From a7cc8c86abbb57f280268112a3fc734500b06e92 Mon Sep 17 00:00:00 2001
From: Christoph Wurst <christoph@winzerhof-wurst.at>
Date: Mon, 3 Apr 2017 14:29:24 +0200
Subject: Redirect to 2FA selection screen

Apps like 'rainloop' use \OCP\Util::isLoggedIn() to check whether the
current request is authenticated. Since we redirected to the index
page before, it resulted in an infinite redirection loop. This change
sets the redirection URL to the 2FA selection page, which is the only
allowed page in that authentication state.

Fixes https://github.com/nextcloud/server/issues/3702

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
---
 lib/private/legacy/util.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/private/legacy/util.php b/lib/private/legacy/util.php
index 7f351c5b00e..0672fefbe0c 100644
--- a/lib/private/legacy/util.php
+++ b/lib/private/legacy/util.php
@@ -981,9 +981,9 @@ class OC_Util {
 			);
 			exit();
 		}
-		// Redirect to index page if 2FA challenge was not solved yet
+		// Redirect to 2FA challenge selection if 2FA challenge was not solved yet
 		if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor(\OC::$server->getUserSession()->getUser())) {
-			header('Location: ' . \OCP\Util::linkToAbsolute('', 'index.php'));
+			header('Location: ' . \OC::$server->getURLGenerator()->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
 			exit();
 		}
 	}
-- 
cgit v1.2.3