From 6411472b183195162d3dbfa8b7e649bcaba812ba Mon Sep 17 00:00:00 2001
From: Kate Butler <kate@innocraft.com>
Date: Wed, 17 Jul 2019 16:13:05 +1200
Subject: Allow XHR requests with tokenauth (e.g. from widgetized pages) to
 skip 2FA (#14657)

---
 plugins/TwoFactorAuth/TwoFactorAuth.php | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

(limited to 'plugins/TwoFactorAuth')

diff --git a/plugins/TwoFactorAuth/TwoFactorAuth.php b/plugins/TwoFactorAuth/TwoFactorAuth.php
index 4f550df53d..fe1c3f465f 100644
--- a/plugins/TwoFactorAuth/TwoFactorAuth.php
+++ b/plugins/TwoFactorAuth/TwoFactorAuth.php
@@ -180,14 +180,11 @@ class TwoFactorAuth extends \Piwik\Plugin
             return false;
         }
 
-        if (Piwik::getModule() === 'Widgetize') {
-            // we cannot use $module as it would be different when dispatching other requests within the widgetized request
-            $auth = StaticContainer::get('Piwik\Auth');
-            if ($auth && !$auth->getLogin() && method_exists($auth, 'getTokenAuth') && $auth->getTokenAuth()) {
-                // when authenticated by token only, we do not require 2fa
-                // needed eg for rendering exported widgets authenticated by token
-                return false;
-            }
+        $auth = StaticContainer::get('Piwik\Auth');
+        if ($auth && !$auth->getLogin() && method_exists($auth, 'getTokenAuth') && $auth->getTokenAuth()) {
+            // when authenticated by token only, we do not require 2fa
+            // needed eg for rendering exported widgets authenticated by token
+            return false;
         }
 
         $requiresAuth = true;
-- 
cgit v1.2.3