mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #24936 from owncloud/2fa-block-ocs 

block OCS if 2FA challenge needs to be solved first
This commit is contained in:
Vincent Petry 2016-06-02 14:55:34 +02:00
parent f37d519d0d 3ec6f4e165
commit 53398b5146
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/private/legacy/api.php
View File

@ -341,6 +341,10 @@ class OC_API {
// reuse existing login // reuse existing login
$loggedIn = \OC::$server->getUserSession()->isLoggedIn(); $loggedIn = \OC::$server->getUserSession()->isLoggedIn();
if ($loggedIn === true) { if ($loggedIn === true) {
if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor()) {
// Do not allow access to OCS until the 2FA challenge was solved successfully
return false;
}
$ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false; $ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false;
if ($ocsApiRequest) { if ($ocsApiRequest) {