diff options
author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2021-11-18 10:43:28 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-18 10:43:28 +0100 |
commit | 2df7ea7daeb4745c7bfc4a12f34480e47eacf9f9 (patch) | |
tree | 628fee890a79fcb5f935e452c3e49f981902c3c3 /core | |
parent | 69ab7b4a275bc6cabaa70ba93a3c63899c98cca0 (diff) | |
parent | c8caba265fcb5a8c533aa726f9971b1f5b234cc9 (diff) | |
download | nextcloud-server-2df7ea7daeb4745c7bfc4a12f34480e47eacf9f9.tar.gz nextcloud-server-2df7ea7daeb4745c7bfc4a12f34480e47eacf9f9.zip |
Merge pull request #29752 from nextcloud/fix/allow-some-pages-without-two-factor
Explicitly allow access on some (public) routes also without 2FA
Diffstat (limited to 'core')
-rw-r--r-- | core/Controller/OCJSController.php | 1 | ||||
-rw-r--r-- | core/Middleware/TwoFactorMiddleware.php | 6 |
2 files changed, 7 insertions, 0 deletions
diff --git a/core/Controller/OCJSController.php b/core/Controller/OCJSController.php index 71f0941b46c..379b08bf22e 100644 --- a/core/Controller/OCJSController.php +++ b/core/Controller/OCJSController.php @@ -98,6 +98,7 @@ class OCJSController extends Controller { /** * @NoCSRFRequired + * @NoTwoFactorRequired * @PublicPage * * @return DataDisplayResponse diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php index fbdb106b7bb..4c13a99a1aa 100644 --- a/core/Middleware/TwoFactorMiddleware.php +++ b/core/Middleware/TwoFactorMiddleware.php @@ -83,6 +83,12 @@ class TwoFactorMiddleware extends Middleware { * @param string $methodName */ public function beforeController($controller, $methodName) { + if ($this->reflector->hasAnnotation('NoTwoFactorRequired')) { + // Route handler explicitly marked to work without finished 2FA are + // not blocked + return; + } + if ($controller instanceof APIController && $methodName === 'poll') { // Allow polling the twofactor nextcloud notifications state return; |