diff options
| author | Alexander Piskun <bigcat88@icloud.com> | 2023-12-25 18:12:54 +0300 |
|---|---|---|
| committer | Andrey Borysenko <andrey18106x@gmail.com> | 2023-12-29 14:46:58 +0200 |
| commit | 12257ac76503be7616b694693bde4f01c2a4abf3 (patch) | |
| tree | 6a9313a011af4d34f9d6e05984aaf1cac325e7da /core | |
| parent | 7474b574cae8ecee2753391beb6df07d33c9de27 (diff) | |
| download | nextcloud-server-12257ac76503be7616b694693bde4f01c2a4abf3.tar.gz nextcloud-server-12257ac76503be7616b694693bde4f01c2a4abf3.zip | |
AppAPI: allowed to bypass Two-Factor
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
fix php-cs
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
Diffstat (limited to 'core')
| -rw-r--r-- | core/Middleware/TwoFactorMiddleware.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php index 0ea21ce78de..ca0df9d6ab9 100644 --- a/core/Middleware/TwoFactorMiddleware.php +++ b/core/Middleware/TwoFactorMiddleware.php @@ -124,7 +124,9 @@ class TwoFactorMiddleware extends Middleware { if ($this->userSession->isLoggedIn()) { $user = $this->userSession->getUser(); - if ($this->session->exists('app_password') || $this->twoFactorManager->isTwoFactorAuthenticated($user)) { + if ($this->session->exists('app_password') // authenticated using an app password + || $this->session->exists('app_api') // authenticated using an AppAPI Auth + || $this->twoFactorManager->isTwoFactorAuthenticated($user)) { $this->checkTwoFactor($controller, $methodName, $user); } elseif ($controller instanceof TwoFactorChallengeController) { // Allow access to the two-factor controllers only if two-factor authentication |