Prevent sending second WWW-Authenticate header

Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard.

Fixes #5088

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

apps/dav/lib/Connector/Sabre/BearerAuth.php

@@ -25,6 +25,8 @@
 use OCP\ISession;
 use OCP\IUserSession;
 use Sabre\DAV\Auth\Backend\AbstractBearer;
+use Sabre\HTTP\RequestInterface;
+use Sabre\HTTP\ResponseInterface;
 
 class BearerAuth extends AbstractBearer {
 	/** @var IUserSession */
@@ -77,4 +79,16 @@ public function validateBearerToken($bearerToken) {
 
 		return false;
 	}
+
+	/**
+	 * \Sabre\DAV\Auth\Backend\AbstractBearer::challenge sets an WWW-Authenticate
+	 * header which some DAV clients can't handle. Thus we override this function
+	 * and make it simply return a 401.
+	 *
+	 * @param RequestInterface $request
+	 * @param ResponseInterface $response
+	 */
+	public function challenge(RequestInterface $request, ResponseInterface $response) {
+		$response->setStatus(401);
+	}
 }

build/integration/features/webdav-related.feature

@@ -8,15 +8,15 @@ Feature: webdav-related
 		Then the HTTP status code should be "401"
 		And there are no duplicate headers
 		And The following headers should be set
-			|WWW-Authenticate|Basic realm="Nextcloud", Bearer realm="Nextcloud"|
+			|WWW-Authenticate|Basic realm="Nextcloud"|
 
 	Scenario: Unauthenticated call new dav path
 		Given using new dav path
 		When connecting to dav endpoint
 		Then the HTTP status code should be "401"
 		And there are no duplicate headers
 		And The following headers should be set
-			|WWW-Authenticate|Bearer realm="Nextcloud", Basic realm="Nextcloud"|
+			|WWW-Authenticate|Basic realm="Nextcloud"|
 
 	Scenario: Moving a file
 		Given using old dav path