Merge pull request #2995 from nextcloud/repair_basic_auth_support

Repair basic auth support
This commit is contained in:
allexzander 2021-03-15 11:52:21 +02:00 committed by GitHub
commit a92d300b7f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 35 additions and 35 deletions

View file

@ -86,17 +86,6 @@ bool OwncloudSetupWizard::bringWizardToFrontIfVisible()
return false;
}
if (wiz->_ocWizard->currentId() == WizardCommon::Page_ShibbolethCreds) {
// Try to find if there is a browser open and raise that instead (Issue #6105)
const auto allWindow = qApp->topLevelWidgets();
auto it = std::find_if(allWindow.cbegin(), allWindow.cend(), [](QWidget *w)
{ return QLatin1String(w->metaObject()->className()) == QLatin1String("OCC::ShibbolethWebView"); });
if (it != allWindow.cend()) {
ownCloudGui::raiseDialog(*it);
return true;
}
}
ownCloudGui::raiseDialog(wiz->_ocWizard);
return true;
}
@ -413,7 +402,7 @@ void OwncloudSetupWizard::slotAuthError()
// bring wizard to top
_ocWizard->bringToTop();
if (_ocWizard->currentId() == WizardCommon::Page_ShibbolethCreds || _ocWizard->currentId() == WizardCommon::Page_OAuthCreds || _ocWizard->currentId() == WizardCommon::Page_Flow2AuthCreds) {
if (_ocWizard->currentId() == WizardCommon::Page_OAuthCreds || _ocWizard->currentId() == WizardCommon::Page_Flow2AuthCreds) {
_ocWizard->back();
}
_ocWizard->displayError(errorMsg, _ocWizard->currentId() == WizardCommon::Page_ServerSetup && checkDowngradeAdvised(reply));

View file

@ -228,8 +228,6 @@ int OwncloudSetupPage::nextId() const
return WizardCommon::Page_OAuthCreds;
case DetermineAuthTypeJob::LoginFlowV2:
return WizardCommon::Page_Flow2AuthCreds;
case DetermineAuthTypeJob::Shibboleth:
return WizardCommon::Page_ShibbolethCreds;
case DetermineAuthTypeJob::WebViewFlow:
return WizardCommon::Page_WebView;
}

View file

@ -44,7 +44,6 @@ namespace WizardCommon {
Page_Welcome,
Page_ServerSetup,
Page_HttpCreds,
Page_ShibbolethCreds,
Page_OAuthCreds,
Page_Flow2AuthCreds,
Page_WebView,

View file

@ -903,8 +903,8 @@ void DetermineAuthTypeJob::start()
// Start three parallel requests
// 1. determines whether it's a shib server
auto get = _account->sendRequest("GET", _account->davUrl(), req);
// 1. determines whether it's a basic auth server
auto get = _account->sendRequest("GET", _account->url(), req);
// 2. checks the HTTP auth method.
auto propfind = _account->sendRequest("PROPFIND", _account->davUrl(), req);
@ -919,12 +919,12 @@ void DetermineAuthTypeJob::start()
propfind->setIgnoreCredentialFailure(true);
oldFlowRequired->setIgnoreCredentialFailure(true);
connect(get, &AbstractNetworkJob::redirected, this, [this, get](QNetworkReply *, const QUrl &target, int) {
Q_UNUSED(this)
Q_UNUSED(get)
Q_UNUSED(target)
});
connect(get, &SimpleNetworkJob::finishedSignal, this, [this]() {
connect(get, &SimpleNetworkJob::finishedSignal, this, [this, get]() {
if (get->reply()->error() == QNetworkReply::AuthenticationRequiredError) {
_resultGet = Basic;
} else {
_resultGet = LoginFlowV2;
}
_getDone = true;
checkAllDone();
});
@ -932,8 +932,13 @@ void DetermineAuthTypeJob::start()
auto authChallenge = reply->rawHeader("WWW-Authenticate").toLower();
if (authChallenge.contains("bearer ")) {
_resultPropfind = OAuth;
} else if (authChallenge.isEmpty()) {
} else {
if (authChallenge.isEmpty()) {
qCWarning(lcDetermineAuthTypeJob) << "Did not receive WWW-Authenticate reply to auth-test PROPFIND";
} else {
qCWarning(lcDetermineAuthTypeJob) << "Unknown WWW-Authenticate reply to auth-test PROPFIND:" << authChallenge;
}
_resultPropfind = Basic;
}
_propfindDone = true;
checkAllDone();
@ -952,6 +957,8 @@ void DetermineAuthTypeJob::start()
}
}
}
} else {
_resultOldFlow = Basic;
}
_oldFlowDone = true;
checkAllDone();
@ -967,17 +974,18 @@ void DetermineAuthTypeJob::checkAllDone()
return;
}
auto result = _resultPropfind;
// OAuth > Shib > Basic
if (_resultGet == Shibboleth && result != OAuth)
result = Shibboleth;
Q_ASSERT(_resultGet != NoAuthType);
Q_ASSERT(_resultPropfind != NoAuthType);
Q_ASSERT(_resultOldFlow != NoAuthType);
// WebViewFlow > OAuth > Shib > Basic
auto result = _resultPropfind;
// WebViewFlow > OAuth > Basic
if (_account->serverVersionInt() >= Account::makeServerVersion(12, 0, 0)) {
result = WebViewFlow;
}
// LoginFlowV2 > WebViewFlow > OAuth > Shib > Basic
// LoginFlowV2 > WebViewFlow > OAuth > Basic
if (_account->serverVersionInt() >= Account::makeServerVersion(16, 0, 0)) {
result = LoginFlowV2;
}
@ -987,6 +995,12 @@ void DetermineAuthTypeJob::checkAllDone()
result = WebViewFlow;
}
// If we determined that a simple get gave us an authentication required error
// then the server enforces basic auth and we got no choice but to use this
if (_resultGet == Basic) {
result = Basic;
}
qCInfo(lcDetermineAuthTypeJob) << "Auth type for" << _account->davUrl() << "is" << result;
emit authType(result);
deleteLater();

View file

@ -437,9 +437,9 @@ class OWNCLOUDSYNC_EXPORT DetermineAuthTypeJob : public QObject
Q_OBJECT
public:
enum AuthType {
NoAuthType, // used only before we got a chance to probe the server
Basic, // also the catch-all fallback for backwards compatibility reasons
OAuth,
Shibboleth,
WebViewFlow,
LoginFlowV2
};
@ -454,9 +454,9 @@ private:
void checkAllDone();
AccountPtr _account;
AuthType _resultGet = Basic;
AuthType _resultPropfind = Basic;
AuthType _resultOldFlow = Basic;
AuthType _resultGet = NoAuthType;
AuthType _resultPropfind = NoAuthType;
AuthType _resultOldFlow = NoAuthType;
bool _getDone = false;
bool _propfindDone = false;
bool _oldFlowDone = false;