diff options
| author | Andrey Borysenko <andrey18106x@gmail.com> | 2023-12-29 16:18:54 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-29 16:18:54 +0300 |
| commit | f342f69075213b0fec7b06efd1dcf2bcf7c03a7b (patch) | |
| tree | f189fb491fc2a3144363850b0aecfad98481a650 | |
| parent | 4f113290d55ea4c911824fc195d3d88916752f4c (diff) | |
| parent | 12257ac76503be7616b694693bde4f01c2a4abf3 (diff) | |
| download | nextcloud-server-f342f69075213b0fec7b06efd1dcf2bcf7c03a7b.tar.gz nextcloud-server-f342f69075213b0fec7b06efd1dcf2bcf7c03a7b.zip | |
Merge pull request #42520 from nextcloud/backport/42479/stable27
[stable27] AppAPI: allow to bypass Two-Factor
| -rw-r--r-- | core/Middleware/TwoFactorMiddleware.php | 4 | ||||
| -rw-r--r-- | lib/private/Authentication/TwoFactorAuth/Manager.php | 4 | ||||
| -rw-r--r-- | tests/lib/Authentication/TwoFactorAuth/ManagerTest.php | 23 |
3 files changed, 24 insertions, 7 deletions
diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php index 0ea21ce78de..ca0df9d6ab9 100644 --- a/core/Middleware/TwoFactorMiddleware.php +++ b/core/Middleware/TwoFactorMiddleware.php @@ -124,7 +124,9 @@ class TwoFactorMiddleware extends Middleware { if ($this->userSession->isLoggedIn()) { $user = $this->userSession->getUser(); - if ($this->session->exists('app_password') || $this->twoFactorManager->isTwoFactorAuthenticated($user)) { + if ($this->session->exists('app_password') // authenticated using an app password + || $this->session->exists('app_api') // authenticated using an AppAPI Auth + || $this->twoFactorManager->isTwoFactorAuthenticated($user)) { $this->checkTwoFactor($controller, $methodName, $user); } elseif ($controller instanceof TwoFactorChallengeController) { // Allow access to the two-factor controllers only if two-factor authentication diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php index 7e115cf9b42..b43be868be9 100644 --- a/lib/private/Authentication/TwoFactorAuth/Manager.php +++ b/lib/private/Authentication/TwoFactorAuth/Manager.php @@ -335,8 +335,8 @@ class Manager { return false; } - // If we are authenticated using an app password skip all this - if ($this->session->exists('app_password')) { + // If we are authenticated using an app password or AppAPI Auth, skip all this + if ($this->session->exists('app_password') || $this->session->get('app_api') === true) { return false; } diff --git a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php index da11b11e537..0a57276cd65 100644 --- a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php +++ b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php @@ -636,13 +636,26 @@ class ManagerTest extends TestCase { return false; } elseif ($var === 'app_password') { return false; + } elseif ($var === 'app_api') { + return false; } return true; }); + $this->session->method('get') + ->willReturnCallback(function ($var) { + if ($var === Manager::SESSION_UID_KEY) { + return 'user'; + } elseif ($var === 'app_api') { + return true; + } + return null; + }); $this->session->expects($this->once()) ->method('get') - ->with(Manager::SESSION_UID_DONE) - ->willReturn('user'); + ->willReturnMap([ + [Manager::SESSION_UID_DONE, 'user'], + ['app_api', true] + ]); $this->assertFalse($this->manager->needsSecondFactor($user)); } @@ -702,8 +715,10 @@ class ManagerTest extends TestCase { public function testNeedsSecondFactorAppPassword() { $user = $this->createMock(IUser::class); $this->session->method('exists') - ->with('app_password') - ->willReturn(true); + ->willReturnMap([ + ['app_password', true], + ['app_api', true] + ]); $this->assertFalse($this->manager->needsSecondFactor($user)); } |