Merge #252 [backport25] No session on DAV API call

tsdicloud · tsdicloud · commit 82c977d0d88a · 2023-08-20T14:40:15.000Z
diff --git a/apps/files/lib/Controller/ViewController.php b/apps/files/lib/Controller/ViewController.php
@@ -158,6 +158,7 @@ protected function getStorageInfo() {
 	/**
 	 * @NoCSRFRequired
 	 * @NoAdminRequired
+     * @UseSession
 	 *
 	 * @param string $fileid
 	 * @return TemplateResponse|RedirectResponse
diff --git a/lib/base.php b/lib/base.php
@@ -66,6 +66,7 @@
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\Group\Events\UserRemovedEvent;
 use OCP\ILogger;
+use OCP\IRequest;
 use OCP\Server;
 use OCP\Share;
 use OC\Encryption\HookManager;
@@ -414,8 +415,22 @@ private static function printUpgradePage(\OC\SystemConfig $systemConfig) {
 		$tmpl->printPage();
 	}
 
-	public static function initSession() {
-		if (self::$server->getRequest()->getServerProtocol() === 'https') {
+	public static function initSession(): void {
+		$request = Server::get(IRequest::class);
+
+		// TODO: Temporary disabled again to solve issues with CalDAV/CardDAV clients like DAVx5 that use cookies
+		// TODO: See https://github.com/nextcloud/server/issues/37277#issuecomment-1476366147 and the other comments
+		// TODO: for further information.
+        // MagentaCLOUD stays with original version of the solution from production
+		$isDavRequest = strpos($request->getRequestUri(), '/remote.php/dav') === 0 || 
+                           strpos($request->getRequestUri(), '/remote.php/webdav') === 0;
+		if ($request->getHeader('Authorization') !== '' && $isDavRequest && !isset($_COOKIE['nc_session_id'])) {
+		   // Do not initialize the session if a request is authenticated directly
+		   // unless there is a session cookie already sent along
+		   return;
+		}
+
+		if ($request->getServerProtocol() === 'https') {
 			ini_set('session.cookie_secure', 'true');
 		}
 
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -42,6 +42,7 @@
 use OCP\IConfig;
 use OCP\ISession;
 use OCP\IUser;
+use OCP\Session\Exceptions\SessionNotAvailableException;
 use Psr\Log\LoggerInterface;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\EventDispatcher\GenericEvent;
@@ -362,7 +363,7 @@ public function needsSecondFactor(IUser $user = null): bool {
 					$this->session->set(self::SESSION_UID_DONE, $user->getUID());
 					return false;
 				}
-			} catch (InvalidTokenException $e) {
+			} catch (InvalidTokenException|SessionNotAvailableException $e) {
 			}
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -158,6 +158,7 @@ protected function getStorageInfo() {`
`158`	`158`	`/**`
`159`	`159`	`* @NoCSRFRequired`
`160`	`160`	`* @NoAdminRequired`
	`161`	`+ * @UseSession`
`161`	`162`	`*`
`162`	`163`	`* @param string $fileid`
`163`	`164`	`* @return TemplateResponse\|RedirectResponse`
Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,7 @@`
`42`	`42`	`use OCP\IConfig;`
`43`	`43`	`use OCP\ISession;`
`44`	`44`	`use OCP\IUser;`
	`45`	`+use OCP\Session\Exceptions\SessionNotAvailableException;`
`45`	`46`	`use Psr\Log\LoggerInterface;`
`46`	`47`	`use Symfony\Component\EventDispatcher\EventDispatcherInterface;`
`47`	`48`	`use Symfony\Component\EventDispatcher\GenericEvent;`
`@@ -362,7 +363,7 @@ public function needsSecondFactor(IUser $user = null): bool {`
`362`	`363`	`$this->session->set(self::SESSION_UID_DONE, $user->getUID());`
`363`	`364`	`return false;`
`364`	`365`	`}`
`365`		`- } catch (InvalidTokenException $e) {`
	`366`	`+ } catch (InvalidTokenException\|SessionNotAvailableException $e) {`
`366`	`367`	`}`
`367`	`368`	`}`
`368`	`369`