From f291cd64dd37449ebb0208e3ea98a041d102b7ad Mon Sep 17 00:00:00 2001
From: Mike Macgirvin <mike.macgirvin@agentbox.com.au>
Date: Wed, 12 Jun 2024 09:25:15 +1000
Subject: [PATCH] relax mfa check on service endpoints

---
 include/security.php | 3 ++-
 util/fhublocs        | 0
 2 files changed, 2 insertions(+), 1 deletion(-)
 mode change 100755 => 100644 util/fhublocs

diff --git a/include/security.php b/include/security.php
index 10bfff514..ec5d8488d 100644
--- a/include/security.php
+++ b/include/security.php
@@ -71,7 +71,8 @@ function authenticate_success($user_record, $channel = false, $login_initial = f
         // might want to log success here
     }
 
-    if ($_SESSION['2FA_REQUIRED'] && !$_SESSION['2FA_VERIFIED'] && App::$module !== 'totp_check') {
+    if ($_SESSION['2FA_REQUIRED'] && !$_SESSION['2FA_VERIFIED'] &&
+        !in_array(App::$module, ['totp_check', 'dav', 'cdav', 'addressbook', 'calendar', 'api'], true)) {
         goaway(z_root() . '/totp_check');
     }
 
diff --git a/util/fhublocs b/util/fhublocs
old mode 100755
new mode 100644