aboutsummaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorJoas Schilling <213943+nickvergessen@users.noreply.github.com>2021-11-18 10:43:28 +0100
committerGitHub <noreply@github.com>2021-11-18 10:43:28 +0100
commit2df7ea7daeb4745c7bfc4a12f34480e47eacf9f9 (patch)
tree628fee890a79fcb5f935e452c3e49f981902c3c3 /core
parent69ab7b4a275bc6cabaa70ba93a3c63899c98cca0 (diff)
parentc8caba265fcb5a8c533aa726f9971b1f5b234cc9 (diff)
downloadnextcloud-server-2df7ea7daeb4745c7bfc4a12f34480e47eacf9f9.tar.gz
nextcloud-server-2df7ea7daeb4745c7bfc4a12f34480e47eacf9f9.zip
Merge pull request #29752 from nextcloud/fix/allow-some-pages-without-two-factor
Explicitly allow access on some (public) routes also without 2FA
Diffstat (limited to 'core')
-rw-r--r--core/Controller/OCJSController.php1
-rw-r--r--core/Middleware/TwoFactorMiddleware.php6
2 files changed, 7 insertions, 0 deletions
diff --git a/core/Controller/OCJSController.php b/core/Controller/OCJSController.php
index 71f0941b46c..379b08bf22e 100644
--- a/core/Controller/OCJSController.php
+++ b/core/Controller/OCJSController.php
@@ -98,6 +98,7 @@ class OCJSController extends Controller {
/**
* @NoCSRFRequired
+ * @NoTwoFactorRequired
* @PublicPage
*
* @return DataDisplayResponse
diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php
index fbdb106b7bb..4c13a99a1aa 100644
--- a/core/Middleware/TwoFactorMiddleware.php
+++ b/core/Middleware/TwoFactorMiddleware.php
@@ -83,6 +83,12 @@ class TwoFactorMiddleware extends Middleware {
* @param string $methodName
*/
public function beforeController($controller, $methodName) {
+ if ($this->reflector->hasAnnotation('NoTwoFactorRequired')) {
+ // Route handler explicitly marked to work without finished 2FA are
+ // not blocked
+ return;
+ }
+
if ($controller instanceof APIController && $methodName === 'poll') {
// Allow polling the twofactor nextcloud notifications state
return;