Merge pull request #30025 from nextcloud/backport/30012/stable23

[stable23] Only check the twofactor state once per request
nextcloud · Dec 6, 2021 · f88f576 · f88f576
2 parents af29d0b + febca70
commit f88f576
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -87,6 +87,9 @@ class Manager {
 	/** @var EventDispatcherInterface */
 	private $legacyDispatcher;
 
+	/** @psalm-var array<string, bool> */
+	private $userIsTwoFactorAuthenticated = [];
+
 	public function __construct(ProviderLoader $providerLoader,
 								IRegistry $providerRegistry,
 								MandatoryTwoFactor $mandatoryTwoFactor,
@@ -118,6 +121,10 @@ public function __construct(ProviderLoader $providerLoader,
 	 * @return boolean
 	 */
 	public function isTwoFactorAuthenticated(IUser $user): bool {
+		if (isset($this->userIsTwoFactorAuthenticated[$user->getUID()])) {
+			return $this->userIsTwoFactorAuthenticated[$user->getUID()];
+		}
+
 		if ($this->mandatoryTwoFactor->isEnforcedFor($user)) {
 			return true;
 		}
@@ -129,7 +136,8 @@ public function isTwoFactorAuthenticated(IUser $user): bool {
 		$providerIds = array_keys($enabled);
 		$providerIdsWithoutBackupCodes = array_diff($providerIds, [self::BACKUP_CODES_PROVIDER_ID]);
 
-		return !empty($providerIdsWithoutBackupCodes);
+		$this->userIsTwoFactorAuthenticated[$user->getUID()] = !empty($providerIdsWithoutBackupCodes);
+		return $this->userIsTwoFactorAuthenticated[$user->getUID()];
 	}
 
 	/**