diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2019-10-25 14:42:00 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2019-10-25 15:44:37 +0200 |
| commit | 2cf068463fb2da915fc576bfed0134e051885b39 (patch) | |
| tree | ace41cc391e8124c293aadab8df6e28a8934b7cf /core | |
| parent | a1cc2b21cc4e8abc0aa04938429e73b7b1f66fef (diff) | |
| download | nextcloud-server-2cf068463fb2da915fc576bfed0134e051885b39.tar.gz nextcloud-server-2cf068463fb2da915fc576bfed0134e051885b39.zip | |
Harden middleware check
These annotations will allow for extra checks. And thus make it harder
to break things.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'core')
| -rw-r--r-- | core/Controller/TwoFactorChallengeController.php | 3 | ||||
| -rw-r--r-- | core/Middleware/TwoFactorMiddleware.php | 10 |
2 files changed, 13 insertions, 0 deletions
diff --git a/core/Controller/TwoFactorChallengeController.php b/core/Controller/TwoFactorChallengeController.php index e2a0b5423ab..07e77352bac 100644 --- a/core/Controller/TwoFactorChallengeController.php +++ b/core/Controller/TwoFactorChallengeController.php @@ -99,6 +99,7 @@ class TwoFactorChallengeController extends Controller { /** * @NoAdminRequired * @NoCSRFRequired + * @TwoFactorSetUpDoneRequired * * @param string $redirect_url * @return StandaloneTemplateResponse @@ -125,6 +126,7 @@ class TwoFactorChallengeController extends Controller { * @NoAdminRequired * @NoCSRFRequired * @UseSession + * @TwoFactorSetUpDoneRequired * * @param string $challengeProviderId * @param string $redirect_url @@ -175,6 +177,7 @@ class TwoFactorChallengeController extends Controller { * @NoAdminRequired * @NoCSRFRequired * @UseSession + * @TwoFactorSetUpDoneRequired * * @UserRateThrottle(limit=5, period=100) * diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php index 7b32c0dd895..b8ca7d9da9e 100644 --- a/core/Middleware/TwoFactorMiddleware.php +++ b/core/Middleware/TwoFactorMiddleware.php @@ -88,6 +88,16 @@ class TwoFactorMiddleware extends Middleware { return; } + if ($controller instanceof TwoFactorChallengeController + && $this->userSession->getUser() !== null + && !$this->reflector->hasAnnotation('TwoFactorSetUpDoneRequired')) { + $providers = $this->twoFactorManager->getProviderSet($this->userSession->getUser()); + + if (!($providers->getProviders() === [] && !$providers->isProviderMissing())) { + throw new TwoFactorAuthRequiredException(); + } + } + if ($controller instanceof ALoginSetupController && $this->userSession->getUser() !== null && $this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) { |