From: Kevin Ottens <kevin.ottens@enioka.com>
Date: Thu, 11 Mar 2021 17:33:21 +0000 (+0100)
Subject: Force basic auth on get authentication required error
X-Git-Tag: archive/raspbian/3.16.7-1_deb13u1+rpi1~1^2~12^2~21^2~320^2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=a6bcd3af4666b7fdb0505743a308b6dc8ad1744e;p=nextcloud-desktop.git

Force basic auth on get authentication required error

If the get job got an authentication required error on the account url
(not davUrl! at that stage we always get auth error there), then it is
safe to assume basic auth is used on the server. It is then kind of
pointless to use any other auth mode they will necessarily fail. Only
basic auth will do the job so force it.

Signed-off-by: Kevin Ottens <kevin.ottens@enioka.com>
---

diff --git a/src/libsync/networkjobs.cpp b/src/libsync/networkjobs.cpp
index f41bbb9aa..ecccff1ba 100644
--- a/src/libsync/networkjobs.cpp
+++ b/src/libsync/networkjobs.cpp
@@ -903,8 +903,8 @@ void DetermineAuthTypeJob::start()
 
     // Start three parallel requests
 
-    // 1. determines whether it's a shib server
-    auto get = _account->sendRequest("GET", _account->davUrl(), req);
+    // 1. determines whether it's a basic auth server
+    auto get = _account->sendRequest("GET", _account->url(), req);
 
     // 2. checks the HTTP auth method.
     auto propfind = _account->sendRequest("PROPFIND", _account->davUrl(), req);
@@ -919,8 +919,12 @@ void DetermineAuthTypeJob::start()
     propfind->setIgnoreCredentialFailure(true);
     oldFlowRequired->setIgnoreCredentialFailure(true);
 
-    connect(get, &SimpleNetworkJob::finishedSignal, this, [this]() {
-        _resultGet = Basic;
+    connect(get, &SimpleNetworkJob::finishedSignal, this, [this, get]() {
+        if (get->reply()->error() == QNetworkReply::AuthenticationRequiredError) {
+            _resultGet = Basic;
+        } else {
+            _resultGet = LoginFlowV2;
+        }
         _getDone = true;
         checkAllDone();
     });
@@ -991,6 +995,12 @@ void DetermineAuthTypeJob::checkAllDone()
         result = WebViewFlow;
     }
 
+    // If we determined that a simple get gave us an authentication required error
+    // then the server enforces basic auth and we got no choice but to use this
+    if (_resultGet == Basic) {
+        result = Basic;
+    }
+
     qCInfo(lcDetermineAuthTypeJob) << "Auth type for" << _account->davUrl() << "is" << result;
     emit authType(result);
     deleteLater();