diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2017-09-12 22:28:43 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2017-09-12 22:28:43 +0200 |
| commit | 9163cf924180efb434030ec7c95f417e537c8372 (patch) | |
| tree | e35054febf147b5d725595f0bb9c3cb888c01bd7 | |
| parent | 83508d7be3fb9b151c4b73152cf3719d38060d39 (diff) | |
| download | nextcloud-server-9163cf924180efb434030ec7c95f417e537c8372.tar.gz nextcloud-server-9163cf924180efb434030ec7c95f417e537c8372.zip | |
Fix AppPassword 2FA auth
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
| -rw-r--r-- | lib/private/Authentication/TwoFactorAuth/Manager.php | 6 | ||||
| -rw-r--r-- | tests/lib/Authentication/TwoFactorAuth/ManagerTest.php | 17 |
2 files changed, 21 insertions, 2 deletions
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php index fd0d5914d02..b825f45f739 100644 --- a/lib/private/Authentication/TwoFactorAuth/Manager.php +++ b/lib/private/Authentication/TwoFactorAuth/Manager.php @@ -269,6 +269,11 @@ class Manager { return false; } + // If we are authenticated using an app password skip all this + if ($this->session->exists('app_password')) { + return false; + } + // First check if the session tells us we should do 2FA (99% case) if (!$this->session->exists(self::SESSION_UID_KEY)) { @@ -296,7 +301,6 @@ class Manager { } } - if (!$this->isTwoFactorAuthenticated($user)) { // There is no second factor any more -> let the user pass // This prevents infinite redirect loops when a user is about diff --git a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php index 4fa3b3d7e14..9db27edd70c 100644 --- a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php +++ b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php @@ -388,9 +388,13 @@ class ManagerTest extends TestCase { $user = $this->createMock(IUser::class); $this->session->expects($this->at(0)) ->method('exists') + ->with('app_password') + ->willReturn(false); + $this->session->expects($this->at(1)) + ->method('exists') ->with('two_factor_auth_uid') ->will($this->returnValue(false)); - $this->session->expects($this->at(1)) + $this->session->expects($this->at(2)) ->method('exists') ->with(Manager::SESSION_UID_DONE) ->willReturn(false); @@ -523,6 +527,8 @@ class ManagerTest extends TestCase { ->will($this->returnCallback(function($var) { if ($var === Manager::SESSION_UID_KEY) { return false; + } else if ($var === 'app_password') { + return false; } return true; })); @@ -585,4 +591,13 @@ class ManagerTest extends TestCase { $this->assertFalse($this->manager->needsSecondFactor($user)); } + + public function testNeedsSecondFactorAppPassword() { + $user = $this->createMock(IUser::class); + $this->session->method('exists') + ->with('app_password') + ->willReturn(true); + + $this->assertFalse($this->manager->needsSecondFactor($user)); + } } |