diff options
Diffstat (limited to 'core/Middleware')
-rw-r--r-- | core/Middleware/TwoFactorMiddleware.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php index ea25aa36ecd..bcb06d20081 100644 --- a/core/Middleware/TwoFactorMiddleware.php +++ b/core/Middleware/TwoFactorMiddleware.php @@ -82,6 +82,10 @@ class TwoFactorMiddleware extends Middleware { if ($this->twoFactorManager->isTwoFactorAuthenticated($user)) { $this->checkTwoFactor($controller, $methodName); + } else if ($controller instanceof TwoFactorChallengeController) { + // Allow access to the two-factor controllers only if two-factor authentication + // is in progress. + throw new UserAlreadyLoggedInException(); } } // TODO: dont check/enforce 2FA if a auth token is used |