From 7b3dc806eb45a65279acee2e54f32f2d2f388980 Mon Sep 17 00:00:00 2001
From: Christoph Wurst <christoph@owncloud.com>
Date: Fri, 10 Jun 2016 09:52:52 +0200
Subject: [PATCH] Check 2FA state for raw php files too

---
 lib/private/legacy/json.php | 4 +++-
 lib/private/legacy/util.php | 5 +++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/private/legacy/json.php b/lib/private/legacy/json.php
index d201d69723e..1dde63602b1 100644
--- a/lib/private/legacy/json.php
+++ b/lib/private/legacy/json.php
@@ -64,7 +64,9 @@ class OC_JSON{
 	 * @deprecated Use annotation based ACLs from the AppFramework instead
 	 */
 	public static function checkLoggedIn() {
-		if( !OC_User::isLoggedIn()) {
+		$twoFactorAuthManger = \OC::$server->getTwoFactorAuthManager();
+		if( !OC_User::isLoggedIn()
+			|| $twoFactorAuthManger->needsSecondFactor()) {
 			$l = \OC::$server->getL10N('lib');
 			http_response_code(\OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
 			self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' )));
diff --git a/lib/private/legacy/util.php b/lib/private/legacy/util.php
index a863348566e..65d00c16388 100644
--- a/lib/private/legacy/util.php
+++ b/lib/private/legacy/util.php
@@ -970,6 +970,11 @@ class OC_Util {
 			);
 			exit();
 		}
+		// Redirect to index page if 2FA challenge was not solved yet
+		if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor()) {
+			header('Location: ' . \OCP\Util::linkToAbsolute('', 'index.php'));
+			exit();
+		}
 	}
 
 	/**