summaryrefslogtreecommitdiffstats
path: root/core/Middleware
diff options
context:
space:
mode:
authorRoeland Jago Douma <roeland@famdouma.nl>2019-10-25 14:42:00 +0200
committerRoeland Jago Douma <roeland@famdouma.nl>2019-10-25 15:44:37 +0200
commit2cf068463fb2da915fc576bfed0134e051885b39 (patch)
treeace41cc391e8124c293aadab8df6e28a8934b7cf /core/Middleware
parenta1cc2b21cc4e8abc0aa04938429e73b7b1f66fef (diff)
downloadnextcloud-server-2cf068463fb2da915fc576bfed0134e051885b39.tar.gz
nextcloud-server-2cf068463fb2da915fc576bfed0134e051885b39.zip
Harden middleware check
These annotations will allow for extra checks. And thus make it harder to break things. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'core/Middleware')
-rw-r--r--core/Middleware/TwoFactorMiddleware.php10
1 files changed, 10 insertions, 0 deletions
diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php
index 7b32c0dd895..b8ca7d9da9e 100644
--- a/core/Middleware/TwoFactorMiddleware.php
+++ b/core/Middleware/TwoFactorMiddleware.php
@@ -88,6 +88,16 @@ class TwoFactorMiddleware extends Middleware {
return;
}
+ if ($controller instanceof TwoFactorChallengeController
+ && $this->userSession->getUser() !== null
+ && !$this->reflector->hasAnnotation('TwoFactorSetUpDoneRequired')) {
+ $providers = $this->twoFactorManager->getProviderSet($this->userSession->getUser());
+
+ if (!($providers->getProviders() === [] && !$providers->isProviderMissing())) {
+ throw new TwoFactorAuthRequiredException();
+ }
+ }
+
if ($controller instanceof ALoginSetupController
&& $this->userSession->getUser() !== null
&& $this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) {