open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Only catch anonymous OPTIONS for Office

Browse Source 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
pull/20632/head
Julius Härtl 5 years ago
parent 84a3536159
commit d7161b4eee
No known key found for this signature in database
GPG Key ID: 4C614C6ED2CDE6DF
2 changed files with 22 additions and 4 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php
  2. 22
      apps/dav/tests/unit/DAV/AnonymousOptionsTest.php

4
apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php
Unescape View File

@ -67,9 +67,9 @@ class AnonymousOptionsPlugin extends ServerPlugin {
$emptyAuth = $request->getHeader('Authorization') === null
|| $request->getHeader('Authorization') === ''
|| trim($request->getHeader('Authorization')) === 'Bearer';
$isAnonymousOption = $request->getMethod() === 'OPTIONS' && $emptyAuth;
$isAnonymousOfficeOption = $request->getMethod() === 'OPTIONS' && $isOffice && $emptyAuth;
$isOfficeHead = $request->getMethod() === 'HEAD' && $isOffice && $emptyAuth;
if ($isAnonymousOption || $isOfficeHead) {
if ($isAnonymousOfficeOption || $isOfficeHead) {
/** @var CorePlugin $corePlugin */
$corePlugin = $this->server->getPlugin('core');
// setup a fake tree for anonymous access

22
apps/dav/tests/unit/DAV/AnonymousOptionsTest.php
Unescape View File

@ -53,18 +53,36 @@ class AnonymousOptionsTest extends TestCase {
public function testAnonymousOptionsRoot() {
$response = $this->sendRequest('OPTIONS', '');
$this->assertEquals(200, $response->getStatus());
$this->assertEquals(401, $response->getStatus());
}
public function testAnonymousOptionsNonRoot() {
$response = $this->sendRequest('OPTIONS', 'foo');
$this->assertEquals(200, $response->getStatus());
$this->assertEquals(401, $response->getStatus());
}
public function testAnonymousOptionsNonRootSubDir() {
$response = $this->sendRequest('OPTIONS', 'foo/bar');
$this->assertEquals(401, $response->getStatus());
}
public function testAnonymousOptionsRootOffice() {
$response = $this->sendRequest('OPTIONS', '', 'Microsoft Office does strange things');
$this->assertEquals(200, $response->getStatus());
}
public function testAnonymousOptionsNonRootOffice() {
$response = $this->sendRequest('OPTIONS', 'foo', 'Microsoft Office does strange things');
$this->assertEquals(200, $response->getStatus());
}
public function testAnonymousOptionsNonRootSubDirOffice() {
$response = $this->sendRequest('OPTIONS', 'foo/bar', 'Microsoft Office does strange things');
$this->assertEquals(200, $response->getStatus());
}

Write Preview
Loading…
Cancel
Save