holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* CalDAV/CardDAV: send unchange REALM for "bad login or password" to allow storing credentials

Browse Source
This commit is contained in:
Ralf Becker 2017-01-04 10:16:51 +11:00
parent ae200c190a
commit 412c8f80ea
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
api/src/Header/Authenticate.php
View File

@ -109,8 +109,12 @@ class Authenticate
if (!isset($username) || !($sessionid = $GLOBALS['egw']->session->create($username, $password, 'text', true)))
{
// if the session class gives a reason why the login failed --> append it to the REALM
if ($GLOBALS['egw']->session->reason) $realm .= ': '.$GLOBALS['egw']->session->reason;
if ($GLOBALS['egw']->session->reason &&
// not for bad-login-or-password as it stalls storing the credentials!
$GLOBALS['egw']->session->cd_reason != Api\Session::CD_BAD_LOGIN_OR_PASSWORD)
{
$realm .= ': '.$GLOBALS['egw']->session->reason;
}
header('WWW-Authenticate: Basic realm="'.$realm.'"');// draft-reschke-basicauth-enc-06 adds, accept-charset="'.translation::charset().'"');
self::digest_header($realm);
header('HTTP/1.1 401 Unauthorized');