fix: Don't use existing user when header is set

Signed-off-by: Marcel Klehr <[email protected]>
nextcloud · Sep 12, 2024 · 94ef55d · 94ef55d
1 parent 0c11c4e
commit 94ef55d
Showing 1 changed file with 0 additions and 8 deletions.
diff --git a/lib/Service/Authorizer.php b/lib/Service/Authorizer.php
@@ -74,21 +74,13 @@ public function setCredentials(IRequest $request): void {
 		if (!$this->cors && $this->userSession->isLoggedIn()) {
 			$this->setUserId($this->userSession->getUser()->getUID());
 		} elseif (isset($request->server['PHP_AUTH_USER'], $request->server['PHP_AUTH_PW'])) {
-			if ($this->userSession->getUser() !== null) {
-				$this->setUserId($this->userSession->getUser()->getUID());
-				return;
-			}
 			if ($this->userSession->login($request->server['PHP_AUTH_USER'], $request->server['PHP_AUTH_PW']) === false) {
 				return;
 			}
 			$this->setUserId($this->userSession->getUser()->getUID());
 		} elseif ($auth !== null && $auth !== '') {
 			[$type, $credentials] = explode(' ', $auth);
 			if (strtolower($type) === 'basic') {
-				if ($this->userSession->getUser() !== null) {
-					$this->setUserId($this->userSession->getUser()->getUID());
-					return;
-				}
 				[$username, $password] = explode(':', base64_decode($credentials));
 				if (isset($username, $password) && $password !== '') {
 					return;