From 412c8f80eab19c068247839a7735b175690f6830 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Wed, 4 Jan 2017 10:16:51 +1100 Subject: [PATCH] * CalDAV/CardDAV: send unchange REALM for "bad login or password" to allow storing credentials --- api/src/Header/Authenticate.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/api/src/Header/Authenticate.php b/api/src/Header/Authenticate.php index f2fe4c39ae..4ff35484df 100644 --- a/api/src/Header/Authenticate.php +++ b/api/src/Header/Authenticate.php @@ -109,8 +109,12 @@ class Authenticate if (!isset($username) || !($sessionid = $GLOBALS['egw']->session->create($username, $password, 'text', true))) { // if the session class gives a reason why the login failed --> append it to the REALM - if ($GLOBALS['egw']->session->reason) $realm .= ': '.$GLOBALS['egw']->session->reason; - + if ($GLOBALS['egw']->session->reason && + // not for bad-login-or-password as it stalls storing the credentials! + $GLOBALS['egw']->session->cd_reason != Api\Session::CD_BAD_LOGIN_OR_PASSWORD) + { + $realm .= ': '.$GLOBALS['egw']->session->reason; + } header('WWW-Authenticate: Basic realm="'.$realm.'"');// draft-reschke-basicauth-enc-06 adds, accept-charset="'.translation::charset().'"'); self::digest_header($realm); header('HTTP/1.1 401 Unauthorized');