From c8caba265fcb5a8c533aa726f9971b1f5b234cc9 Mon Sep 17 00:00:00 2001
From: Christoph Wurst <christoph@winzerhof-wurst.at>
Date: Wed, 17 Nov 2021 18:42:21 +0100
Subject: Explicitly allow some routes without 2FA

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
---
 core/Middleware/TwoFactorMiddleware.php | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'core/Middleware/TwoFactorMiddleware.php')

diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php
index fbdb106b7bb..4c13a99a1aa 100644
--- a/core/Middleware/TwoFactorMiddleware.php
+++ b/core/Middleware/TwoFactorMiddleware.php
@@ -83,6 +83,12 @@ class TwoFactorMiddleware extends Middleware {
 	 * @param string $methodName
 	 */
 	public function beforeController($controller, $methodName) {
+		if ($this->reflector->hasAnnotation('NoTwoFactorRequired')) {
+			// Route handler explicitly marked to work without finished 2FA are
+			// not blocked
+			return;
+		}
+
 		if ($controller instanceof APIController && $methodName === 'poll') {
 			// Allow polling the twofactor nextcloud notifications state
 			return;
-- 
cgit v1.2.3