From d271ae2451199ba3ef7f2f252c8a13b41b824b9b Mon Sep 17 00:00:00 2001
From: David Christofas <dchristofas@owncloud.com>
Date: Wed, 10 Aug 2022 16:29:41 +0200
Subject: [PATCH] fix some authentication cases

---
 services/proxy/pkg/middleware/authentication.go    | 2 ++
 services/proxy/pkg/middleware/public_share_auth.go | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/services/proxy/pkg/middleware/authentication.go b/services/proxy/pkg/middleware/authentication.go
index 53dfd4143..f5f4d9115 100644
--- a/services/proxy/pkg/middleware/authentication.go
+++ b/services/proxy/pkg/middleware/authentication.go
@@ -41,6 +41,8 @@ var (
 	// _unprotectedPathPrefixes contains paths which don't need to be authenticated.
 	_unprotectedPathPrefixes = [...]string{
 		"/files",
+		"/data",
+		"/s/",
 		"/settings",
 		"/user-management",
 		"/.well-known",
diff --git a/services/proxy/pkg/middleware/public_share_auth.go b/services/proxy/pkg/middleware/public_share_auth.go
index b32f9ed14..dabaa8a38 100644
--- a/services/proxy/pkg/middleware/public_share_auth.go
+++ b/services/proxy/pkg/middleware/public_share_auth.go
@@ -34,10 +34,10 @@ func (a PublicShareAuthenticator) Authenticate(r *http.Request) (*http.Request,
 		shareToken = query.Get(headerShareToken)
 	}
 
-	// Currently we only want to authenticate app open request coming from public shares.
 	if shareToken == "" {
-		// Don't authenticate
-		return nil, false
+		// If the share token is not set then we don't need to inject the user to
+		// the request context so we can just continue with the request.
+		return r, true
 	}
 
 	var sharePassword string