Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>tags/v24.0.0beta1
@@ -98,6 +98,7 @@ class OCJSController extends Controller { | |||
/** | |||
* @NoCSRFRequired | |||
* @NoTwoFactorRequired | |||
* @PublicPage | |||
* | |||
* @return DataDisplayResponse |
@@ -83,6 +83,12 @@ class TwoFactorMiddleware extends Middleware { | |||
* @param string $methodName | |||
*/ | |||
public function beforeController($controller, $methodName) { | |||
if ($this->reflector->hasAnnotation('NoTwoFactorRequired')) { | |||
// Route handler explicitly marked to work without finished 2FA are | |||
// not blocked | |||
return; | |||
} | |||
if ($controller instanceof APIController && $methodName === 'poll') { | |||
// Allow polling the twofactor nextcloud notifications state | |||
return; |