AppAPI: allowed to bypass Two-Factor

Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
author: Alexander Piskun <bigcat88@icloud.com> 2023-12-25 18:12:54 +0300
committer: Alexander Piskun <bigcat88@icloud.com> 2023-12-28 20:59:02 +0300
commit: 26d343d33aa763b7126937680769525e51638b90 (patch)
tree: 0a5496fb3938a4873de535322cfebad948d95398 /lib/private/Authentication
parent: 17cb5dadcd6be4bf26c5d7bb012db01722ce1ec0 (diff)
download: nextcloud-server-26d343d33aa763b7126937680769525e51638b90.tar.gz
nextcloud-server-26d343d33aa763b7126937680769525e51638b90.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
index b0bb73c3115..4defcb9a585 100644
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -318,8 +318,8 @@ class Manager {
 			return false;
 		}
 
-		// If we are authenticated using an app password skip all this
-		if ($this->session->exists('app_password')) {
+		// If we are authenticated using an app password or AppAPI Auth, skip all this
+		if ($this->session->exists('app_password') || $this->session->get('app_api') === true) {
 			return false;
 		}
author	Alexander Piskun <bigcat88@icloud.com>	2023-12-25 18:12:54 +0300
committer	Alexander Piskun <bigcat88@icloud.com>	2023-12-28 20:59:02 +0300
commit	26d343d33aa763b7126937680769525e51638b90 (patch)
tree	0a5496fb3938a4873de535322cfebad948d95398 /lib/private/Authentication
parent	17cb5dadcd6be4bf26c5d7bb012db01722ce1ec0 (diff)
download	nextcloud-server-26d343d33aa763b7126937680769525e51638b90.tar.gz nextcloud-server-26d343d33aa763b7126937680769525e51638b90.zip