зеркало из https://github.com/nextcloud/server.git
AppAPI: allowed to bypass Two-Factor
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
This commit is contained in:
Родитель
17cb5dadcd
Коммит
26d343d33a
|
@ -100,7 +100,10 @@ class TwoFactorMiddleware extends Middleware {
|
|||
if ($this->userSession->isLoggedIn()) {
|
||||
$user = $this->userSession->getUser();
|
||||
|
||||
if ($this->session->exists('app_password') || $this->twoFactorManager->isTwoFactorAuthenticated($user)) {
|
||||
if ($this->session->exists('app_password') // authenticated using an app password
|
||||
|| $this->session->exists('app_api') // authenticated using an AppAPI Auth
|
||||
|| $this->twoFactorManager->isTwoFactorAuthenticated($user)) {
|
||||
|
||||
$this->checkTwoFactor($controller, $methodName, $user);
|
||||
} elseif ($controller instanceof TwoFactorChallengeController) {
|
||||
// Allow access to the two-factor controllers only if two-factor authentication
|
||||
|
|
|
@ -318,8 +318,8 @@ class Manager {
|
|||
return false;
|
||||
}
|
||||
|
||||
// If we are authenticated using an app password skip all this
|
||||
if ($this->session->exists('app_password')) {
|
||||
// If we are authenticated using an app password or AppAPI Auth, skip all this
|
||||
if ($this->session->exists('app_password') || $this->session->get('app_api') === true) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
@ -629,13 +629,26 @@ class ManagerTest extends TestCase {
|
|||
return false;
|
||||
} elseif ($var === 'app_password') {
|
||||
return false;
|
||||
} elseif ($var === 'app_api') {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
});
|
||||
$this->session->method('get')
|
||||
->willReturnCallback(function ($var) {
|
||||
if ($var === Manager::SESSION_UID_KEY) {
|
||||
return 'user';
|
||||
} elseif ($var === 'app_api') {
|
||||
return true;
|
||||
}
|
||||
return null;
|
||||
});
|
||||
$this->session->expects($this->once())
|
||||
->method('get')
|
||||
->with(Manager::SESSION_UID_DONE)
|
||||
->willReturn('user');
|
||||
->willReturnMap([
|
||||
[Manager::SESSION_UID_DONE, 'user'],
|
||||
['app_api', true]
|
||||
]);
|
||||
|
||||
$this->assertFalse($this->manager->needsSecondFactor($user));
|
||||
}
|
||||
|
@ -695,8 +708,10 @@ class ManagerTest extends TestCase {
|
|||
public function testNeedsSecondFactorAppPassword() {
|
||||
$user = $this->createMock(IUser::class);
|
||||
$this->session->method('exists')
|
||||
->with('app_password')
|
||||
->willReturn(true);
|
||||
->willReturnMap([
|
||||
['app_password', true],
|
||||
['app_api', true]
|
||||
]);
|
||||
|
||||
$this->assertFalse($this->manager->needsSecondFactor($user));
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче