From 54c78adcb306d48da68777abef3040a0e220f504 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= Date: Wed, 4 Nov 2020 15:06:02 +0100 Subject: [PATCH] pass on basic auth for public links MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jörn Friedrich Dreyer --- proxy/pkg/middleware/account_uuid.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/proxy/pkg/middleware/account_uuid.go b/proxy/pkg/middleware/account_uuid.go index 7d3611fd22..5f955e097e 100644 --- a/proxy/pkg/middleware/account_uuid.go +++ b/proxy/pkg/middleware/account_uuid.go @@ -72,6 +72,8 @@ func createAccount(l log.Logger, claims *oidc.StandardClaims, ac acc.AccountsSer func AccountUUID(opts ...Option) func(next http.Handler) http.Handler { opt := newOptions(opts...) + publicFilesEndpoint := "/remote.php/dav/public-files/" + return func(next http.Handler) http.Handler { // TODO: handle error tokenManager, err := jwt.New(map[string]interface{}{ @@ -90,6 +92,12 @@ func AccountUUID(opts ...Option) func(next http.Handler) http.Handler { switch { case claims == nil: login, password, ok := r.BasicAuth() + // check if we are dealing with a public link + if ok && login == "public" && strings.HasPrefix(r.URL.Path, publicFilesEndpoint) { + // forward to reva frontend + next.ServeHTTP(w, r) + return + } if opt.EnableBasicAuth && ok { l.Warn().Msg("basic auth enabled, use only for testing or development") account, status = getAccount(l, opt.AccountsClient, fmt.Sprintf("login eq '%s' and password eq '%s'", strings.ReplaceAll(login, "'", "''"), strings.ReplaceAll(password, "'", "''")))