From 30e367d38eb712ca9bb6f0c81af61f902dc77625 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Tue, 18 Mar 2025 09:49:27 +0100
Subject: [PATCH] fix(auth): Allow 2FA challenges for Ephemeral sessions

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 .../Middleware/FlowV2EphemeralSessionsMiddleware.php         | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php b/lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php
index 5d9170c4a6d63..eb30c4dd1cfa3 100644
--- a/lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php
+++ b/lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php
@@ -9,6 +9,7 @@
 
 use OC\AppFramework\Utility\ControllerMethodReflector;
 use OC\Core\Controller\ClientFlowLoginV2Controller;
+use OC\Core\Controller\TwoFactorChallengeController;
 use OCP\AppFramework\Middleware;
 use OCP\ISession;
 use OCP\IUserSession;
@@ -42,6 +43,10 @@ public function beforeController($controller, $methodName) {
 			return;
 		}
 
+		if ($controller instanceof TwoFactorChallengeController) {
+			return;
+		}
+
 		if ($this->reflector->hasAnnotation('PublicPage')) {
 			return;
 		}