Merge pull request #24936 from owncloud/2fa-block-ocs

block OCS if 2FA challenge needs to be solved first
author: Vincent Petry <pvince81@owncloud.com> 2016-06-02 14:55:34 +0200
committer: Vincent Petry <pvince81@owncloud.com> 2016-06-02 14:55:34 +0200
commit: 53398b5146b566e55874b86171643a8dfddd34c1 (patch)
tree: 6ffa30656a678c3d9f86df50bc13c4472da3ce99 /lib/private/legacy
parent: f37d519d0d8acdbb6343df324b65b53b8f8d345b (diff)
parent: 3ec6f4e1652444d58f0c1dd712fac02e926d39a6 (diff)
download: nextcloud-server-53398b5146b566e55874b86171643a8dfddd34c1.tar.gz
nextcloud-server-53398b5146b566e55874b86171643a8dfddd34c1.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/private/legacy/api.php b/lib/private/legacy/api.php
index a4745f58d02..1e581153ce6 100644
--- a/lib/private/legacy/api.php
+++ b/lib/private/legacy/api.php
@@ -341,6 +341,10 @@ class OC_API {
 		// reuse existing login
 		$loggedIn = \OC::$server->getUserSession()->isLoggedIn();
 		if ($loggedIn === true) {
+			if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor()) {
+				// Do not allow access to OCS until the 2FA challenge was solved successfully
+				return false;
+			}
 			$ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false;
 			if ($ocsApiRequest) {
author	Vincent Petry <pvince81@owncloud.com>	2016-06-02 14:55:34 +0200
committer	Vincent Petry <pvince81@owncloud.com>	2016-06-02 14:55:34 +0200
commit	53398b5146b566e55874b86171643a8dfddd34c1 (patch)
tree	6ffa30656a678c3d9f86df50bc13c4472da3ce99 /lib/private/legacy
parent	f37d519d0d8acdbb6343df324b65b53b8f8d345b (diff)
parent	3ec6f4e1652444d58f0c1dd712fac02e926d39a6 (diff)
download	nextcloud-server-53398b5146b566e55874b86171643a8dfddd34c1.tar.gz nextcloud-server-53398b5146b566e55874b86171643a8dfddd34c1.zip