summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristoph Wurst <ChristophWurst@users.noreply.github.com>2021-11-24 14:39:05 +0100
committerGitHub <noreply@github.com>2021-11-24 14:39:05 +0100
commitd0c5a24f81ee3953ea018b8eaa10c3e5ff9e8983 (patch)
tree6e7674942621349cecd9bcccc7825ca17aa03e7b
parent28f41da1864f1125a34ba519f1e4df38e7c3bf6d (diff)
parentfc5b49082f8227e67eb7dbddf23331782c33f85d (diff)
downloadnextcloud-server-d0c5a24f81ee3953ea018b8eaa10c3e5ff9e8983.tar.gz
nextcloud-server-d0c5a24f81ee3953ea018b8eaa10c3e5ff9e8983.zip
Merge pull request #29764 from nextcloud/backport/29752/stable21
[stable21] Explicitly allow some routes without 2FA
-rw-r--r--core/Controller/OCJSController.php1
-rw-r--r--core/Middleware/TwoFactorMiddleware.php6
2 files changed, 7 insertions, 0 deletions
diff --git a/core/Controller/OCJSController.php b/core/Controller/OCJSController.php
index c3a74733b98..9a4991ddd3e 100644
--- a/core/Controller/OCJSController.php
+++ b/core/Controller/OCJSController.php
@@ -99,6 +99,7 @@ class OCJSController extends Controller {
/**
* @NoCSRFRequired
+ * @NoTwoFactorRequired
* @PublicPage
*
* @return DataDisplayResponse
diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php
index c0e01cbe033..a6c8a131cee 100644
--- a/core/Middleware/TwoFactorMiddleware.php
+++ b/core/Middleware/TwoFactorMiddleware.php
@@ -84,6 +84,12 @@ class TwoFactorMiddleware extends Middleware {
* @param string $methodName
*/
public function beforeController($controller, $methodName) {
+ if ($this->reflector->hasAnnotation('NoTwoFactorRequired')) {
+ // Route handler explicitly marked to work without finished 2FA are
+ // not blocked
+ return;
+ }
+
if ($controller instanceof APIController && $methodName === 'poll') {
// Allow polling the twofactor nextcloud notifications state
return;