summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@winzerhof-wurst.at>2018-08-10 09:26:40 +0200
committerChristoph Wurst <christoph@winzerhof-wurst.at>2018-08-10 09:26:40 +0200
commit1124b87bc0e7606e27c309615bb65d3d73d0a121 (patch)
tree9a3e848e941521d5887f46a12f615ef3862760ab /lib
parent103a2c30fb29b0d0f026d56eaa58d50cb68323ed (diff)
downloadnextcloud-server-1124b87bc0e7606e27c309615bb65d3d73d0a121.tar.gz
nextcloud-server-1124b87bc0e7606e27c309615bb65d3d73d0a121.zip
Fix 2FA being enforced if only backup codes provider is active
Fixes https://github.com/nextcloud/server/issues/10634. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'lib')
-rw-r--r--lib/private/Authentication/TwoFactorAuth/Manager.php13
1 files changed, 9 insertions, 4 deletions
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
index 0ee10ac0eff..6fa41897e1e 100644
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -27,6 +27,8 @@ declare(strict_types = 1);
namespace OC\Authentication\TwoFactorAuth;
+use function array_diff;
+use function array_filter;
use BadMethodCallException;
use Exception;
use OC\Authentication\Exceptions\InvalidTokenException;
@@ -47,6 +49,7 @@ class Manager {
const SESSION_UID_KEY = 'two_factor_auth_uid';
const SESSION_UID_DONE = 'two_factor_auth_passed';
const REMEMBER_LOGIN = 'two_factor_remember_login';
+ const BACKUP_CODES_PROVIDER_ID = 'backup_codes';
/** @var ProviderLoader */
private $providerLoader;
@@ -76,9 +79,9 @@ class Manager {
private $dispatcher;
public function __construct(ProviderLoader $providerLoader,
- IRegistry $providerRegistry, ISession $session, IConfig $config,
- IManager $activityManager, ILogger $logger, TokenProvider $tokenProvider,
- ITimeFactory $timeFactory, EventDispatcherInterface $eventDispatcher) {
+ IRegistry $providerRegistry, ISession $session, IConfig $config,
+ IManager $activityManager, ILogger $logger, TokenProvider $tokenProvider,
+ ITimeFactory $timeFactory, EventDispatcherInterface $eventDispatcher) {
$this->providerLoader = $providerLoader;
$this->session = $session;
$this->config = $config;
@@ -107,8 +110,10 @@ class Manager {
$providers = $this->providerLoader->getProviders($user);
$fixedStates = $this->fixMissingProviderStates($providerStates, $providers, $user);
$enabled = array_filter($fixedStates);
+ $providerIds = array_keys($enabled);
+ $providerIdsWithoutBackupCodes = array_diff($providerIds, [self::BACKUP_CODES_PROVIDER_ID]);
- return $twoFactorEnabled && !empty($enabled);
+ return $twoFactorEnabled && !empty($providerIdsWithoutBackupCodes);
}
/**