Merge pull request #6473 from nextcloud/2fa_apppasword_auth

Fix AppPassword 2FA auth
This commit is contained in:
Lukas Reschke 2017-09-12 23:02:14 +02:00 committed by GitHub
commit 7052aaf271
2 changed files with 21 additions and 2 deletions

View File

@ -269,6 +269,11 @@ class Manager {
return false; return false;
} }
// If we are authenticated using an app password skip all this
if ($this->session->exists('app_password')) {
return false;
}
// First check if the session tells us we should do 2FA (99% case) // First check if the session tells us we should do 2FA (99% case)
if (!$this->session->exists(self::SESSION_UID_KEY)) { if (!$this->session->exists(self::SESSION_UID_KEY)) {
@ -296,7 +301,6 @@ class Manager {
} }
} }
if (!$this->isTwoFactorAuthenticated($user)) { if (!$this->isTwoFactorAuthenticated($user)) {
// There is no second factor any more -> let the user pass // There is no second factor any more -> let the user pass
// This prevents infinite redirect loops when a user is about // This prevents infinite redirect loops when a user is about

View File

@ -387,10 +387,14 @@ class ManagerTest extends TestCase {
public function testNeedsSecondFactor() { public function testNeedsSecondFactor() {
$user = $this->createMock(IUser::class); $user = $this->createMock(IUser::class);
$this->session->expects($this->at(0)) $this->session->expects($this->at(0))
->method('exists')
->with('app_password')
->willReturn(false);
$this->session->expects($this->at(1))
->method('exists') ->method('exists')
->with('two_factor_auth_uid') ->with('two_factor_auth_uid')
->will($this->returnValue(false)); ->will($this->returnValue(false));
$this->session->expects($this->at(1)) $this->session->expects($this->at(2))
->method('exists') ->method('exists')
->with(Manager::SESSION_UID_DONE) ->with(Manager::SESSION_UID_DONE)
->willReturn(false); ->willReturn(false);
@ -523,6 +527,8 @@ class ManagerTest extends TestCase {
->will($this->returnCallback(function($var) { ->will($this->returnCallback(function($var) {
if ($var === Manager::SESSION_UID_KEY) { if ($var === Manager::SESSION_UID_KEY) {
return false; return false;
} else if ($var === 'app_password') {
return false;
} }
return true; return true;
})); }));
@ -585,4 +591,13 @@ class ManagerTest extends TestCase {
$this->assertFalse($this->manager->needsSecondFactor($user)); $this->assertFalse($this->manager->needsSecondFactor($user));
} }
public function testNeedsSecondFactorAppPassword() {
$user = $this->createMock(IUser::class);
$this->session->method('exists')
->with('app_password')
->willReturn(true);
$this->assertFalse($this->manager->needsSecondFactor($user));
}
} }