From ed94da51046e803ae22ea7767d349f81c95732a7 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Wed, 16 Jun 2021 16:59:11 +0200 Subject: [PATCH 1/2] ignore authentication header on status.php --- proxy/pkg/middleware/oidc_auth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy/pkg/middleware/oidc_auth.go b/proxy/pkg/middleware/oidc_auth.go index f05aaef209..1b868223e5 100644 --- a/proxy/pkg/middleware/oidc_auth.go +++ b/proxy/pkg/middleware/oidc_auth.go @@ -155,7 +155,7 @@ func (m oidcAuth) shouldServe(req *http.Request) bool { // todo: looks dirty, check later // TODO: make a PR to coreos/go-oidc for exposing userinfo endpoint on provider, see https://github.com/coreos/go-oidc/issues/248 - for _, ignoringPath := range []string{"/konnect/v1/userinfo"} { + for _, ignoringPath := range []string{"/konnect/v1/userinfo", "/status.php"} { if req.URL.Path == ignoringPath { return false } From 93b60b1770428579f329c11a7a5856100934b847 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Wed, 16 Jun 2021 18:33:05 +0200 Subject: [PATCH 2/2] add changelog --- changelog/unreleased/status_php_authentication.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 changelog/unreleased/status_php_authentication.md diff --git a/changelog/unreleased/status_php_authentication.md b/changelog/unreleased/status_php_authentication.md new file mode 100644 index 0000000000..6919206f5b --- /dev/null +++ b/changelog/unreleased/status_php_authentication.md @@ -0,0 +1,9 @@ +Bugfix: Remove authentication from /status.php completely + +Despite requests without Authentication header being successful, requests with an +invalid bearer token in the Authentication header were rejected in the proxy with +an 401 unauthenticated. Now the Authentication header is completely ignored for the +/status.php route. + +https://github.com/owncloud/ocis/pull/2188 +https://github.com/owncloud/client/issues/8538