From 3ec6f4e1652444d58f0c1dd712fac02e926d39a6 Mon Sep 17 00:00:00 2001
From: Christoph Wurst <christoph@owncloud.com>
Date: Wed, 1 Jun 2016 11:19:49 +0200
Subject: [PATCH] block OCS if 2FA challenge needs to be solved first

---
 lib/private/legacy/api.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/private/legacy/api.php b/lib/private/legacy/api.php
index a4745f58d0..1e581153ce 100644
--- a/lib/private/legacy/api.php
+++ b/lib/private/legacy/api.php
@@ -341,6 +341,10 @@ class OC_API {
 		// reuse existing login
 		$loggedIn = \OC::$server->getUserSession()->isLoggedIn();
 		if ($loggedIn === true) {
+			if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor()) {
+				// Do not allow access to OCS until the 2FA challenge was solved successfully
+				return false;
+			}
 			$ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false;
 			if ($ocsApiRequest) {