diff options
| author | Alexander Piskun <bigcat88@icloud.com> | 2023-12-25 18:12:54 +0300 |
|---|---|---|
| committer | backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com> | 2023-12-29 08:44:13 +0000 |
| commit | 1d0b10b12c144591c80b26c2684b88212b1d915e (patch) | |
| tree | f4f589fb3d0695beaa0e24794b9a118cb444de95 /lib | |
| parent | 525d087b521be3326019afa2bc5335bf035e5164 (diff) | |
| download | nextcloud-server-1d0b10b12c144591c80b26c2684b88212b1d915e.tar.gz nextcloud-server-1d0b10b12c144591c80b26c2684b88212b1d915e.zip | |
AppAPI: allowed to bypass Two-Factor
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Authentication/TwoFactorAuth/Manager.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php index b0bb73c3115..4defcb9a585 100644 --- a/lib/private/Authentication/TwoFactorAuth/Manager.php +++ b/lib/private/Authentication/TwoFactorAuth/Manager.php @@ -318,8 +318,8 @@ class Manager { return false; } - // If we are authenticated using an app password skip all this - if ($this->session->exists('app_password')) { + // If we are authenticated using an app password or AppAPI Auth, skip all this + if ($this->session->exists('app_password') || $this->session->get('app_api') === true) { return false; } |