Merge pull request #10636 from nextcloud/fix/2fa-enforced-backup-codes

Fix 2FA being enforced if only backup codes provider is active
author: blizzz <blizzz@arthur-schiwon.de> 2018-08-10 11:06:40 +0200
committer: GitHub <noreply@github.com> 2018-08-10 11:06:40 +0200
commit: d2b9b78c70999628bd40a0767adf3c3980cc6fa6 (patch)
tree: 23080de4da0db0f59f7fb9e33fbd1892ee8db1ef /lib
parent: a080c425cd364019067c503a2f17c490722233b7 (diff)
parent: 5c70aa2a22108e35840dc2f4b19979570dc18d40 (diff)
download: nextcloud-server-d2b9b78c70999628bd40a0767adf3c3980cc6fa6.tar.gz
nextcloud-server-d2b9b78c70999628bd40a0767adf3c3980cc6fa6.zip
1 files changed, 9 insertions, 4 deletions
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
index 0ee10ac0eff..6fa41897e1e 100644
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -27,6 +27,8 @@ declare(strict_types = 1);
 
 namespace OC\Authentication\TwoFactorAuth;
 
+use function array_diff;
+use function array_filter;
 use BadMethodCallException;
 use Exception;
 use OC\Authentication\Exceptions\InvalidTokenException;
@@ -47,6 +49,7 @@ class Manager {
 	const SESSION_UID_KEY = 'two_factor_auth_uid';
 	const SESSION_UID_DONE = 'two_factor_auth_passed';
 	const REMEMBER_LOGIN = 'two_factor_remember_login';
+	const BACKUP_CODES_PROVIDER_ID = 'backup_codes';
 
 	/** @var ProviderLoader */
 	private $providerLoader;
@@ -76,9 +79,9 @@ class Manager {
 	private $dispatcher;
 
 	public function __construct(ProviderLoader $providerLoader,
-		IRegistry $providerRegistry, ISession $session, IConfig $config,
-		IManager $activityManager, ILogger $logger, TokenProvider $tokenProvider,
-		ITimeFactory $timeFactory, EventDispatcherInterface $eventDispatcher) {
+								IRegistry $providerRegistry, ISession $session, IConfig $config,
+								IManager $activityManager, ILogger $logger, TokenProvider $tokenProvider,
+								ITimeFactory $timeFactory, EventDispatcherInterface $eventDispatcher) {
 		$this->providerLoader = $providerLoader;
 		$this->session = $session;
 		$this->config = $config;
@@ -107,8 +110,10 @@ class Manager {
 		$providers = $this->providerLoader->getProviders($user);
 		$fixedStates = $this->fixMissingProviderStates($providerStates, $providers, $user);
 		$enabled = array_filter($fixedStates);
+		$providerIds = array_keys($enabled);
+		$providerIdsWithoutBackupCodes = array_diff($providerIds, [self::BACKUP_CODES_PROVIDER_ID]);
 
-		return $twoFactorEnabled && !empty($enabled);
+		return $twoFactorEnabled && !empty($providerIdsWithoutBackupCodes);
 	}
 
 	/**
author	blizzz <blizzz@arthur-schiwon.de>	2018-08-10 11:06:40 +0200
committer	GitHub <noreply@github.com>	2018-08-10 11:06:40 +0200
commit	d2b9b78c70999628bd40a0767adf3c3980cc6fa6 (patch)
tree	23080de4da0db0f59f7fb9e33fbd1892ee8db1ef /lib
parent	a080c425cd364019067c503a2f17c490722233b7 (diff)
parent	5c70aa2a22108e35840dc2f4b19979570dc18d40 (diff)
download	nextcloud-server-d2b9b78c70999628bd40a0767adf3c3980cc6fa6.tar.gz nextcloud-server-d2b9b78c70999628bd40a0767adf3c3980cc6fa6.zip