diff options
author | Christoph Wurst <ChristophWurst@users.noreply.github.com> | 2021-11-24 14:39:05 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-24 14:39:05 +0100 |
commit | d0c5a24f81ee3953ea018b8eaa10c3e5ff9e8983 (patch) | |
tree | 6e7674942621349cecd9bcccc7825ca17aa03e7b | |
parent | 28f41da1864f1125a34ba519f1e4df38e7c3bf6d (diff) | |
parent | fc5b49082f8227e67eb7dbddf23331782c33f85d (diff) | |
download | nextcloud-server-d0c5a24f81ee3953ea018b8eaa10c3e5ff9e8983.tar.gz nextcloud-server-d0c5a24f81ee3953ea018b8eaa10c3e5ff9e8983.zip |
Merge pull request #29764 from nextcloud/backport/29752/stable21
[stable21] Explicitly allow some routes without 2FA
-rw-r--r-- | core/Controller/OCJSController.php | 1 | ||||
-rw-r--r-- | core/Middleware/TwoFactorMiddleware.php | 6 |
2 files changed, 7 insertions, 0 deletions
diff --git a/core/Controller/OCJSController.php b/core/Controller/OCJSController.php index c3a74733b98..9a4991ddd3e 100644 --- a/core/Controller/OCJSController.php +++ b/core/Controller/OCJSController.php @@ -99,6 +99,7 @@ class OCJSController extends Controller { /** * @NoCSRFRequired + * @NoTwoFactorRequired * @PublicPage * * @return DataDisplayResponse diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php index c0e01cbe033..a6c8a131cee 100644 --- a/core/Middleware/TwoFactorMiddleware.php +++ b/core/Middleware/TwoFactorMiddleware.php @@ -84,6 +84,12 @@ class TwoFactorMiddleware extends Middleware { * @param string $methodName */ public function beforeController($controller, $methodName) { + if ($this->reflector->hasAnnotation('NoTwoFactorRequired')) { + // Route handler explicitly marked to work without finished 2FA are + // not blocked + return; + } + if ($controller instanceof APIController && $methodName === 'poll') { // Allow polling the twofactor nextcloud notifications state return; |