Closed landryb closed 3 years ago
landryb
commented
5 years ago http://dark9t.github.io/blog/2014/06/02/why-digest-authentication-fails-in-windows-7-mini-redirector/ might have put me on a possible workaround, ie select "save credentials" might force the web client to send the authorization headers on each request, avoiding the user_cas redirection to /login ?
felixrupp
commented
5 years ago Hi @landryb,
yes, that workaround seems reasonable. The problem is, that unauthorized WebDAV requests look like normal HTTP-requests to the server, and therefore are beeing redirected to the CAS-server, if you have "force authentication" enabled in user_cas.
Regards, Felix
landryb
commented
5 years ago Well yes, force authentication is enabled. I dunno how to properly devise a workaround that would work 100% of the times. Maybe ignore the request in user_cas if the verb is OPTIONS ? Since the webui also does PROPFIND and works as a webdav client, that might disturb regular behaviours..
Matching the UA feels overly gross.. but that's what seems done in https://github.com/nextcloud/server/blob/master/.htaccess#L43 (which only works in apache, trying to translate that to nginx config lead me nowhere for now..)
felixrupp
commented
5 years ago @landryb I’m thinking about building a filter for that. Thanks for the feedback!
landryb
commented
5 years ago @felixrupp i dont see the commit which built a filter for this issue, can you tell me what the fix is ?
felixrupp
commented
5 years ago @landryb You’re absolutely right, has been closed by accident. Reopening …
felixrupp
commented
3 years ago /cib
create-issue-branch[bot]
commented
3 years ago felixrupp
commented
3 years ago Fixed in version 1.9. Please review the function and close the ticket afterwards. Thanks!
landryb
commented
3 years ago i've done the same testing as done in #94 from windows explorer, trying the various options offered by 'connect network shares'. (eg Microsoft-WebDAV-MiniRedir/6.1.7601 user-agent on windows 7).
with user_cas 1.8.6 (and nextcloud 18) connecting to https://nextcloud_server/remote.php/webdav triggers two login prompts (first login fails?) before showing the webdav share as a connected drive.
with user_cas 1.9.0, only one login prompt is necessary for the webdav share to be connected and shown, so it's clearly an improvement.
thanks !
Using user_cas 1.6.1 & nginx to serve nextcloud, webdav works fine in most clients (ie winscp, gvfs/gio on linux, cadaver in a cli..) but with windows explorer (the damn thing most ppl would use..) it fails to login, as (apparently) the client does an
OPTIONS /(even if given the full https://fqdn/remote.php/webdav/ URL) which is then redirected to/login(because of https://github.com/felixrupp/user_cas/blob/master/appinfo/app.php#L38 ?), which is redirected to/apps/user_cas/login, and at that point windows explorer bails out on WebDAV.Is it a known & reproducible issue ?
Is there something that could be done in the
user_cascode to specialcase this, or document what to configure as redirections so that this case is properly working ?