From 628602f4872e843999cb19954516252473febd9a Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Mon, 4 Sep 2023 17:02:12 +0200
Subject: [PATCH] only save the ticket when the user is using session sso

Signed-off-by: Robin Appelman <robin@icewind.nl>
---
 .../lib/Lib/TicketSaveMiddleware.php          | 30 +++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/apps/files_external/lib/Lib/TicketSaveMiddleware.php b/apps/files_external/lib/Lib/TicketSaveMiddleware.php
index e79d3e17c9f89..c33221e13fee2 100644
--- a/apps/files_external/lib/Lib/TicketSaveMiddleware.php
+++ b/apps/files_external/lib/Lib/TicketSaveMiddleware.php
@@ -24,22 +24,48 @@
 namespace OCA\Files_External\Lib;
 
 use Icewind\SMB\KerberosTicket;
+use OCA\Files_External\Controller\UserGlobalStoragesController;
+use OCA\Files_External\Lib\Auth\SMB\KerberosSsoSession;
+use OCA\Files_External\Service\UserGlobalStoragesService;
 use OCP\AppFramework\Http\Response;
 use OCP\AppFramework\Middleware;
 use OCP\ISession;
+use OCP\IUserSession;
 
 class TicketSaveMiddleware extends Middleware {
 	private ISession $session;
+	private IUserSession $userSession;
+	private UserGlobalStoragesService $storagesService;
 
-	public function __construct(ISession $session) {
+	public function __construct(
+		ISession $session,
+		IUserSession $userSession,
+		UserGlobalStoragesService $storagesService
+	) {
 		$this->session = $session;
+		$this->userSession = $userSession;
+		$this->storagesService = $storagesService;
 	}
 
 	public function afterController($controller, $methodName, Response $response) {
 		$ticket = KerberosTicket::fromEnv();
-		if ($ticket && $ticket->isValid()) {
+		if ($ticket && $ticket->isValid() && $this->needToSaveTicket()) {
 			$this->session->set('kerberos_ticket', base64_encode($ticket->save()));
 		}
 		return $response;
 	}
+
+	private function needToSaveTicket(): bool {
+		$user = $this->userSession->getUser();
+		if (!$user) {
+			return false;
+		}
+		$storages = $this->storagesService->getAllStoragesForUser($user);
+		foreach ($storages as $storage) {
+			if ($storage->getAuthMechanism() instanceof KerberosSsoSession) {
+				return true;
+			}
+		}
+		return false;
+	}
 }