summaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/Authentication')
-rw-r--r--lib/private/Authentication/TwoFactorAuth/Manager.php18
1 files changed, 16 insertions, 2 deletions
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
index 66bcafbce71..143fe7dc927 100644
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -165,10 +165,24 @@ class Manager {
/**
* Check if the currently logged in user needs to pass 2FA
*
+ * @param IUser $user the currently logged in user
* @return boolean
*/
- public function needsSecondFactor() {
- return $this->session->exists(self::SESSION_UID_KEY);
+ public function needsSecondFactor(IUser $user = null) {
+ if (is_null($user) || !$this->session->exists(self::SESSION_UID_KEY)) {
+ return false;
+ }
+
+ if (!$this->isTwoFactorAuthenticated($user)) {
+ // There is no second factor any more -> let the user pass
+ // This prevents infinite redirect loops when a user is about
+ // to solve the 2FA challenge, and the provider app is
+ // disabled the same time
+ $this->session->remove(self::SESSION_UID_KEY);
+ return false;
+ }
+
+ return true;
}
/**
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-02 22:27:43 +0000