From 2cf068463fb2da915fc576bfed0134e051885b39 Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Fri, 25 Oct 2019 14:42:00 +0200 Subject: Harden middleware check These annotations will allow for extra checks. And thus make it harder to break things. Signed-off-by: Roeland Jago Douma --- core/Middleware/TwoFactorMiddleware.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'core/Middleware') diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php index 7b32c0dd895..b8ca7d9da9e 100644 --- a/core/Middleware/TwoFactorMiddleware.php +++ b/core/Middleware/TwoFactorMiddleware.php @@ -88,6 +88,16 @@ class TwoFactorMiddleware extends Middleware { return; } + if ($controller instanceof TwoFactorChallengeController + && $this->userSession->getUser() !== null + && !$this->reflector->hasAnnotation('TwoFactorSetUpDoneRequired')) { + $providers = $this->twoFactorManager->getProviderSet($this->userSession->getUser()); + + if (!($providers->getProviders() === [] && !$providers->isProviderMissing())) { + throw new TwoFactorAuthRequiredException(); + } + } + if ($controller instanceof ALoginSetupController && $this->userSession->getUser() !== null && $this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) { -- cgit v1.2.3