Remove mod/ping from 2fa exception list

- Prevent asynchronous calls to redirect to /2fa in case of missing valid 2fa session
This commit is contained in:
Hypolite Petovan 2019-07-23 20:03:08 -04:00
parent 4821fe1b98
commit 4ec4a04e49

View file

@ -7,6 +7,7 @@ namespace Friendica\Core;
use Friendica\App; use Friendica\App;
use Friendica\BaseObject; use Friendica\BaseObject;
use Friendica\Network\HTTPException\ForbiddenException;
use Friendica\Util\BaseURL; use Friendica\Util\BaseURL;
/** /**
@ -71,7 +72,7 @@ class Authentication extends BaseObject
} }
// Check current path, if 2fa authentication module return // Check current path, if 2fa authentication module return
if ($a->argc > 0 && in_array($a->argv[0], ['ping', '2fa', 'view', 'help', 'api', 'proxy', 'logout'])) { if ($a->argc > 0 && in_array($a->argv[0], ['2fa', 'view', 'help', 'api', 'proxy', 'logout'])) {
return; return;
} }
@ -81,7 +82,11 @@ class Authentication extends BaseObject
} }
// Case 2: No valid 2FA session: redirect to code verification page // Case 2: No valid 2FA session: redirect to code verification page
$a->internalRedirect('2fa'); if ($a->isAjax()) {
throw new ForbiddenException();
} else {
$a->internalRedirect('2fa');
}
} }
} }