Handle LoginException when authenticating with Apache

"handleApacheAuth()" can throw a LoginException when trying to authenticate as a disabled user. This needs to be explicitly handled to redirect to an error page, as otherwise the login page will try to be loaded which, in turn, will try to authenticate again and cause an endless loop. Signed-off-by: Daniel Calviño Sánchez <[email protected]>
nextcloud · Nov 26, 2024 · 9dedd93 · 9dedd93
1 parent 4368a73
commit 9dedd93
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/appinfo/app.php b/appinfo/app.php
@@ -4,6 +4,7 @@
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 
+use OC\User\LoginException;
 use OCA\User_SAML\GroupBackend;
 use OCA\User_SAML\SAMLSettings;
 use OCA\User_SAML\UserBackend;
@@ -63,7 +64,21 @@
 		return;
 	}
 
-	OC_User::handleApacheAuth();
+	try {
+		OC_User::handleApacheAuth();
+	} catch (LoginException $e) {
+		if ($request->getPathInfo() === '/apps/user_saml/saml/error') {
+			return;
+		}
+		$targetUrl = $urlGenerator->linkToRouteAbsolute(
+			'user_saml.SAML.genericError',
+			[
+				'message' => $e->getMessage()
+			]
+		);
+		header('Location: ' . $targetUrl);
+		exit();
+	}
 }
 
 if ($returnScript === true) {