Fixes login / logout when HTTP Basic Headers are avilable.

config/config.sample.php

@@ -181,9 +181,6 @@
 /* Whether ownCloud should log the last successfull cron exec */
 "cron_log" => true,
 
-/* Whether http-basic username must equal username to login */
-"basic_auth" => true,
-
 /*
  * Configure the size in bytes log rotation should happen, 0 or false disables the rotation.
  * This rotates the current owncloud logfile to a new name, this way the total log usage

lib/base.php

@@ -538,17 +538,6 @@ public static function init() {
 		OC_User::useBackend(new OC_User_Database());
 		OC_Group::useBackend(new OC_Group_Database());
 
-		$basic_auth = OC_Config::getValue('basic_auth', true);
-		if ($basic_auth && isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('loginname')
-			&& $_SERVER['PHP_AUTH_USER'] !== self::$session->get('loginname')) {
-			$sessionUser = self::$session->get('loginname');
-			$serverUser = $_SERVER['PHP_AUTH_USER'];
-			OC_Log::write('core',
-				"Session loginname ($sessionUser) doesn't match SERVER[PHP_AUTH_USER] ($serverUser).",
-				OC_Log::WARN);
-			OC_User::logout();
-		}
-
 		// Load minimum set of apps - which is filesystem, authentication and logging
 		if (!self::checkUpgrade(false)) {
 			OC_App::loadApps(array('authentication'));
@@ -697,8 +686,10 @@ public static function handleRequest() {
 			self::checkUpgrade();
 		}
 
-		// Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
-		OC::tryBasicAuthLogin();
+		if (!OC_User::isLoggedIn()) {
+			// Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
+			OC::tryBasicAuthLogin();
+		}
 
 		if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) {
 			try {
@@ -749,6 +740,15 @@ public static function handleRequest() {
 				if (isset($_COOKIE['oc_token'])) {
 					OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
 				}
+				if (isset($_SERVER['PHP_AUTH_USER'])) {
+					if (isset($_COOKIE['oc_ignore_php_auth_user'])) {
+						// Ignore HTTP Authentication for 5 more mintues.
+						setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
+					} elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) {
+						// Ignore HTTP Authentication to allow a different user to log in.
+						setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
+					}
+				}
 				OC_User::logout();
 				// redirect to webroot and add slash if webroot is empty
 				header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
@@ -914,6 +914,7 @@ protected static function tryFormLogin() {
 	protected static function tryBasicAuthLogin() {
 		if (!isset($_SERVER["PHP_AUTH_USER"])
 			|| !isset($_SERVER["PHP_AUTH_PW"])
+			|| (isset($_COOKIE['oc_ignore_php_auth_user']) && $_COOKIE['oc_ignore_php_auth_user'] === $_SERVER['PHP_AUTH_USER'])
 		) {
 			return false;
 		}