Browse Source
Explicitly allow some routes without 2FA
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
pull/29752/head
Christoph Wurst
4 years ago
No known key found for this signature in database
GPG Key ID: CC42AC2A7F0E56D8
2 changed files with
7 additions and
0 deletions
-
core/Controller/OCJSController.php
-
core/Middleware/TwoFactorMiddleware.php
|
|
|
@ -98,6 +98,7 @@ class OCJSController extends Controller { |
|
|
|
|
|
|
|
/** |
|
|
|
* @NoCSRFRequired |
|
|
|
* @NoTwoFactorRequired |
|
|
|
* @PublicPage |
|
|
|
* |
|
|
|
* @return DataDisplayResponse |
|
|
|
|
|
|
|
@ -83,6 +83,12 @@ class TwoFactorMiddleware extends Middleware { |
|
|
|
* @param string $methodName |
|
|
|
*/ |
|
|
|
public function beforeController($controller, $methodName) { |
|
|
|
if ($this->reflector->hasAnnotation('NoTwoFactorRequired')) { |
|
|
|
// Route handler explicitly marked to work without finished 2FA are
|
|
|
|
// not blocked
|
|
|
|
return; |
|
|
|
} |
|
|
|
|
|
|
|
if ($controller instanceof APIController && $methodName === 'poll') { |
|
|
|
// Allow polling the twofactor nextcloud notifications state
|
|
|
|
return; |
|
|
|
|
