shared frontend, UserAPI invalidate sessions, bugfixes, stuff

2023-02-09 23:55:30 +01:00
parent 8a09fc1f2d
commit 5acd13b945
15 changed files with 164 additions and 78 deletions
--- a/Core/API/PermissionAPI.class.php
+++ b/Core/API/PermissionAPI.class.php
@@ -76,13 +76,9 @@ namespace Core\API\Permission {
        }

        // user would have required groups, check for 2fa-state
-        if ($currentUser) {
-          $tfaToken = $currentUser->getTwoFactorToken();
-          if ($tfaToken && $tfaToken->isConfirmed() && !$tfaToken->isAuthenticated()) {
-            $this->lastError = '2FA-Authorization is required';
-            http_response_code(401);
-            return false;
-          }
+        if ($currentUser && !$this->check2FA()) {
+          http_response_code(401);
+          return false;
        }
      }