prevent infinite redirect loops if the there is no 2fa provider to pass

This fixes infinite loops that are caused whenever a user is about to solve a 2FA challenge, but the provider app is disabled at the same time. Since the session value usually indicates that the challenge needs to be solved before we grant access we have to remove that value instead in this special case.
author: Christoph Wurst <christoph@winzerhof-wurst.at> 2016-08-24 10:42:07 +0200
committer: Christoph Wurst <christoph@winzerhof-wurst.at> 2016-08-24 10:49:23 +0200
commit: 6af2efb67931863b27d96c74cdff1d2ca2615e52 (patch)
tree: 2ab4525949cef9c9bc818fa49d8eefe70d22f443 /lib/private/legacy
parent: 8d8366762be728f10af7ae9e465dcdba727d0eaf (diff)
download: nextcloud-server-6af2efb67931863b27d96c74cdff1d2ca2615e52.tar.gz
nextcloud-server-6af2efb67931863b27d96c74cdff1d2ca2615e52.zip
3 files changed, 3 insertions, 3 deletions
diff --git a/lib/private/legacy/api.php b/lib/private/legacy/api.php
index 30083294861..17ee9c5d468 100644
--- a/lib/private/legacy/api.php
+++ b/lib/private/legacy/api.php
@@ -311,7 +311,7 @@ class OC_API {
 		// reuse existing login
 		$loggedIn = \OC::$server->getUserSession()->isLoggedIn();
 		if ($loggedIn === true) {
-			if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor()) {
+			if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor(\OC::$server->getUserSession()->getUser())) {
 				// Do not allow access to OCS until the 2FA challenge was solved successfully
 				return false;
 			}
diff --git a/lib/private/legacy/json.php b/lib/private/legacy/json.php
index 2882ac94ea9..f386d03ab1b 100644
--- a/lib/private/legacy/json.php
+++ b/lib/private/legacy/json.php
@@ -68,7 +68,7 @@ class OC_JSON{
 	public static function checkLoggedIn() {
 		$twoFactorAuthManger = \OC::$server->getTwoFactorAuthManager();
 		if( !OC_User::isLoggedIn()
-			|| $twoFactorAuthManger->needsSecondFactor()) {
+			|| $twoFactorAuthManger->needsSecondFactor(\OC::$server->getUserSession()->getUser())) {
 			$l = \OC::$server->getL10N('lib');
 			http_response_code(\OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
 			self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' )));
diff --git a/lib/private/legacy/util.php b/lib/private/legacy/util.php
index a975da39271..7341331518d 100644
--- a/lib/private/legacy/util.php
+++ b/lib/private/legacy/util.php
@@ -975,7 +975,7 @@ class OC_Util {
 			exit();
 		}
 		// Redirect to index page if 2FA challenge was not solved yet
-		if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor()) {
+		if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor(\OC::$server->getUserSession()->getUser())) {
 			header('Location: ' . \OCP\Util::linkToAbsolute('', 'index.php'));
 			exit();
 		}
author	Christoph Wurst <christoph@winzerhof-wurst.at>	2016-08-24 10:42:07 +0200
committer	Christoph Wurst <christoph@winzerhof-wurst.at>	2016-08-24 10:49:23 +0200
commit	6af2efb67931863b27d96c74cdff1d2ca2615e52 (patch)
tree	2ab4525949cef9c9bc818fa49d8eefe70d22f443 /lib/private/legacy
parent	8d8366762be728f10af7ae9e465dcdba727d0eaf (diff)
download	nextcloud-server-6af2efb67931863b27d96c74cdff1d2ca2615e52.tar.gz nextcloud-server-6af2efb67931863b27d96c74cdff1d2ca2615e52.zip