From 3e3b326c85d31f69cbc30aa8b9aaa65d4ce04087 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@owncloud.com>
Date: Tue, 7 Jun 2016 17:53:00 +0200
Subject: Allow to cancel 2FA after login

---
 core/Controller/TwoFactorChallengeController.php | 9 +++++++++
 core/Middleware/TwoFactorMiddleware.php          | 5 +++++
 core/css/styles.css                              | 4 ++++
 core/templates/twofactorselectchallenge.php      | 3 ++-
 core/templates/twofactorshowchallenge.php        | 1 +
 5 files changed, 21 insertions(+), 1 deletion(-)

(limited to 'core')

diff --git a/core/Controller/TwoFactorChallengeController.php b/core/Controller/TwoFactorChallengeController.php
index 499898de3bc..edaf3378cd8 100644
--- a/core/Controller/TwoFactorChallengeController.php
+++ b/core/Controller/TwoFactorChallengeController.php
@@ -61,6 +61,13 @@ class TwoFactorChallengeController extends Controller {
 		$this->urlGenerator = $urlGenerator;
 	}
 
+	/**
+	 * @return string
+	 */
+	protected function getLogoutAttribute() {
+		return \OC_User::getLogoutAttribute();
+	}
+
 	/**
 	 * @NoAdminRequired
 	 * @NoCSRFRequired
@@ -75,6 +82,7 @@ class TwoFactorChallengeController extends Controller {
 		$data = [
 			'providers' => $providers,
 			'redirect_url' => $redirect_url,
+			'logout_attribute' => $this->getLogoutAttribute(),
 		];
 		return new TemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest');
 	}
@@ -106,6 +114,7 @@ class TwoFactorChallengeController extends Controller {
 		$data = [
 			'error' => $error,
 			'provider' => $provider,
+			'logout_attribute' => $this->getLogoutAttribute(),
 			'template' => $tmpl->fetchPage(),
 		];
 		return new TemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');
diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php
index aa82897ad46..0bad8a2c40f 100644
--- a/core/Middleware/TwoFactorMiddleware.php
+++ b/core/Middleware/TwoFactorMiddleware.php
@@ -82,6 +82,11 @@ class TwoFactorMiddleware extends Middleware {
 			return;
 		}
 
+		if ($controller instanceof \OC\Core\Controller\LoginController && $methodName === 'logout') {
+			// Don't block the logout page, to allow canceling the 2FA
+			return;
+		}
+
 		if ($this->userSession->isLoggedIn()) {
 			$user = $this->userSession->getUser();
 
diff --git a/core/css/styles.css b/core/css/styles.css
index 837b3259781..0d7a5576e0c 100644
--- a/core/css/styles.css
+++ b/core/css/styles.css
@@ -37,6 +37,10 @@ body {
 	display: inline-block;
 }
 
+a.two-factor-cancel {
+	color: #fff;
+}
+
 .float-spinner {
 	height: 32px;
 	display: none;
diff --git a/core/templates/twofactorselectchallenge.php b/core/templates/twofactorselectchallenge.php
index 14d599aab3e..4209beac4e6 100644
--- a/core/templates/twofactorselectchallenge.php
+++ b/core/templates/twofactorselectchallenge.php
@@ -18,4 +18,5 @@
 	</li>
 <?php endforeach; ?>
 </ul>
-</fieldset>
\ No newline at end of file
+</fieldset>
+<a class="two-factor-cancel" <?php print_unescaped($_['logout_attribute']); ?>><?php p($l->t('Cancel login')) ?></a>
diff --git a/core/templates/twofactorshowchallenge.php b/core/templates/twofactorshowchallenge.php
index 66f5ed312ec..c5ee9aca4b4 100644
--- a/core/templates/twofactorshowchallenge.php
+++ b/core/templates/twofactorshowchallenge.php
@@ -17,3 +17,4 @@ $template = $_['template'];
 <span class="warning"><?php p($l->t('An error occured while verifying the token')); ?></span>
 <?php endif; ?>
 <?php print_unescaped($template); ?>
+<a class="two-factor-cancel" <?php print_unescaped($_['logout_attribute']); ?>><?php p($l->t('Cancel login')) ?></a>
-- 
cgit v1.2.3