From 4349a97f333e5ba370d77f2d998fa0479af4863f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lvaro=20Brey=20Vilas?= <alvaro.brey@nextcloud.com>
Date: Thu, 17 Feb 2022 10:59:18 +0100
Subject: [PATCH 1/2] RemoteOperationResult: ignore location header if there
 are authentication headers present
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In https://github.com/nextcloud/android-library/commit/d1ace843b510a0788794cd40ce75a13d6dec82d1, a change was introduced
so that duplicate www-authenticate headers weren't ignored.

At the same time, this change unknowingly removed the previous behaviour of ignoring a location header if www_authenticate headers were present
(and came first in the list). This resulted in servers returning both location headers and authenticate headers causing a loop in the login process:
https://github.com/nextcloud/android/issues/9827

This commit fixes that, while also allowing multiple authentication headers as before.

As a side note, the connection check logic (including this part) is very opaque and should be reworked.

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
---
 .../lib/common/operations/RemoteOperationResult.java        | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/owncloud/android/lib/common/operations/RemoteOperationResult.java b/src/main/java/com/owncloud/android/lib/common/operations/RemoteOperationResult.java
index 1a3aa7a01..41be33761 100644
--- a/src/main/java/com/owncloud/android/lib/common/operations/RemoteOperationResult.java
+++ b/src/main/java/com/owncloud/android/lib/common/operations/RemoteOperationResult.java
@@ -378,10 +378,10 @@ public RemoteOperationResult(boolean success, int httpCode, String httpPhrase, H
             Header current;
             for (Header httpHeader : httpHeaders) {
                 current = httpHeader;
-                if (HEADER_LOCATION.equals(current.getName().toLowerCase(Locale.US))) {
-                    mRedirectedLocation = current.getValue();
-                } else if (HEADER_WWW_AUTHENTICATE.equals(current.getName().toLowerCase(Locale.US))) {
+                if (HEADER_WWW_AUTHENTICATE.equals(current.getName().toLowerCase(Locale.US))) {
                     mAuthenticateHeaders.add(current.getValue());
+                } else if (HEADER_LOCATION.equals(current.getName().toLowerCase(Locale.US)) && mAuthenticateHeaders.isEmpty()) {
+                    mRedirectedLocation = current.getValue();
                 }
             }
         }

From 41affe7ace1e38b1e4019111bf8e979bf785a3aa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lvaro=20Brey=20Vilas?= <alvaro.brey@nextcloud.com>
Date: Thu, 17 Feb 2022 15:16:24 +0100
Subject: [PATCH 2/2] RemoteOperationResultTest: fix test with
 location+authenticate headers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
---
 .../android/lib/common/operations/RemoteOperationResultTest.kt  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/com/owncloud/android/lib/common/operations/RemoteOperationResultTest.kt b/src/test/java/com/owncloud/android/lib/common/operations/RemoteOperationResultTest.kt
index 7eb6e5439..5e705dbad 100644
--- a/src/test/java/com/owncloud/android/lib/common/operations/RemoteOperationResultTest.kt
+++ b/src/test/java/com/owncloud/android/lib/common/operations/RemoteOperationResultTest.kt
@@ -72,7 +72,7 @@ class RemoteOperationResultTest {
         )
         Assert.assertEquals(
             "Wrong location header",
-            LOCATION_HEADER.value,
+            null,
             sut.redirectedLocation
         )
     }