Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/server.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/core/Middleware
diff options
context:
space:
mode:
authorRoeland Jago Douma <roeland@famdouma.nl>2019-10-25 15:42:00 +0300
committerRoeland Jago Douma <roeland@famdouma.nl>2019-10-25 16:44:37 +0300
commit2cf068463fb2da915fc576bfed0134e051885b39 (patch)
treeace41cc391e8124c293aadab8df6e28a8934b7cf /core/Middleware
parenta1cc2b21cc4e8abc0aa04938429e73b7b1f66fef (diff)
Harden middleware check
These annotations will allow for extra checks. And thus make it harder to break things. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'core/Middleware')
-rw-r--r--core/Middleware/TwoFactorMiddleware.php10
1 files changed, 10 insertions, 0 deletions
diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php
index 7b32c0dd895..b8ca7d9da9e 100644
--- a/core/Middleware/TwoFactorMiddleware.php
+++ b/core/Middleware/TwoFactorMiddleware.php
@@ -88,6 +88,16 @@ class TwoFactorMiddleware extends Middleware {
return;
}
+ if ($controller instanceof TwoFactorChallengeController
+ && $this->userSession->getUser() !== null
+ && !$this->reflector->hasAnnotation('TwoFactorSetUpDoneRequired')) {
+ $providers = $this->twoFactorManager->getProviderSet($this->userSession->getUser());
+
+ if (!($providers->getProviders() === [] && !$providers->isProviderMissing())) {
+ throw new TwoFactorAuthRequiredException();
+ }
+ }
+
if ($controller instanceof ALoginSetupController
&& $this->userSession->getUser() !== null
&& $this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-23 06:55:32 +0300