jakob/friendica
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Remove mod/ping from 2fa exception list

Browse source 
- Prevent asynchronous calls to redirect to /2fa in case of missing valid 2fa session
This commit is contained in:
Hypolite Petovan 2019-07-23 20:03:08 -04:00
parent 4821fe1b98
commit 4ec4a04e49
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/Core/Authentication.php
View file

@ -7,6 +7,7 @@ namespace Friendica\Core;
use Friendica\App;
use Friendica\BaseObject;
use Friendica\Network\HTTPException\ForbiddenException;
use Friendica\Util\BaseURL;
/**
@ -71,7 +72,7 @@ class Authentication extends BaseObject
}
// Check current path, if 2fa authentication module return
if ($a->argc > 0 && in_array($a->argv[0], ['ping', '2fa', 'view', 'help', 'api', 'proxy', 'logout'])) {
if ($a->argc > 0 && in_array($a->argv[0], ['2fa', 'view', 'help', 'api', 'proxy', 'logout'])) {
return;
}
@ -81,7 +82,11 @@ class Authentication extends BaseObject
}
// Case 2: No valid 2FA session: redirect to code verification page
$a->internalRedirect('2fa');
if ($a->isAjax()) {
throw new ForbiddenException();
} else {
$a->internalRedirect('2fa');
}
}
}