From c9aea8ffdfedab589779018e5982032671431118 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Tue, 18 Mar 2025 09:49:27 +0100
Subject: fix(auth): Allow 2FA challenges for Ephemeral sessions

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 .../AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php    | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php b/lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php
index d5c73b1f598..c30855a0e98 100644
--- a/lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php
+++ b/lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php
@@ -9,6 +9,7 @@ namespace OC\AppFramework\Middleware;
 
 use OC\AppFramework\Utility\ControllerMethodReflector;
 use OC\Core\Controller\ClientFlowLoginV2Controller;
+use OC\Core\Controller\TwoFactorChallengeController;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\Attribute\PublicPage;
 use OCP\AppFramework\Middleware;
@@ -38,6 +39,10 @@ class FlowV2EphemeralSessionsMiddleware extends Middleware {
 			return;
 		}
 
+		if ($controller instanceof TwoFactorChallengeController) {
+			return;
+		}
+
 		$reflectionMethod = new ReflectionMethod($controller, $methodName);
 		if (!empty($reflectionMethod->getAttributes(PublicPage::class))) {
 			return;
-- 
cgit v1.2.3