do not allow client password logins if token auth is enforced or 2FA is enabled

author: Christoph Wurst <christoph@owncloud.com> 2016-05-24 14:08:42 +0200
committer: Christoph Wurst <christoph@owncloud.com> 2016-05-24 17:54:02 +0200
commit: 28ce7dd262fbf748c46b915b67ac6c332fed8420 (patch)
tree: 4719d5eaa8f66560a12a9ff122b46c35db5188da /apps/dav/lib/Connector/Sabre
parent: d3fb5d618ea5902c989c39d72fd6ac2e5bcb65ed (diff)
download: nextcloud-server-28ce7dd262fbf748c46b915b67ac6c332fed8420.tar.gz
nextcloud-server-28ce7dd262fbf748c46b915b67ac6c332fed8420.zip
1 files changed, 1 insertions, 2 deletions
diff --git a/apps/dav/lib/Connector/Sabre/Auth.php b/apps/dav/lib/Connector/Sabre/Auth.php
index 88898f272c5..cbb2c2b63bd 100644
--- a/apps/dav/lib/Connector/Sabre/Auth.php
+++ b/apps/dav/lib/Connector/Sabre/Auth.php
@@ -103,8 +103,7 @@ class Auth extends AbstractBasic {
 			return true;
 		} else {
 			\OC_Util::setUpFS(); //login hooks may need early access to the filesystem
-			// TODO: do not allow basic auth if the user is 2FA enforced
-			if($this->userSession->login($username, $password)) {
+			if($this->userSession->logClientIn($username, $password)) {
 				$this->userSession->createSessionToken($this->request, $this->userSession->getUser()->getUID(), $username, $password);
 				\OC_Util::setUpFS($this->userSession->getUser()->getUID());
 				$this->session->set(self::DAV_AUTHENTICATED, $this->userSession->getUser()->getUID());
author	Christoph Wurst <christoph@owncloud.com>	2016-05-24 14:08:42 +0200
committer	Christoph Wurst <christoph@owncloud.com>	2016-05-24 17:54:02 +0200
commit	28ce7dd262fbf748c46b915b67ac6c332fed8420 (patch)
tree	4719d5eaa8f66560a12a9ff122b46c35db5188da /apps/dav/lib/Connector/Sabre
parent	d3fb5d618ea5902c989c39d72fd6ac2e5bcb65ed (diff)
download	nextcloud-server-28ce7dd262fbf748c46b915b67ac6c332fed8420.tar.gz nextcloud-server-28ce7dd262fbf748c46b915b67ac6c332fed8420.zip