diff options
| author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2017-04-03 14:29:24 +0200 |
|---|---|---|
| committer | Christoph Wurst <christoph@winzerhof-wurst.at> | 2017-04-03 14:31:57 +0200 |
| commit | a7cc8c86abbb57f280268112a3fc734500b06e92 (patch) | |
| tree | 79b4706b21f43015f9ec08e188e06498ae3998e5 /lib/private | |
| parent | 455542d306f615faa8d032999db6e19902f0b5ca (diff) | |
| download | nextcloud-server-a7cc8c86abbb57f280268112a3fc734500b06e92.tar.gz nextcloud-server-a7cc8c86abbb57f280268112a3fc734500b06e92.zip | |
Redirect to 2FA selection screen
Apps like 'rainloop' use \OCP\Util::isLoggedIn() to check whether the
current request is authenticated. Since we redirected to the index
page before, it resulted in an infinite redirection loop. This change
sets the redirection URL to the 2FA selection page, which is the only
allowed page in that authentication state.
Fixes https://github.com/nextcloud/server/issues/3702
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/legacy/util.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/private/legacy/util.php b/lib/private/legacy/util.php index 7f351c5b00e..0672fefbe0c 100644 --- a/lib/private/legacy/util.php +++ b/lib/private/legacy/util.php @@ -981,9 +981,9 @@ class OC_Util { ); exit(); } - // Redirect to index page if 2FA challenge was not solved yet + // Redirect to 2FA challenge selection if 2FA challenge was not solved yet if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor(\OC::$server->getUserSession()->getUser())) { - header('Location: ' . \OCP\Util::linkToAbsolute('', 'index.php')); + header('Location: ' . \OC::$server->getURLGenerator()->linkToRoute('core.TwoFactorChallenge.selectChallenge')); exit(); } } |