fix(TB MFA) make http loginFromPost work, cleanup in model

Change-Id: Ic4d2401d23977491e2fe4f8d9fc644e8d81a6e87 Reviewed-on: http://gerrit.tine20.com/customers/19371 Reviewed-by: Paul Mehrer <p.mehrer@metaways.de> Tested-by: Paul Mehrer <p.mehrer@metaways.de>
tine20 · Mar 16, 2021 · c8c9aa8 · c8c9aa8
1 parent 9579784
commit c8c9aa8
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 5 deletions.
diff --git a/tine20/Tinebase/Model/MFA/PinUserConfig.php b/tine20/Tinebase/Model/MFA/PinUserConfig.php
@@ -86,9 +86,4 @@ public function toFEArray(): array
     {
         return $this->toArray();
     }
-
-    public function getMessages()
-    {
-        // TODO: Implement getMessages() method.
-    }
 }
diff --git a/tine20/Tinebase/Server/Json.php b/tine20/Tinebase/Server/Json.php
@@ -543,6 +543,9 @@ protected function _checkJsonKey($method, $jsonKey)
 
             $request = Tinebase_Core::getRequest();
             if (!self::userIsRegistered()) {
+                if (Tinebase_Core::isRegistered(Tinebase_Core::USER) && is_object(Tinebase_Core::getUser())) {
+                    self::_checkAreaLock(Tinebase_Model_AreaLockConfig::AREA_LOGIN);
+                }
                 Tinebase_Core::getLogger()->INFO(__METHOD__ . '::' . __LINE__ .
                     ' Attempt to request a privileged Json-API method (' . $method . ') without authorisation from "' .
                     $request->getRemoteAddress() . '". (session timeout?)');