Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix Protect DAV when $dolibarr_main_authentication is forceuser

Browse Source 
Compatibility with twoauth
This commit is contained in:
Laurent Destailleur
2019-08-20 13:46:15 +02:00
parent 54234e011f
commit 65d11704bb
3 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
htdocs/dav/fileserver.php
View File

@@ -69,7 +69,7 @@ $tmpDir = $conf->dav->multidir_output[$entity]; // We need root dir, not a d
$authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function ($username, $password) {
global $user;
global $conf;
global $dolibarr_main_authentication;
global $dolibarr_main_authentication, $dolibarr_auto_user;
if (empty($user->login))
{
@@ -91,6 +91,17 @@ $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function ($username, $p
if (empty($dolibarr_main_authentication)) $dolibarr_main_authentication='dolibarr';
$dolibarr_main_authentication = preg_replace('/twoauth/', 'dolibarr', $dolibarr_main_authentication);
// Authentication mode: forceuser
if ($dolibarr_main_authentication == 'forceuser')
{
if (empty($dolibarr_auto_user)) $dolibarr_auto_user='auto';
if ($dolibarr_auto_user != $username)
{
dol_syslog("Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user."' that is not the requested login. DAV usage is forbidden in this mode.");
return false;
}
}
$authmode = explode(',', $dolibarr_main_authentication);
$entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : (!empty($conf->entity) ? $conf->entity : 1));