cas_force_login always treated as enabled

[zeronounours]

The cas_force_login option is always considered as being enabled.
When configuration is saved, unchecked checkboxes set options to 0:

}
elseif (in_array($param,array('cas_force_login', 'cas_autocreate','cas_update_user_data','cas_link_to_ldap_backend','cas_disable_logout'))) {
    // unchecked checkboxes are not included in the post paramters
    OCP\Config::setAppValue('user_cas', $param, 0);
}

However, when cas_forge_login is retrieved, it is compared to false:

if (OCP\Config::getAppValue('user_cas', 'cas_force_login', false) === false) {
    return false;
}

The condition may be modified to either:

if (OCP\Config::getAppValue('user_cas', 'cas_force_login', '0') === '0') {
    return false;
}

or

if (OCP\Config::getAppValue('user_cas', 'cas_force_login', false) !== 'on') {
    return false;
}

[brenard]

Hi,

On differents OwnCloud installations with this app, I have severals problems with this feature : when it's enabled (and as @zeronounours say, it's always enable) files sharing with URL does not work because I'm always redirect on CAS login page. If I look how this feature was implemented and I mean it's not the right way because we try to determine when we have to force CAS login by making some checks to known if user is still login or if the call page need login. But in fact, we can't be sure that we check ALL cases.

I mean the right way is to make a hook on display login page event. The problem is that this hook does not exists. What do you think of this reasoning? Do we need to work on a hook of this type by implementing it in OwnCloud Core ?

[DamienGombaultRecia]

I confirm this bug.
zeronounours, thank you for the workaround.

[bastienho]

👍

Thank you @zeronounours the patch works like a charm !