No need to check 2fa state on apptoken logins

If you login with an apptoken there is no need to check 2FA state as this does not apply to apptokens. Not checking saves us a query on each request made from a client. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
author: Roeland Jago Douma <roeland@famdouma.nl> 2019-02-20 17:40:40 +0100
committer: Roeland Jago Douma <roeland@famdouma.nl> 2019-02-20 17:40:40 +0100
commit: 8c778827941ecbd08daf8108fba056a05b85e309 (patch)
tree: 9fdb05dcd6f6957412f16272bee3ad23cf5ec40c /core
parent: beba18224898777b559f3a657d890c0e9bdd7864 (diff)
download: nextcloud-server-8c778827941ecbd08daf8108fba056a05b85e309.tar.gz
nextcloud-server-8c778827941ecbd08daf8108fba056a05b85e309.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php
index d3811f7d27e..167545b0df9 100644
--- a/core/Middleware/TwoFactorMiddleware.php
+++ b/core/Middleware/TwoFactorMiddleware.php
@@ -95,7 +95,8 @@ class TwoFactorMiddleware extends Middleware {
 		if ($this->userSession->isLoggedIn()) {
 			$user = $this->userSession->getUser();
 
-			if ($this->twoFactorManager->isTwoFactorAuthenticated($user)) {
+
+			if ($this->session->exists('app_password') || $this->twoFactorManager->isTwoFactorAuthenticated($user)) {
 				$this->checkTwoFactor($controller, $methodName, $user);
 			} else if ($controller instanceof TwoFactorChallengeController) {
 				// Allow access to the two-factor controllers only if two-factor authentication
author	Roeland Jago Douma <roeland@famdouma.nl>	2019-02-20 17:40:40 +0100
committer	Roeland Jago Douma <roeland@famdouma.nl>	2019-02-20 17:40:40 +0100
commit	8c778827941ecbd08daf8108fba056a05b85e309 (patch)
tree	9fdb05dcd6f6957412f16272bee3ad23cf5ec40c /core
parent	beba18224898777b559f3a657d890c0e9bdd7864 (diff)
download	nextcloud-server-8c778827941ecbd08daf8108fba056a05b85e309.tar.gz nextcloud-server-8c778827941ecbd08daf8108fba056a05b85e309.zip