only look for valid second factor in session if we have a session
authorPhilipp Schüle <p.schuele@metaways.de>
Tue, 18 Jul 2017 16:28:07 +0000 (18:28 +0200)
committerPhilipp Schüle <p.schuele@metaways.de>
Wed, 19 Jul 2017 08:05:26 +0000 (10:05 +0200)
Change-Id: I6ea2f49149696a22e5bb80442b62fade13b3ec2b
Reviewed-on: http://gerrit.tine20.com/customers/5245
Tested-by: Jenkins CI (http://ci.tine20.com/)
Reviewed-by: Philipp Schüle <p.schuele@metaways.de>
tine20/Tinebase/Auth/SecondFactor/Abstract.php

index 7fdb67e..8868f11 100644 (file)
@@ -44,6 +44,11 @@ abstract class Tinebase_Auth_SecondFactor_Abstract
      */
     public static function hasValidSecondFactor()
     {
+        if (! Tinebase_Session::isStarted()) {
+            if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__
+                . ' No session started to check second factor in session');
+            return true;
+        }
         $currentValidUntil = Tinebase_Session::getSessionNamespace()->secondFactorValidUntil;
         if ($currentValidUntil) {
             $validUntil = new Tinebase_DateTime($currentValidUntil);