diff options
author | Kate Butler <kate@innocraft.com> | 2019-07-17 07:13:05 +0300 |
---|---|---|
committer | Thomas Steur <tsteur@users.noreply.github.com> | 2019-07-17 07:13:05 +0300 |
commit | 6411472b183195162d3dbfa8b7e649bcaba812ba (patch) | |
tree | dec613e2f66bffa93b6e2279f18b42b332cbc674 /plugins/TwoFactorAuth | |
parent | cf6e9663a1720530c59932e022c6b25e2badbcee (diff) |
Allow XHR requests with tokenauth (e.g. from widgetized pages) to skip 2FA (#14657)
Diffstat (limited to 'plugins/TwoFactorAuth')
-rw-r--r-- | plugins/TwoFactorAuth/TwoFactorAuth.php | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/plugins/TwoFactorAuth/TwoFactorAuth.php b/plugins/TwoFactorAuth/TwoFactorAuth.php index 4f550df53d..fe1c3f465f 100644 --- a/plugins/TwoFactorAuth/TwoFactorAuth.php +++ b/plugins/TwoFactorAuth/TwoFactorAuth.php @@ -180,14 +180,11 @@ class TwoFactorAuth extends \Piwik\Plugin return false; } - if (Piwik::getModule() === 'Widgetize') { - // we cannot use $module as it would be different when dispatching other requests within the widgetized request - $auth = StaticContainer::get('Piwik\Auth'); - if ($auth && !$auth->getLogin() && method_exists($auth, 'getTokenAuth') && $auth->getTokenAuth()) { - // when authenticated by token only, we do not require 2fa - // needed eg for rendering exported widgets authenticated by token - return false; - } + $auth = StaticContainer::get('Piwik\Auth'); + if ($auth && !$auth->getLogin() && method_exists($auth, 'getTokenAuth') && $auth->getTokenAuth()) { + // when authenticated by token only, we do not require 2fa + // needed eg for rendering exported widgets authenticated by token + return false; } $requiresAuth = true; |