From af2a4c2c97d76c99120255a0261ea0f2b3c32a36 Mon Sep 17 00:00:00 2001
From: jkoberg <jkoberg@owncloud.com>
Date: Wed, 26 Jul 2023 15:02:38 +0200
Subject: [PATCH] check public link authorization first

Signed-off-by: jkoberg <jkoberg@owncloud.com>
---
 changelog/unreleased/check-public-auth-first.md | 5 +++++
 services/proxy/pkg/command/server.go            | 8 ++++----
 2 files changed, 9 insertions(+), 4 deletions(-)
 create mode 100644 changelog/unreleased/check-public-auth-first.md

diff --git a/changelog/unreleased/check-public-auth-first.md b/changelog/unreleased/check-public-auth-first.md
new file mode 100644
index 000000000..139af0b2f
--- /dev/null
+++ b/changelog/unreleased/check-public-auth-first.md
@@ -0,0 +1,5 @@
+Bugfix: Check public auth first
+
+When authenticating in proxy, first check for public link authorization.
+
+https://github.com/owncloud/ocis/pull/6900
diff --git a/services/proxy/pkg/command/server.go b/services/proxy/pkg/command/server.go
index c3d95ed66..86c99c960 100644
--- a/services/proxy/pkg/command/server.go
+++ b/services/proxy/pkg/command/server.go
@@ -349,6 +349,10 @@ func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config,
 		})
 	}
 
+	authenticators = append(authenticators, middleware.PublicShareAuthenticator{
+		Logger:              logger,
+		RevaGatewaySelector: gatewaySelector,
+	})
 	authenticators = append(authenticators, middleware.NewOIDCAuthenticator(
 		middleware.Logger(logger),
 		middleware.UserInfoCache(userInfoCache),
@@ -363,10 +367,6 @@ func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config,
 			oidc.WithJWKSOptions(cfg.OIDC.JWKS),
 		)),
 	))
-	authenticators = append(authenticators, middleware.PublicShareAuthenticator{
-		Logger:              logger,
-		RevaGatewaySelector: gatewaySelector,
-	})
 	authenticators = append(authenticators, middleware.SignedURLAuthenticator{
 		Logger:             logger,
 		PreSignedURLConfig: cfg.PreSignedURL,