diff --git a/lib/private/User/BasicAuthModule.php b/lib/private/User/BasicAuthModule.php index 3df234a0ac11..dc434a4e992f 100644 --- a/lib/private/User/BasicAuthModule.php +++ b/lib/private/User/BasicAuthModule.php @@ -25,6 +25,7 @@ use OCP\Authentication\IAuthModule; use OCP\IRequest; +use OCP\ISession; use OCP\IUser; use OCP\IUserManager; @@ -32,9 +33,12 @@ class BasicAuthModule implements IAuthModule { /** @var IUserManager */ private $manager; + /** @var ISession */ + private $session; - public function __construct(IUserManager $manager) { + public function __construct(IUserManager $manager, ISession $session) { $this->manager = $manager; + $this->session = $session; } /** @@ -44,6 +48,9 @@ public function auth(IRequest $request) { if (!isset($request->server['PHP_AUTH_USER'], $request->server['PHP_AUTH_PW'])) { return null; } + if ($this->session->exists('app_password')) { + return null; + } $authUser = $request->server['PHP_AUTH_USER']; $authPass = $request->server['PHP_AUTH_PW']; if ($authUser === '' || $authPass === '') { diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 87904f1c3298..f46c73cdad2c 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -1041,7 +1041,7 @@ protected function getAuthModules($includeBuiltIn) { } if ($includeBuiltIn) { - yield new BasicAuthModule($this->manager); + yield new BasicAuthModule($this->manager, $this->session); } } } diff --git a/tests/lib/User/BasicAuthModuleTest.php b/tests/lib/User/BasicAuthModuleTest.php index 083a97cfb9c0..dba1d94d1139 100644 --- a/tests/lib/User/BasicAuthModuleTest.php +++ b/tests/lib/User/BasicAuthModuleTest.php @@ -25,6 +25,7 @@ use OC\User\BasicAuthModule; use OCP\IRequest; +use OCP\ISession; use OCP\IUser; use OCP\IUserManager; use Test\TestCase; @@ -37,11 +38,14 @@ class BasicAuthModuleTest extends TestCase { private $request; /** @var IUser | \PHPUnit_Framework_MockObject_MockObject */ private $user; + /** @var ISession | \PHPUnit_Framework_MockObject_MockObject */ + private $session; public function setUp() { parent::setUp(); $this->manager = $this->createMock(IUserManager::class); $this->request = $this->createMock(IRequest::class); + $this->session = $this->createMock(ISession::class); $this->user = $this->createMock(IUser::class); $this->user->expects($this->any())->method('getUID')->willReturn('user1'); @@ -61,6 +65,7 @@ public function setUp() { ['unique@example.com', [$this->user]], ['user2', []] ]); + } /** @@ -69,7 +74,13 @@ public function setUp() { * @param string $userId */ public function testAuth($expectedResult, $userId) { - $module = new BasicAuthModule($this->manager); + + $this->session + ->method('exists') + ->with('app_password') + ->willReturn(false); + + $module = new BasicAuthModule($this->manager, $this->session); $this->request->server = [ 'PHP_AUTH_USER' => $userId, 'PHP_AUTH_PW' => '123456', @@ -81,8 +92,28 @@ public function testAuth($expectedResult, $userId) { $this->assertEquals($expectedResult ? $this->user : null, $module->auth($this->request)); } + public function testAppPassword() { + + $this->session + ->expects($this->once()) + ->method('exists') + ->with('app_password') + ->willReturn(true); + + $this->manager + ->expects($this->never()) + ->method('checkPassword'); + + $module = new BasicAuthModule($this->manager, $this->session); + $this->request->server = [ + 'PHP_AUTH_USER' => 'user', + 'PHP_AUTH_PW' => 'app-pass-word', + ]; + $this->assertEquals(null, $module->auth($this->request)); + } + public function testGetUserPassword() { - $module = new BasicAuthModule($this->manager); + $module = new BasicAuthModule($this->manager, $this->session); $this->request->server = [ 'PHP_AUTH_USER' => 'user1', 'PHP_AUTH_PW' => '123456',