From 1d0b10b12c144591c80b26c2684b88212b1d915e Mon Sep 17 00:00:00 2001
From: Alexander Piskun <bigcat88@icloud.com>
Date: Mon, 25 Dec 2023 18:12:54 +0300
Subject: AppAPI: allowed to bypass Two-Factor

Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
---
 lib/private/Authentication/TwoFactorAuth/Manager.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
index b0bb73c3115..4defcb9a585 100644
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -318,8 +318,8 @@ class Manager {
 			return false;
 		}
 
-		// If we are authenticated using an app password skip all this
-		if ($this->session->exists('app_password')) {
+		// If we are authenticated using an app password or AppAPI Auth, skip all this
+		if ($this->session->exists('app_password') || $this->session->get('app_api') === true) {
 			return false;
 		}
 
-- 
cgit v1.2.3