search

felixrupp / user_cas

This app provides CAS authentication support for ownCloud and Nextcloud, using the phpCAS library of jasig/apereo.
Other
21 stars 24 forks source link

Public share is not totaly functional #35

Closed afornerot closed 5 years ago

afornerot commented 6 years ago

Describe the bug Public share is not totaly functional

To Reproduce Steps to reproduce the behavior:

  1. Public share a text file and copy the url
  2. Public share a directory and copy the url
  3. Public share a pdf and copy the url
  4. Public share a jpg and copy the url
  5. Public share a mp4 and copy the url
  6. With password or not
  7. With permission to edit or not
  8. Disconnect
  9. Use the different url copy previously

Expected behavior Acces with total look of nextcloud of the features "Public Share" by bypassed the CAS Authentification

Screenshots My shared folder by admin https://imgur.com/84twYnH

When i use the public url https://imgur.com/bFUKcAH

To Resolve I'm added some more url to bypass in app.php

Replace if (!strpos($script, "ocs") && !strpos($requestUri, "oc.js") && !in_array(basename($script), array('public.php', 'remote.php'))) {

by

    if (!strpos($script, "ocs") 
        && !strpos($requestUri, "oc.js")
        && !strpos($requestUri, ".css")
        && !strpos($requestUri, "/js/")
        && !strpos($requestUri, "/theming/")
        && !strpos($requestUri, "/svg/")
        && !strpos($requestUri, "/publicpreview/")
        && !strpos($requestUri, "/files_pdfviewer/")
        && !strpos($requestUri, "/ajax/getstoragestats.php")

        && !in_array(basename($script), array('public.php', 'remote.php'))) {

Software (please complete the following information):

landryb commented 6 years ago

Disabling 'cas_force_login' works around this issue but that's awkward...

afornerot commented 6 years ago

I'm need to force the cas login. For me it's not a works around

felixrupp commented 5 years ago

Forcing a CAS auth and sharing files publicly is conflicting because of the logic behind a "force" option. Currently there is no fix for that.

felixrupp commented 5 years ago

@afornerot @landryb

In the current 1.6.0 release (https://github.com/felixrupp/user_cas/releases/tag/1.6.0) the activation of the app is completely rewritten and will hopefully not break other apps/functions anymore.

Please test that and report back if you still have issues!