Allow to cancel 2FA after login

core/Controller/TwoFactorChallengeController.php

@@ -61,6 +61,13 @@ class TwoFactorChallengeController extends Controller {
 		$this->urlGenerator = $urlGenerator;
 	}
 
+	/**
+	 * @return string
+	 */
+	protected function getLogoutAttribute() {
+		return \OC_User::getLogoutAttribute();
+	}
+
 	/**
 	 * @NoAdminRequired
 	 * @NoCSRFRequired
@@ -75,6 +82,7 @@ class TwoFactorChallengeController extends Controller {
 		$data = [
 			'providers' => $providers,
 			'redirect_url' => $redirect_url,
+			'logout_attribute' => $this->getLogoutAttribute(),
 		];
 		return new TemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest');
 	}
@@ -106,6 +114,7 @@ class TwoFactorChallengeController extends Controller {
 		$data = [
 			'error' => $error,
 			'provider' => $provider,
+			'logout_attribute' => $this->getLogoutAttribute(),
 			'template' => $tmpl->fetchPage(),
 		];
 		return new TemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');

core/Middleware/TwoFactorMiddleware.php

@@ -82,6 +82,11 @@ class TwoFactorMiddleware extends Middleware {
 			return;
 		}
 
+		if ($controller instanceof \OC\Core\Controller\LoginController && $methodName === 'logout') {
+			// Don't block the logout page, to allow canceling the 2FA
+			return;
+		}
+
 		if ($this->userSession->isLoggedIn()) {
 			$user = $this->userSession->getUser();
 

core/css/styles.css

@@ -37,6 +37,10 @@ body {
 	display: inline-block;
 }
 
+a.two-factor-cancel {
+	color: #fff;
+}
+
 .float-spinner {
 	height: 32px;
 	display: none;

core/templates/twofactorselectchallenge.php

@@ -19,3 +19,4 @@
 <?php endforeach; ?>
 </ul>
 </fieldset>
+<a class="two-factor-cancel" <?php print_unescaped($_['logout_attribute']); ?>><?php p($l->t('Cancel login')) ?></a>

core/templates/twofactorshowchallenge.php

@@ -17,3 +17,4 @@ $template = $_['template'];
 <span class="warning"><?php p($l->t('An error occured while verifying the token')); ?></span>
 <?php endif; ?>
 <?php print_unescaped($template); ?>
+<a class="two-factor-cancel" <?php print_unescaped($_['logout_attribute']); ?>><?php p($l->t('Cancel login')) ?></a>

tests/Core/Controller/TwoFactorChallengeControllerTest.php

@@ -33,7 +33,7 @@ class TwoFactorChallengeControllerTest extends TestCase {
 	private $session;
 	private $urlGenerator;
 
-	/** TwoFactorChallengeController */
+	/** @var TwoFactorChallengeController|\PHPUnit_Framework_MockObject_MockObject */
 	private $controller;
 
 	protected function setUp() {
@@ -47,9 +47,20 @@ class TwoFactorChallengeControllerTest extends TestCase {
 		$this->session = $this->getMock('\OCP\ISession');
 		$this->urlGenerator = $this->getMock('\OCP\IURLGenerator');
 
-		$this->controller = new TwoFactorChallengeController(
-			'core', $this->request, $this->twoFactorManager, $this->userSession, $this->session, $this->urlGenerator
-		);
+		$this->controller = $this->getMockBuilder('OC\Core\Controller\TwoFactorChallengeController')
+			->setConstructorArgs([
+				'core',
+				$this->request,
+				$this->twoFactorManager,
+				$this->userSession,
+				$this->session,
+				$this->urlGenerator,
+			])
+			->setMethods(['getLogoutAttribute'])
+			->getMock();
+		$this->controller->expects($this->any())
+			->method('getLogoutAttribute')
+			->willReturn('logoutAttribute');
 	}
 
 	public function testSelectChallenge() {
@@ -70,6 +81,7 @@ class TwoFactorChallengeControllerTest extends TestCase {
 		$expected = new \OCP\AppFramework\Http\TemplateResponse('core', 'twofactorselectchallenge', [
 			'providers' => $providers,
 			'redirect_url' => '/some/url',
+			'logout_attribute' => 'logoutAttribute',
 		], 'guest');
 
 		$this->assertEquals($expected, $this->controller->selectChallenge('/some/url'));
@@ -110,6 +122,7 @@ class TwoFactorChallengeControllerTest extends TestCase {
 		$expected = new \OCP\AppFramework\Http\TemplateResponse('core', 'twofactorshowchallenge', [
 			'error' => true,
 			'provider' => $provider,
+			'logout_attribute' => 'logoutAttribute',
 			'template' => '<html/>',
 			], 'guest');