diff options
| author | Frederic Guillot <fred@kanboard.net> | 2015-03-31 23:01:13 -0400 |
|---|---|---|
| committer | Frederic Guillot <fred@kanboard.net> | 2015-03-31 23:01:13 -0400 |
| commit | afdc062097fcf99f1a65d097dd54c5e8acaef584 (patch) | |
| tree | 72c50cf3ee9bbde2ae289659ba01a583e750848f /app/Controller/Base.php | |
| parent | abeeba71672a711dab98194bb8ae751ee95e3385 (diff) | |
Improve 2FA
Diffstat (limited to 'app/Controller/Base.php')
| -rw-r--r-- | app/Controller/Base.php | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/app/Controller/Base.php b/app/Controller/Base.php index f498c3ce..b40e69c0 100644 --- a/app/Controller/Base.php +++ b/app/Controller/Base.php @@ -207,10 +207,9 @@ abstract class Base */ public function handle2FA($controller, $action) { - $controllers = array('twofactor', 'user'); - $actions = array('code', 'check', 'logout'); + $ignore = ($controller === 'twofactor' && in_array($action, array('code', 'check'))) || ($controller === 'user' && $action === 'logout'); - if ($this->userSession->has2FA() && ! $this->userSession->check2FA() && ! in_array($controller, $controllers) && ! in_array($action, $actions)) { + if ($ignore === false && $this->userSession->has2FA() && ! $this->userSession->check2FA()) { if ($this->request->isAjax()) { $this->response->text('Not Authorized', 401); |