diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2019-02-20 19:40:40 +0300 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2019-02-20 19:40:40 +0300 |
| commit | 8c778827941ecbd08daf8108fba056a05b85e309 (patch) | |
| tree | 9fdb05dcd6f6957412f16272bee3ad23cf5ec40c /core/Middleware | |
| parent | beba18224898777b559f3a657d890c0e9bdd7864 (diff) | |
No need to check 2fa state on apptoken logins
If you login with an apptoken there is no need to check 2FA state as
this does not apply to apptokens. Not checking saves us a query on each
request made from a client.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'core/Middleware')
| -rw-r--r-- | core/Middleware/TwoFactorMiddleware.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php index d3811f7d27e..167545b0df9 100644 --- a/core/Middleware/TwoFactorMiddleware.php +++ b/core/Middleware/TwoFactorMiddleware.php @@ -95,7 +95,8 @@ class TwoFactorMiddleware extends Middleware { if ($this->userSession->isLoggedIn()) { $user = $this->userSession->getUser(); - if ($this->twoFactorManager->isTwoFactorAuthenticated($user)) { + + if ($this->session->exists('app_password') || $this->twoFactorManager->isTwoFactorAuthenticated($user)) { $this->checkTwoFactor($controller, $methodName, $user); } else if ($controller instanceof TwoFactorChallengeController) { // Allow access to the two-factor controllers only if two-factor authentication |