From a228601ed0e791a63b160682732ddad486d4e088 Mon Sep 17 00:00:00 2001
From: Christoph Wurst <1374172+ChristophWurst@users.noreply.github.com>
Date: Thu, 29 Jan 2026 14:37:21 +0100
Subject: [PATCH] fix(2fa): allow null redirect URL on 2FA challenge page

Signed-off-by: Christoph Wurst <1374172+ChristophWurst@users.noreply.github.com>
---
 core/Controller/TwoFactorChallengeController.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/Controller/TwoFactorChallengeController.php b/core/Controller/TwoFactorChallengeController.php
index a10729e456d..b683c681c0d 100644
--- a/core/Controller/TwoFactorChallengeController.php
+++ b/core/Controller/TwoFactorChallengeController.php
@@ -72,7 +72,7 @@ class TwoFactorChallengeController extends Controller {
 	#[NoCSRFRequired]
 	#[FrontpageRoute(verb: 'GET', url: '/login/selectchallenge')]
 	#[TwoFactorSetUpDoneRequired]
-	public function selectChallenge(string $redirect_url): StandaloneTemplateResponse {
+	public function selectChallenge(?string $redirect_url = null): StandaloneTemplateResponse {
 		$user = $this->userSession->getUser();
 		$providerSet = $this->twoFactorManager->getProviderSet($user);
 		$allProviders = $providerSet->getProviders();
@@ -96,7 +96,7 @@ class TwoFactorChallengeController extends Controller {
 	#[UseSession]
 	#[TwoFactorSetUpDoneRequired]
 	#[FrontpageRoute(verb: 'GET', url: '/login/challenge/{challengeProviderId}')]
-	public function showChallenge(string $challengeProviderId, string $redirect_url): StandaloneTemplateResponse|RedirectResponse {
+	public function showChallenge(string $challengeProviderId, ?string $redirect_url = null): StandaloneTemplateResponse|RedirectResponse {
 		$user = $this->userSession->getUser();
 		$providerSet = $this->twoFactorManager->getProviderSet($user);
 		$provider = $providerSet->getProvider($challengeProviderId);