend("jwt-auth-frontend", "");
$jwtFrontend->retrieveParams($requestInterface, $responseInterface);
-
+
$response = FrontendsLoader::frontendsAsAuthMiddlewares($requestInterface, $responseInterface);
if($response != null) {
return $response;

0 comments on commit ceecf1f

Please sign in to comment.