Only check the twofactor state once per request

Signed-off-by: Joas Schilling <coding@schilljs.com>

diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
index 375803b1d962c2c29ec2f464097535009b4f6c93..66e7c090e42005164353ea2d5b25e3c4a8ee9bc1 100644 (file)
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -87,6 +87,9 @@ class Manager {
        /** @var EventDispatcherInterface */
        private $legacyDispatcher;
 
+       /** @psalm-var array<string, bool> */
+       private $userIsTwoFactorAuthenticated = [];
+
        public function __construct(ProviderLoader $providerLoader,
                                                                IRegistry $providerRegistry,
                                                                MandatoryTwoFactor $mandatoryTwoFactor,
@@ -118,6 +121,10 @@ class Manager {
         * @return boolean
         */
        public function isTwoFactorAuthenticated(IUser $user): bool {
+               if (isset($this->userIsTwoFactorAuthenticated[$user->getUID()])) {
+                       return $this->userIsTwoFactorAuthenticated[$user->getUID()];
+               }
+
                if ($this->mandatoryTwoFactor->isEnforcedFor($user)) {
                        return true;
                }
@@ -129,7 +136,8 @@ class Manager {
                $providerIds = array_keys($enabled);
                $providerIdsWithoutBackupCodes = array_diff($providerIds, [self::BACKUP_CODES_PROVIDER_ID]);
 
-               return !empty($providerIdsWithoutBackupCodes);
+               $this->userIsTwoFactorAuthenticated[$user->getUID()] = !empty($providerIdsWithoutBackupCodes);
+               return $this->userIsTwoFactorAuthenticated[$user->getUID()];
        }
 
        /**