diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php
index f421528dff718..89351d25daac0 100644
--- a/core/Middleware/TwoFactorMiddleware.php
+++ b/core/Middleware/TwoFactorMiddleware.php
@@ -59,8 +59,11 @@ public function __construct(
 	/**
 	 * @param Controller $controller
 	 * @param string $methodName
+	 * @throws TwoFactorAuthRequiredException
+	 * @throws UserAlreadyLoggedInException
+	 * @throws Exception
 	 */
-	public function beforeController($controller, $methodName) {
+	public function beforeController(Controller $controller, string $methodName): void {
 		if ($this->reflector->hasAnnotation('NoTwoFactorRequired')) {
 			// Route handler explicitly marked to work without finished 2FA are
 			// not blocked
@@ -111,7 +114,11 @@ public function beforeController($controller, $methodName) {
 		// TODO: dont check/enforce 2FA if a auth token is used
 	}
 
-	private function checkTwoFactor(Controller $controller, $methodName, IUser $user) {
+	/**
+	 * @throws UserAlreadyLoggedInException
+	 * @throws TwoFactorAuthRequiredException
+	 */
+	private function checkTwoFactor(Controller $controller, string $methodName, IUser $user): void {
 		// If two-factor auth is in progress disallow access to any controllers
 		// defined within "LoginController".
 		$needsSecondFactor = $this->twoFactorManager->needsSecondFactor($user);
@@ -129,7 +136,7 @@ private function checkTwoFactor(Controller $controller, $methodName, IUser $user
 		}
 	}
 
-	public function afterException($controller, $methodName, Exception $exception) {
+	public function afterException(Controller $controller, string $methodName, Exception $exception): RedirectResponse {
 		if ($exception instanceof TwoFactorAuthRequiredException) {
 			$params = [];
 			if (isset($this->request->server['REQUEST_URI'])) {