From 890fbd53b6e2d22189cd7482dee6f1349ff92d71 Mon Sep 17 00:00:00 2001
From: David Christofas <dchristofas@owncloud.com>
Date: Tue, 2 Nov 2021 15:04:13 +0100
Subject: [PATCH 1/2] fix basic auth configuration

---
 changelog/unreleased/fix-basic-auth-config.md | 6 ++++++
 storage/pkg/command/frontend.go               | 1 +
 2 files changed, 7 insertions(+)
 create mode 100644 changelog/unreleased/fix-basic-auth-config.md

diff --git a/changelog/unreleased/fix-basic-auth-config.md b/changelog/unreleased/fix-basic-auth-config.md
new file mode 100644
index 0000000000..8df9b0524f
--- /dev/null
+++ b/changelog/unreleased/fix-basic-auth-config.md
@@ -0,0 +1,6 @@
+Bugfix: Fix basic auth config
+
+Users could authenticate using basic auth even though `PROXY_ENABLE_BASIC_AUTH` was set to false.
+
+https://github.com/owncloud/ocis/pull/2719
+https://github.com/owncloud/ocis/issues/2466
diff --git a/storage/pkg/command/frontend.go b/storage/pkg/command/frontend.go
index 43fb59a6f4..c2fc654057 100644
--- a/storage/pkg/command/frontend.go
+++ b/storage/pkg/command/frontend.go
@@ -162,6 +162,7 @@ func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[s
 				},
 				"auth": map[string]interface{}{
 					"credentials_by_user_agent": cfg.Reva.Frontend.Middleware.Auth.CredentialsByUserAgent,
+					"credential_chain":          []string{"bearer"},
 				},
 			},
 			// TODO build services dynamically

From a13e3e74bed76f706542d57db40c8a72dc2587a0 Mon Sep 17 00:00:00 2001
From: David Christofas <dchristofas@owncloud.com>
Date: Tue, 2 Nov 2021 15:03:01 +0000
Subject: [PATCH 2/2] Automated changelog update [skip ci]

---
 CHANGELOG.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7b628de9a3..88669244ee 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@ The following sections list the changes for unreleased.
 ## Summary
 
 * Bugfix - Don't allow empty password: [#197](https://github.com/owncloud/product/issues/197)
+* Bugfix - Fix basic auth config: [#2719](https://github.com/owncloud/ocis/pull/2719)
 * Bugfix - Fix oCIS startup ony systems with IPv6: [#2698](https://github.com/owncloud/ocis/pull/2698)
 * Bugfix - Fix error logging when there is no thumbnail for a file: [#2702](https://github.com/owncloud/ocis/pull/2702)
 * Bugfix - Don't announce resharing via capabilities: [#2690](https://github.com/owncloud/ocis/pull/2690)
@@ -20,6 +21,14 @@ The following sections list the changes for unreleased.
 
    https://github.com/owncloud/product/issues/197
 
+* Bugfix - Fix basic auth config: [#2719](https://github.com/owncloud/ocis/pull/2719)
+
+   Users could authenticate using basic auth even though `PROXY_ENABLE_BASIC_AUTH` was set to
+   false.
+
+   https://github.com/owncloud/ocis/issues/2466
+   https://github.com/owncloud/ocis/pull/2719
+
 * Bugfix - Fix oCIS startup ony systems with IPv6: [#2698](https://github.com/owncloud/ocis/pull/2698)
 
    We've fixed failing startup of oCIS on systems with IPv6 addresses.