Skip to content

fix(dav): adjust password session check on legacy dav auth#59374

Open
skjnldsv wants to merge 1 commit intomasterfrom
fix/legacy-dav-session-check
Open

fix(dav): adjust password session check on legacy dav auth#59374
skjnldsv wants to merge 1 commit intomasterfrom
fix/legacy-dav-session-check

Conversation

@skjnldsv
Copy link
Copy Markdown
Member

@skjnldsv skjnldsv commented Apr 1, 2026
edited
Loading

Follow-up #55955

Summary

We adjusted the session to store multiple granted public shares, so you could open a few tabs and not get logge dout the previous ones.
But I did not migrate the legacy auth middleware. It seems it's still used in older versions, maybe we plan the removal of the old dav v1 entrypoint

Checklist

AI (if applicable)

  • The content of this PR was partly or fully generated using AI

@skjnldsv skjnldsv added this to the Nextcloud 34 milestone Apr 1, 2026
@skjnldsv skjnldsv self-assigned this Apr 1, 2026
@skjnldsv skjnldsv requested a review from a team as a code owner April 1, 2026 12:05
@skjnldsv skjnldsv requested review from icewind1991, leftybournes, provokateurin and salmart-dev and removed request for a team April 1, 2026 12:05
@skjnldsv
Copy link
Copy Markdown
Member Author

skjnldsv commented Apr 1, 2026

/backport to stable32 please

@skjnldsv
Copy link
Copy Markdown
Member Author

skjnldsv commented Apr 1, 2026

/backport to stable33 please

@skjnldsv
Copy link
Copy Markdown
Member Author

skjnldsv commented Apr 1, 2026

/backport to stable31 please

@skjnldsv skjnldsv requested review from CarlSchwan and artonge April 1, 2026 12:08
@skjnldsv skjnldsv force-pushed the fix/legacy-dav-session-check branch from 62ded5b to ca7e275 Compare April 1, 2026 12:10
@skjnldsv
fix(dav): adjust password session check on legacy dav auth
fdfa8eb 
Follow-up #55955

Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
@skjnldsv skjnldsv force-pushed the fix/legacy-dav-session-check branch from ca7e275 to fdfa8eb Compare April 1, 2026 12:22
CarlSchwan
CarlSchwan reviewed Apr 1, 2026
View reviewed changes
apps/dav/lib/Connector/LegacyPublicAuth.php
Comment on lines +122 to +126
if (!is_array($allowedShareIds)) {
return false;
}

return in_array($share->getId(), $allowedShareIds);
Copy link
Copy Markdown
Member

@CarlSchwan CarlSchwan Apr 1, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (!is_array($allowedShareIds)) {
return false;
}
return in_array($share->getId(), $allowedShareIds);
if (!is_array($allowedShareIds)) {
return false;
}
return in_array($share->getId(), $allowedShareIds, true);

Strict mode :)

@szaimen
Copy link
Copy Markdown
Contributor

szaimen commented Apr 2, 2026

/backport! to stable31

@backportbot backportbot bot mentioned this pull request Apr 2, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CarlSchwan CarlSchwan CarlSchwan left review comments

@icewind1991 icewind1991 Awaiting requested review from icewind1991 icewind1991 is a code owner automatically assigned from nextcloud/server-backend

@salmart-dev salmart-dev Awaiting requested review from salmart-dev salmart-dev is a code owner automatically assigned from nextcloud/server-backend

@leftybournes leftybournes Awaiting requested review from leftybournes leftybournes is a code owner automatically assigned from nextcloud/server-backend

@provokateurin provokateurin Awaiting requested review from provokateurin provokateurin is a code owner automatically assigned from nextcloud/server-backend

@artonge artonge Awaiting requested review from artonge

At least 2 approving reviews are required to merge this pull request.

Assignees

@skjnldsv skjnldsv

Labels

3. to review Waiting for reviews bug feature: dav feature: sharing

Projects

None yet

Milestone

Nextcloud 34

Development

Successfully merging this pull request may close these issues.

3 participants

@skjnldsv @szaimen @CarlSchwan