OO-4266: add windows WebDAV client to the basic auth. black list

31f49ba7 · srosse · 44357ed6 · 31f49ba7 · 31f49ba7 · 31f49ba7
Commit 31f49ba7 authored 5 years ago by srosse
--- a/src/main/java/org/olat/core/commons/services/webdav/manager/WebDAVAuthManager.java
+++ b/src/main/java/org/olat/core/commons/services/webdav/manager/WebDAVAuthManager.java
@@ -103,9 +103,9 @@ public class WebDAVAuthManager implements AuthenticationSPI {
 					String verity = Encoder.md5hash(ver);
 					if(verity.equals(response)) {
 						return authentication.getIdentity();
-					} else if(log.isDebugEnabled()) {
+					} else if(log.isInfoEnabled()) {
 						// don't log as error, happens all the time with certain clients, e.g. Microsoft-WebDAV-MiniRedir
-						log.debug("Verity: {} doesn't equals response: {}", verity, response);
+						log.info("Verity: {} doesn't equals response: {}", verity, response);
 					}
 				}
 			}

--- a/src/main/java/org/olat/core/commons/services/webdav/manager/WebDAVManagerImpl.java
+++ b/src/main/java/org/olat/core/commons/services/webdav/manager/WebDAVManagerImpl.java
@@ -41,6 +41,7 @@ import org.olat.core.commons.services.webdav.WebDAVManager;
 import org.olat.core.commons.services.webdav.WebDAVModule;
 import org.olat.core.commons.services.webdav.WebDAVProvider;
 import org.olat.core.commons.services.webdav.servlets.WebResourceRoot;
+import org.olat.core.gui.media.ServletUtil;
 import org.olat.core.helpers.Settings;
 import org.olat.core.id.Identity;
 import org.olat.core.id.IdentityEnvironment;
@@ -192,6 +193,8 @@ public class WebDAVManagerImpl implements WebDAVManager, InitializingBean {
 			StringTokenizer st = new StringTokenizer(authHeader);
 			if (st.hasMoreTokens()) {
 				String basic = st.nextToken();
+				
+				log.debug("Do authentication: {} for session {}", basic, getHttpSessionId(request));

 				// We only handle HTTP Basic authentication
 				if (basic.equalsIgnoreCase("Basic")) {
@@ -242,9 +245,11 @@ public class WebDAVManagerImpl implements WebDAVManager, InitializingBean {
 		// prompt you again.

 		if(proposeBasicAuthentication(request)) {
+			log.debug("Add basic authentication: {} {}", getHttpSessionId(request), ServletUtil.getUserAgent(request));
 			response.addHeader("WWW-Authenticate", "Basic realm=\"" + BASIC_AUTH_REALM + "\"");
 		}
 		if(webdavModule.isDigestAuthenticationEnabled()) {
+			log.debug("Add digest authentication: {}", getHttpSessionId(request));
 			String nonce = UUID.randomUUID().toString().replace("-", "");
 			response.addHeader("WWW-Authenticate", "Digest realm=\"" + BASIC_AUTH_REALM + "\", qop=\"auth\", nonce=\"" + nonce + "\"");
 		}
@@ -263,11 +268,11 @@ public class WebDAVManagerImpl implements WebDAVManager, InitializingBean {
 	}
 	
 	private boolean proposeBasicAuthentication(HttpServletRequest request) {
-		if(StringHelper.containsNonWhitespace(request.getHeader("User-Agent"))) {
-			String userAgent = request.getHeader("User-Agent");
+		String userAgent = ServletUtil.getUserAgent(request);
+		if(StringHelper.containsNonWhitespace(userAgent)) {
 			String[] blackList = webdavModule.getBasicAuthenticationBlackList();
 			for(String blackListedAgent:blackList) {
-				if(userAgent.contains(blackListedAgent)) {
+				if(userAgent.contains(blackListedAgent) && webdavModule.isDigestAuthenticationEnabled()) {
 					return false;
 				}
 			}

--- a/src/main/java/org/olat/core/gui/media/ServletUtil.java
+++ b/src/main/java/org/olat/core/gui/media/ServletUtil.java
@@ -68,21 +68,21 @@ public class ServletUtil {
 	public static final long CACHE_ONE_DAY = 24l * 60l * 60l;
 	
 	
-	public static void printOutRequestParameters(HttpServletRequest request) {
+	public static final void printOutRequestParameters(HttpServletRequest request) {
 		for(Enumeration<String> names=request.getParameterNames(); names.hasMoreElements(); ) {
 			String name = names.nextElement();
 			log.info(name + " :: " + request.getParameter(name));
 		}
 	}
 	
-	public static void printOutRequestHeaders(HttpServletRequest request) {
+	public static final void printOutRequestHeaders(HttpServletRequest request) {
 		for(Enumeration<String> headers=request.getHeaderNames(); headers.hasMoreElements(); ) {
 			String header = headers.nextElement();
 			log.info(header + " :: " + request.getHeader(header));
 		}
 	}
 	
-	public static boolean acceptJson(HttpServletRequest request) {
+	public static final boolean acceptJson(HttpServletRequest request) {
 		boolean acceptJson = false;
 		for(Enumeration<String> headers=request.getHeaders("Accept"); headers.hasMoreElements(); ) {
 			String accept = headers.nextElement();
@@ -93,6 +93,10 @@ public class ServletUtil {
 		return acceptJson;
 	}
 	
+	public static final String getUserAgent(HttpServletRequest request) {
+		return request == null ? null : request.getHeader("User-Agent");
+	}
+	
 	/**
 	 * @param httpReq
 	 * @param httpResp

--- a/src/main/resources/serviceconfig/olat.properties
+++ b/src/main/resources/serviceconfig/olat.properties
@@ -562,7 +562,7 @@ auth.digest.enabled=true
 #usefull when semester terms are defined in admin area and used by courses
 webdav.termsfolders.enabled=true
 # User agents for which the basic authentication should never be proposed
-webdav.basic.authentication.black.list=Microsoft Office Excel,Microsoft Excel
+webdav.basic.authentication.black.list=Microsoft Office Excel,Microsoft Excel,Microsoft-WebDAV-MiniRedir

 ########################################################################
 # Image and PDF scale/thumbnail options