Skip to content

Commit

Permalink
Merge pull request #28879 from owncloud/missing_non_browser_authtoken
Browse files Browse the repository at this point in the history 
[stable10] Missing oc_authtoken (session) for native clients
  • Loading branch information
Vincent Petry authored Nov 10, 2017
2 parents 605d614 + de3597a commit dc57c65
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 1 deletion.
22 changes: 21 additions & 1 deletion lib/private/legacy/app.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,9 +133,29 @@ public static function loadApps($types = null) {
// once all authentication apps are loaded we can validate the session
if (is_null($types) || in_array('authentication', $types)) {
if (\OC::$server->getUserSession()) {
$request = \OC::$server->getRequest();
$session = \OC::$server->getUserSession();
$davUser = \OC::$server->getUserSession()->getSession()->get(\OCA\DAV\Connector\Sabre\Auth::DAV_AUTHENTICATED);
if (is_null($davUser)) {
\OC::$server->getUserSession()->validateSession();
$session->validateSession();
} else {
/** @var \OC\Authentication\Token\DefaultTokenProvider $tokenProvider */
$tokenProvider = \OC::$server->query('\OC\Authentication\Token\DefaultTokenProvider');
$token = null;
try {
$token = $tokenProvider->getToken($session->getSession()->getId());
} catch (\Exception $ex) {
$password = null;
if (isset($_SERVER['PHP_AUTH_PW'])) {
$password = $_SERVER['PHP_AUTH_PW'];
}

$session->createSessionToken($request, $session->getUser()->getUID(), $session->getLoginName(), $password);
}

if ($token) {
$tokenProvider->updateToken($token);
}
}
}
}
Expand Down
8 changes: 8 additions & 0 deletions settings/Controller/AuthSettingsController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,15 @@ private function generateRandomDeviceToken() {
* @return JSONResponse
*/
public function destroy($id) {

$user = $this->userManager->get($this->uid);
$currentToken = $this->tokenProvider->getToken($this->session->getId());

if ($currentToken && ($currentToken->getId() === intval($id))) {
return (new JSONResponse())->setStatus(Http::STATUS_CONFLICT);
}


if (is_null($user)) {
return [];
}
Expand Down

0 comments on commit dc57c65

Please sign in to comment.