From 660e5502603e82bb70652cbd146d72139791d6a7 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Wed, 1 Dec 2021 17:50:43 +0100
Subject: Only check the twofactor state once per request

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 lib/private/Authentication/TwoFactorAuth/Manager.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'lib/private/Authentication/TwoFactorAuth/Manager.php')

diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
index 375803b1d96..66e7c090e42 100644
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -87,6 +87,9 @@ class Manager {
 	/** @var EventDispatcherInterface */
 	private $legacyDispatcher;
 
+	/** @psalm-var array<string, bool> */
+	private $userIsTwoFactorAuthenticated = [];
+
 	public function __construct(ProviderLoader $providerLoader,
 								IRegistry $providerRegistry,
 								MandatoryTwoFactor $mandatoryTwoFactor,
@@ -118,6 +121,10 @@ class Manager {
 	 * @return boolean
 	 */
 	public function isTwoFactorAuthenticated(IUser $user): bool {
+		if (isset($this->userIsTwoFactorAuthenticated[$user->getUID()])) {
+			return $this->userIsTwoFactorAuthenticated[$user->getUID()];
+		}
+
 		if ($this->mandatoryTwoFactor->isEnforcedFor($user)) {
 			return true;
 		}
@@ -129,7 +136,8 @@ class Manager {
 		$providerIds = array_keys($enabled);
 		$providerIdsWithoutBackupCodes = array_diff($providerIds, [self::BACKUP_CODES_PROVIDER_ID]);
 
-		return !empty($providerIdsWithoutBackupCodes);
+		$this->userIsTwoFactorAuthenticated[$user->getUID()] = !empty($providerIdsWithoutBackupCodes);
+		return $this->userIsTwoFactorAuthenticated[$user->getUID()];
 	}
 
 	/**
-- 
cgit v1.2.3