Merge pull request #30597 from owncloud/master-d7ba3f5b7f8878189a3717…

…236a4aa515a80cd279

Fixing logout for app password scenario

lib/private/User/BasicAuthModule.php

@@ -25,16 +25,20 @@
 
 use OCP\Authentication\IAuthModule;
 use OCP\IRequest;
+use OCP\ISession;
 use OCP\IUser;
 use OCP\IUserManager;
 
 class BasicAuthModule implements IAuthModule {
 
 	/** @var IUserManager */
 	private $manager;
+	/** @var ISession */
+	private $session;
 
-	public function __construct(IUserManager $manager) {
+	public function __construct(IUserManager $manager, ISession $session) {
 		$this->manager = $manager;
+		$this->session = $session;
 	}
 
 	/**
@@ -44,6 +48,9 @@ public function auth(IRequest $request) {
 		if (!isset($request->server['PHP_AUTH_USER'], $request->server['PHP_AUTH_PW'])) {
 			return null;
 		}
+		if ($this->session->exists('app_password')) {
+			return null;
+		}
 		$authUser = $request->server['PHP_AUTH_USER'];
 		$authPass = $request->server['PHP_AUTH_PW'];
 		if ($authUser === '' || $authPass === '') {

lib/private/User/Session.php

@@ -1041,7 +1041,7 @@ protected function getAuthModules($includeBuiltIn) {
 		}
 
 		if ($includeBuiltIn) {
-			yield new BasicAuthModule($this->manager);
+			yield new BasicAuthModule($this->manager, $this->session);
 		}
 	}
 }

tests/lib/User/BasicAuthModuleTest.php

@@ -25,6 +25,7 @@
 
 use OC\User\BasicAuthModule;
 use OCP\IRequest;
+use OCP\ISession;
 use OCP\IUser;
 use OCP\IUserManager;
 use Test\TestCase;
@@ -37,11 +38,14 @@ class BasicAuthModuleTest extends TestCase {
 	private $request;
 	/** @var IUser | \PHPUnit_Framework_MockObject_MockObject */
 	private $user;
+	/** @var ISession | \PHPUnit_Framework_MockObject_MockObject */
+	private $session;
 
 	public function setUp() {
 		parent::setUp();
 		$this->manager = $this->createMock(IUserManager::class);
 		$this->request = $this->createMock(IRequest::class);
+		$this->session = $this->createMock(ISession::class);
 
 		$this->user = $this->createMock(IUser::class);
 		$this->user->expects($this->any())->method('getUID')->willReturn('user1');
@@ -61,6 +65,7 @@ public function setUp() {
 				['[email protected]', [$this->user]],
 				['user2', []]
 			]);
+
 	}
 
 	/**
@@ -69,7 +74,13 @@ public function setUp() {
 	 * @param string $userId
 	 */
 	public function testAuth($expectedResult, $userId) {
-		$module = new BasicAuthModule($this->manager);
+
+		$this->session
+			->method('exists')
+			->with('app_password')
+			->willReturn(false);
+
+		$module = new BasicAuthModule($this->manager, $this->session);
 		$this->request->server = [
 			'PHP_AUTH_USER' => $userId,
 			'PHP_AUTH_PW' => '123456',
@@ -81,8 +92,28 @@ public function testAuth($expectedResult, $userId) {
 		$this->assertEquals($expectedResult ? $this->user : null, $module->auth($this->request));
 	}
 
+	public function testAppPassword() {
+
+		$this->session
+			->expects($this->once())
+			->method('exists')
+			->with('app_password')
+			->willReturn(true);
+
+		$this->manager
+			->expects($this->never())
+			->method('checkPassword');
+
+		$module = new BasicAuthModule($this->manager, $this->session);
+		$this->request->server = [
+			'PHP_AUTH_USER' => 'user',
+			'PHP_AUTH_PW' => 'app-pass-word',
+		];
+		$this->assertEquals(null, $module->auth($this->request));
+	}
+
 	public function testGetUserPassword() {
-		$module = new BasicAuthModule($this->manager);
+		$module = new BasicAuthModule($this->manager, $this->session);
 		$this->request->server = [
 			'PHP_AUTH_USER' => 'user1',
 			'PHP_AUTH_PW' => '123456',