block OCS if 2FA challenge needs to be solved first

author Christoph Wurst <christoph@owncloud.com>

Wed, 1 Jun 2016 09:19:49 +0000 (11:19 +0200)

committer Christoph Wurst <christoph@owncloud.com>

Wed, 1 Jun 2016 09:19:49 +0000 (11:19 +0200)
author Christoph Wurst <christoph@owncloud.com>
Wed, 1 Jun 2016 09:19:49 +0000 (11:19 +0200)
committer Christoph Wurst <christoph@owncloud.com>
Wed, 1 Jun 2016 09:19:49 +0000 (11:19 +0200)
diff --git a/lib/private/legacy/api.php b/lib/private/legacy/api.php

index a4745f58d02246ba252607c66623432a775ad9af..1e581153ce65e90b88b31ea0c77496f84b858af2 100644 (file)
--- a/lib/private/legacy/api.php
+++ b/lib/private/legacy/api.php
@@ -341,6 +341,10 @@ class OC_API {
                 // reuse existing login
                 $loggedIn = \OC::$server->getUserSession()->isLoggedIn();
                 if ($loggedIn === true) {
+                       if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor()) {
+                               // Do not allow access to OCS until the 2FA challenge was solved successfully
+                               return false;
+                       }
                         $ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false;
                         if ($ocsApiRequest) {
author	Christoph Wurst <christoph@owncloud.com>
	Wed, 1 Jun 2016 09:19:49 +0000 (11:19 +0200)
committer	Christoph Wurst <christoph@owncloud.com>
	Wed, 1 Jun 2016 09:19:49 +0000 (11:19 +0200)