AppAPI: allowed to bypass Two-Factor

Signed-off-by: Alexander Piskun <bigcat88@icloud.com> fix php-cs Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
author: Alexander Piskun <bigcat88@icloud.com> 2023-12-25 18:12:54 +0300
committer: Andrey Borysenko <andrey18106x@gmail.com> 2023-12-29 14:46:58 +0200
commit: 12257ac76503be7616b694693bde4f01c2a4abf3 (patch)
tree: 6a9313a011af4d34f9d6e05984aaf1cac325e7da /lib
parent: 7474b574cae8ecee2753391beb6df07d33c9de27 (diff)
download: nextcloud-server-12257ac76503be7616b694693bde4f01c2a4abf3.tar.gz
nextcloud-server-12257ac76503be7616b694693bde4f01c2a4abf3.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
index 7e115cf9b42..b43be868be9 100644
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -335,8 +335,8 @@ class Manager {
 			return false;
 		}
 
-		// If we are authenticated using an app password skip all this
-		if ($this->session->exists('app_password')) {
+		// If we are authenticated using an app password or AppAPI Auth, skip all this
+		if ($this->session->exists('app_password') || $this->session->get('app_api') === true) {
 			return false;
 		}
author	Alexander Piskun <bigcat88@icloud.com>	2023-12-25 18:12:54 +0300
committer	Andrey Borysenko <andrey18106x@gmail.com>	2023-12-29 14:46:58 +0200
commit	12257ac76503be7616b694693bde4f01c2a4abf3 (patch)
tree	6a9313a011af4d34f9d6e05984aaf1cac325e7da /lib
parent	7474b574cae8ecee2753391beb6df07d33c9de27 (diff)
download	nextcloud-server-12257ac76503be7616b694693bde4f01c2a4abf3.tar.gz nextcloud-server-12257ac76503be7616b694693bde4f01c2a4abf3.zip