Revert "Explicitly allow some routes without 2FA"

blizzz · blizzz · commit ed685463829b · 2021-11-18T13:13:00.000+01:00
This reverts commit bcfd4ed.
diff --git a/core/Controller/OCJSController.php b/core/Controller/OCJSController.php
@@ -98,7 +98,6 @@ public function __construct($appName,
 
 	/**
 	 * @NoCSRFRequired
-	 * @NoTwoFactorRequired
 	 * @PublicPage
 	 *
 	 * @return DataDisplayResponse
diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php
@@ -83,12 +83,6 @@ public function __construct(Manager $twoFactorManager, Session $userSession, ISe
 	 * @param string $methodName
 	 */
 	public function beforeController($controller, $methodName) {
-		if ($this->reflector->hasAnnotation('NoTwoFactorRequired')) {
-			// Route handler explicitly marked to work without finished 2FA are
-			// not blocked
-			return;
-		}
-
 		if ($controller instanceof APIController && $methodName === 'poll') {
 			// Allow polling the twofactor nextcloud notifications state
 			return;

Original file line number	Diff line number	Diff line change
`@@ -98,7 +98,6 @@ public function __construct($appName,`
`98`	`98`
`99`	`99`	`/**`
`100`	`100`	`* @NoCSRFRequired`
`101`		`- * @NoTwoFactorRequired`
`102`	`101`	`* @PublicPage`
`103`	`102`	`*`
`104`	`103`	`* @return DataDisplayResponse`