Only check the twofactor state once per request

Signed-off-by: Joas Schilling <[email protected]>
nextcloud · ChristophWurst · Dec 6, 2021 · Dec 1, 2021 · Dec 1, 2021 · febca701ee9768563fb8102a46a1aa68e1247072
commit febca701ee9768563fb8102a46a1aa68e1247072
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -87,6 +87,9 @@ class Manager {
 	/** @var EventDispatcherInterface */
 	private $legacyDispatcher;
 
+	/** @psalm-var array<string, bool> */
+	private $userIsTwoFactorAuthenticated = [];
+
 	public function __construct(ProviderLoader $providerLoader,
 								IRegistry $providerRegistry,
 								MandatoryTwoFactor $mandatoryTwoFactor,
@@ -118,6 +121,10 @@ public function __construct(ProviderLoader $providerLoader,
 	 * @return boolean
 	 */
 	public function isTwoFactorAuthenticated(IUser $user): bool {
+		if (isset($this->userIsTwoFactorAuthenticated[$user->getUID()])) {
+			return $this->userIsTwoFactorAuthenticated[$user->getUID()];
+		}
+
 		if ($this->mandatoryTwoFactor->isEnforcedFor($user)) {
 			return true;
 		}
@@ -129,7 +136,8 @@ public function isTwoFactorAuthenticated(IUser $user): bool {
 		$providerIds = array_keys($enabled);
 		$providerIdsWithoutBackupCodes = array_diff($providerIds, [self::BACKUP_CODES_PROVIDER_ID]);
 
-		return !empty($providerIdsWithoutBackupCodes);
+		$this->userIsTwoFactorAuthenticated[$user->getUID()] = !empty($providerIdsWithoutBackupCodes);
+		return $this->userIsTwoFactorAuthenticated[$user->getUID()];
 	}
 
 	/**