WebDAV Authentication backend inverts authentication

[johanehnberg]

Setup: two ownCloud 8 servers from opensuse repository on Ubuntu 14.04. The first is the reference server with valid SSL, the second a test server in a virtual machine. Both use MySQL as database.

On the second server, enabling the WebDAV Authentication app to point at the first one gives confusing results when logging in to the second server:

• Logging in with local (database) credentials still works
• Logging in with proper remote (reference server via WebDAV) credentials fails as if you mistyped your password although you typed properly, and log shows:
  Login failed: 'testuser' Remote IP: 127.0.0.1', X-Forwarded-For: ''
• Logging in with non-existing remote credentials, including remote maching user name but mistyped password, logs in and creates a data directory, but does not show up in the user list. Logs show:
  Adding default user backend WEBDAVAUTH
  copying skeleton for efgwegw from...

[LukasReschke]

What did you specify exactly in the config?

[LukasReschke]

but does not show up in the user list.

Expected behaviour until there are people willed to review #12799 - if you want this feature: test this PR and report back what worked and what didn't ;-)

[johanehnberg]

I did not touch the config.php from the defaults that come with the mentioned packages if that is what you mean. As for config in Admin, nothing except added https://owncloud.molnix.com as the remote server to authenticate with. Disabling the app reverts to normal behaviour.

[LukasReschke]

https://owncloud.molnix.com/remote.php/webdav would be the correct WebDAV endpoint

[johanehnberg]

That makes sense and fixed the behaviour. Here are some ideas to draw from the case:

Is it possible to add a check that the authentication leads to a WevDAV endpoint rather than just any authentication? That would correct user mistakes like mine, especially since many applications (DavDroid, ownCloud desktop client etc.) try various default paths when given just the host.

Additionally or alternatively, the placeholder text of the field, which is now https://example.com/webdav, could be https://owncloud.example.com/remote.php/webdav to promote how to use it with owncloud.

Furthermore, the text box is too small to actually show the full placeholder by default, for me it ends at example.com/. I had to check the page source to see the path.

[LukasReschke]

Is it possible to add a check that the authentication leads to a WevDAV endpoint rather than just any authentication?

The problem is that we can't really detect this properly on our own. Though we could add a note that the admin might verify the behaviour on his own afterwards ;-)

Can you open new feature requests for these issues? THX!