4 months ago · 1d0b10b12c
--- a/core/Middleware/TwoFactorMiddleware.php
+++ b/core/Middleware/TwoFactorMiddleware.php
@@ -100,7 +100,10 @@ class TwoFactorMiddleware extends Middleware {
 
				 		if ($this->userSession->isLoggedIn()) {
			
 
				 			$user = $this->userSession->getUser();
			
 
				 
			
 
				-			if ($this->session->exists('app_password') || $this->twoFactorManager->isTwoFactorAuthenticated($user)) {
			
 
				+			if ($this->session->exists('app_password')  // authenticated using an app password
			
 
				+				|| $this->session->exists('app_api')  // authenticated using an AppAPI Auth
			
 
				+				|| $this->twoFactorManager->isTwoFactorAuthenticated($user)) {
			
 
				+
			
 
				 				$this->checkTwoFactor($controller, $methodName, $user);
			
 
				 			} elseif ($controller instanceof TwoFactorChallengeController) {
			
 
				 				// Allow access to the two-factor controllers only if two-factor authentication
			
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -318,8 +318,8 @@ class Manager {
 
				 			return false;
			
 
				 		}
			
 
				 
			
 
				-		// If we are authenticated using an app password skip all this
			
 
				-		if ($this->session->exists('app_password')) {
			
 
				+		// If we are authenticated using an app password or AppAPI Auth, skip all this
			
 
				+		if ($this->session->exists('app_password') || $this->session->get('app_api') === true) {
			
 
				 			return false;
			
 
				 		}
			
 
				 
			
--- a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
+++ b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
@@ -629,13 +629,26 @@ class ManagerTest extends TestCase {
 
				 					return false;
			
 
				 				} elseif ($var === 'app_password') {
			
 
				 					return false;
			
 
				+				} elseif ($var === 'app_api') {
			
 
				+					return false;
			
 
				 				}
			
 
				 				return true;
			
 
				 			});
			
 
				+		$this->session->method('get')
			
 
				+			->willReturnCallback(function ($var) {
			
 
				+				if ($var === Manager::SESSION_UID_KEY) {
			
 
				+					return 'user';
			
 
				+				} elseif ($var === 'app_api') {
			
 
				+					return true;
			
 
				+				}
			
 
				+				return null;
			
 
				+			});
			
 
				 		$this->session->expects($this->once())
			
 
				 			->method('get')
			
 
				-			->with(Manager::SESSION_UID_DONE)
			
 
				-			->willReturn('user');
			
 
				+			->willReturnMap([
			
 
				+				[Manager::SESSION_UID_DONE, 'user'],
			
 
				+				['app_api', true]
			
 
				+			]);
			
 
				 
			
 
				 		$this->assertFalse($this->manager->needsSecondFactor($user));
			
 
				 	}
			
@@ -695,8 +708,10 @@ class ManagerTest extends TestCase {
 
				 	public function testNeedsSecondFactorAppPassword() {
			
 
				 		$user = $this->createMock(IUser::class);
			
 
				 		$this->session->method('exists')
			
 
				-			->with('app_password')
			
 
				-			->willReturn(true);
			
 
				+			->willReturnMap([
			
 
				+				['app_password', true],
			
 
				+				['app_api', true]
			
 
				+			]);
			
 
				 
			
 
				 		$this->assertFalse($this->manager->needsSecondFactor($user));
			
 
				 	}