fix(dav): cleanup of code no longer needed

enriquepablo · enriquepablo · commit 6c86ce4abd2d · 2026-05-21T17:46:03.000+02:00
Signed-off-by: Enrique Pérez Arnaud &lt;enrique@cazalla.net&gt;
diff --git a/apps/dav/lib/Connector/Sabre/BearerAuth.php b/apps/dav/lib/Connector/Sabre/BearerAuth.php
@@ -47,6 +47,14 @@ public function validateBearerToken($bearerToken) {
 		\OC_Util::setupFS();
 		$this->token = $bearerToken;
 
+		// public.php sets incognito mode for anonymous share access, which makes
+		// Session::getUser() return null and consequently Session::isLoggedIn()
+		// return false even after a successful token login. Disable it here so
+		// the logged-in user is visible for the rest of the request. If the
+		// bearer token is invalid and Sabre falls back to one of the public
+		// auth backends, that backend will re-enable incognito mode itself.
+		\OC_User::setIncognitoMode(false);
+
 		if (!$this->userSession->isLoggedIn()) {
 			$this->userSession->tryTokenLogin($this->request);
 		}
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
@@ -617,35 +617,14 @@ private function loginWithToken($token) {
 			// Ignore and use empty string instead
 		}
 
+		$this->manager->emit('\OC\User', 'preLogin', [$dbToken->getLoginName(), $password]);
+
 		$user = $this->manager->get($uid);
 		if (is_null($user)) {
-			// Maybe this is an access token. We keep the refresh tokens as UID of access tokens
-			try {
-				$token = $uid;
-				$dbToken = $this->tokenProvider->getToken($token);
-			} catch (InvalidTokenException $ex) {
-				return false;
-			}
-			$uid = $dbToken->getUID();
-
-			// When logging in with token, the password must be decrypted first before passing to login hook
-			$password = '';
-			try {
-				$password = $this->tokenProvider->getPassword($dbToken, $token);
-			} catch (PasswordlessTokenException $ex) {
-				// Ignore and use empty string instead
-			}
 			// user does not exist
-			$user = $this->manager->get($uid);
-			if (is_null($user)) {
-				return false;
-			}
+			return false;
 		}
 
-		$this->manager->emit('\OC\User', 'preLogin', [$dbToken->getLoginName(), $password]);
-
-		// See line 173 in this module, needed for completeLogin
-		OC_User::setIncognitoMode(false);
 		return $this->completeLogin(
 			$user,
 			[
@@ -867,30 +846,18 @@ public function tryTokenLogin(IRequest $request) {
 			return false;
 		}
 
-		return $this->doTryTokenLogin($token);
-	}
-
-	private function doTryTokenLogin(string $token): bool {
 		if (!$this->loginWithToken($token)) {
 			return false;
 		}
 		if (!$this->validateToken($token)) {
 			return false;
 		}
 
-		try {
-			$dbToken = $this->tokenProvider->getToken($token);
-		} catch (InvalidTokenException $e) {
-			// Can't really happen but better save than sorry
-			return true;
-		}
-
 		// Set the session variable so we know this is an app password
 		if ($dbToken instanceof PublicKeyToken && $dbToken->getType() === IToken::PERMANENT_TOKEN) {
 			$this->session->set('app_password', $token);
 		} elseif ($dbToken instanceof PublicKeyToken && $dbToken->getType() === IToken::ONETIME_TOKEN) {
 			$this->tokenProvider->invalidateTokenById($dbToken->getUID(), $dbToken->getId());
-			$request = \OCP\Server::get(IRequest::class);
 			if ($request->getPathInfo() !== '/core/getapppassword-onetime') {
 				return false;
 			}
