1 files changed, 19 insertions, 56 deletions
diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php
index 0ea21ce78de..0dea402f127 100644
--- a/core/Middleware/TwoFactorMiddleware.php
+++ b/core/Middleware/TwoFactorMiddleware.php
@@ -3,27 +3,9 @@
 declare(strict_types=1);
 
 /**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Joas Schilling <coding@schilljs.com>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
  */
 namespace OC\Core\Middleware;
 
@@ -46,38 +28,14 @@ use OCP\IURLGenerator;
 use OCP\IUser;
 
 class TwoFactorMiddleware extends Middleware {
-	/** @var Manager */
-	private $twoFactorManager;
-
-	/** @var Session */
-	private $userSession;
-
-	/** @var ISession */
-	private $session;
-
-	/** @var IURLGenerator */
-	private $urlGenerator;
-
-	/** @var IControllerMethodReflector */
-	private $reflector;
-
-	/** @var IRequest */
-	private $request;
-
-	/**
-	 * @param Manager $twoFactorManager
-	 * @param Session $userSession
-	 * @param ISession $session
-	 * @param IURLGenerator $urlGenerator
-	 */
-	public function __construct(Manager $twoFactorManager, Session $userSession, ISession $session,
-		IURLGenerator $urlGenerator, IControllerMethodReflector $reflector, IRequest $request) {
-		$this->twoFactorManager = $twoFactorManager;
-		$this->userSession = $userSession;
-		$this->session = $session;
-		$this->urlGenerator = $urlGenerator;
-		$this->reflector = $reflector;
-		$this->request = $request;
+	public function __construct(
+		private Manager $twoFactorManager,
+		private Session $userSession,
+		private ISession $session,
+		private IURLGenerator $urlGenerator,
+		private IControllerMethodReflector $reflector,
+		private IRequest $request,
+	) {
 	}
 
 	/**
@@ -124,7 +82,10 @@ class TwoFactorMiddleware extends Middleware {
 		if ($this->userSession->isLoggedIn()) {
 			$user = $this->userSession->getUser();
 
-			if ($this->session->exists('app_password') || $this->twoFactorManager->isTwoFactorAuthenticated($user)) {
+			if ($this->session->exists('app_password')  // authenticated using an app password
+				|| $this->session->exists('app_api')  // authenticated using an AppAPI Auth
+				|| $this->twoFactorManager->isTwoFactorAuthenticated($user)) {
+
 				$this->checkTwoFactor($controller, $methodName, $user);
 			} elseif ($controller instanceof TwoFactorChallengeController) {
 				// Allow access to the two-factor controllers only if two-factor authentication
@@ -155,8 +116,10 @@ class TwoFactorMiddleware extends Middleware {
 
 	public function afterException($controller, $methodName, Exception $exception) {
 		if ($exception instanceof TwoFactorAuthRequiredException) {
-			$params = [];
-			if (isset($this->request->server['REQUEST_URI'])) {
+			$params = [
+				'redirect_url' => $this->request->getParam('redirect_url'),
+			];
+			if (!isset($params['redirect_url']) && isset($this->request->server['REQUEST_URI'])) {
 				$params['redirect_url'] = $this->request->server['REQUEST_URI'];
 			}
 			return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge', $params));