Public dav endpoint doesn't allow GET of files

[skjnldsv]

Because the token is passed as basic auth, you cannot do a simple get without this parameter, which is not what a basic auth is made for anyway.

We should use the cookie for authentication, and let us direct access any file a PROPFIND returns as this is most likely not compliant to any dav endpoint :)

server/apps/dav/lib/Connector/PublicAuth.php

Lines 76 to 93 in 1b46621

	/**
	* Validates a username and password
	*
	* This method should return true or false depending on if login
	* succeeded.
	*
	* @param string $username
	* @param string $password
	*
	* @return bool
	* @throws \Sabre\DAV\Exception\NotAuthenticated
	*/
	protected function validateUserPass($username, $password) {
	try {
	$share = $this->shareManager->getShareByToken($username);
	} catch (ShareNotFound $e) {
	return false;
	}

server/apps/files_sharing/js/public.js

Line 59 in 5e4eda1

userName: token,

[juliusknorr]

The token as username is not only for public share pages but also used by federated sharing this way. Also just storing in a cookie won't work as you could have multiple share links open at the same time, but we probably could store a list of all share tokens there.

cc @rullzer

[skjnldsv]

The token as username is not only for public share pages but also used by federated sharing this way. Also just storing in a cookie won't work as you could have multiple share links open at the same time, but we probably could store a list of all share tokens there.

Argh, this complicates :(
We still should avoid this. What about a special dav endpoint like public.php/dav/TOKEN instead?