From 8c778827941ecbd08daf8108fba056a05b85e309 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Wed, 20 Feb 2019 17:40:40 +0100
Subject: [PATCH] No need to check 2fa state on apptoken logins

If you login with an apptoken there is no need to check 2FA state as
this does not apply to apptokens. Not checking saves us a query on each
request made from a client.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 core/Middleware/TwoFactorMiddleware.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php
index d3811f7d27e..167545b0df9 100644
--- a/core/Middleware/TwoFactorMiddleware.php
+++ b/core/Middleware/TwoFactorMiddleware.php
@@ -95,7 +95,8 @@ class TwoFactorMiddleware extends Middleware {
 		if ($this->userSession->isLoggedIn()) {
 			$user = $this->userSession->getUser();
 
-			if ($this->twoFactorManager->isTwoFactorAuthenticated($user)) {
+
+			if ($this->session->exists('app_password') || $this->twoFactorManager->isTwoFactorAuthenticated($user)) {
 				$this->checkTwoFactor($controller, $methodName, $user);
 			} else if ($controller instanceof TwoFactorChallengeController) {
 				// Allow access to the two-factor controllers only if two-factor authentication