Tickets :: Comment on [#6746] ical webdav and realms

* Your Email Address
* Spam protection	Enter the letters below: \ /. ..__ .__ .__. >< \ /\| \[ __\| \| / \ \/ \|__/[_./\|__\
Comment	> I think I found the problem. But it is complicated for me to explain, > I'll try anyway and hope that someone can follow my potentially > confusing words, sorry for that: > > > > When RPC webdav does "check_auth", first a Horde Auth instance of > Auth_application is created and the Auth::authenticate method stores > the credentials with the plain $userId (no realm) then the imp api > method "authenticate" is called by (Auth_application) > "_authenticate". The imp api method "authenticate" calls > createSession from imp/lib/Session.php where the realm gets added to > the userId. $_SESSION['imp']['user'] and > $_SESSION['imp']['uniquser'] are stored. > > Now a second Auth instance of type Auth_imp is created and > Auth_imp::authenticate is called which then calls the > parent::authenticate (Auth::authenticate) again which now stores the > credentials with the realmed $userId. The Auth_imp::_authenticate > method then authenticates the user at the imap server and the > Auth::setAuth sets the realmed userId after that the Auth_imp is done. > > Now the first Auth instance goes on with the authenticate method and > sets the plain userId via Auth::setAuth which over writes the realmed > userId that was set by the Auth_imp instance. > > > > To avoid this behavior I was thinking of changing webdav.php and call > ind the authenticate method with the "login = false" parameter: > > > > $auth->authenticate($username, array('password' => $password), false); > > > > when using imp as authentication driver (the Auth_imp instance set it > to true anyway by itself). > > By doing this the Auth::setAuth from the initial Auth instance is not > called and therefore it is not overwriting the credentials which > where set by the Auth_imp instance. > > > > Any comments on that? > > > > Didi
Attachment
Watch this ticket

Saved Queries