From d68face43f02ab3e8f95c5e58febca29acefab14 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come.chilliet@nextcloud.com>
Date: Wed, 11 Mar 2026 14:39:40 +0100
Subject: [PATCH] chore: Move away from deprecated method in
 TwoFactorMiddleware
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
---
 core/Middleware/TwoFactorMiddleware.php           | 9 ++++-----
 tests/Core/Middleware/TwoFactorMiddlewareTest.php | 3 +--
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php
index 02f8ab8dad3..ffbcc2ce3da 100644
--- a/core/Middleware/TwoFactorMiddleware.php
+++ b/core/Middleware/TwoFactorMiddleware.php
@@ -11,7 +11,6 @@ namespace OC\Core\Middleware;
 
 use Exception;
 use OC\AppFramework\Http\Attributes\TwoFactorSetUpDoneRequired;
-use OC\AppFramework\Middleware\MiddlewareUtils;
 use OC\Authentication\Exceptions\TwoFactorAuthRequiredException;
 use OC\Authentication\Exceptions\UserAlreadyLoggedInException;
 use OC\Authentication\TwoFactorAuth\Manager;
@@ -23,6 +22,7 @@ use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\Attribute\NoTwoFactorRequired;
 use OCP\AppFramework\Http\RedirectResponse;
 use OCP\AppFramework\Middleware;
+use OCP\AppFramework\Utility\IControllerMethodReflector;
 use OCP\Authentication\TwoFactorAuth\ALoginSetupController;
 use OCP\IRequest;
 use OCP\ISession;
@@ -36,7 +36,7 @@ class TwoFactorMiddleware extends Middleware {
 		private Session $userSession,
 		private ISession $session,
 		private IURLGenerator $urlGenerator,
-		private MiddlewareUtils $middlewareUtils,
+		private IControllerMethodReflector $reflector,
 		private IRequest $request,
 	) {
 	}
@@ -46,9 +46,7 @@ class TwoFactorMiddleware extends Middleware {
 	 * @param string $methodName
 	 */
 	public function beforeController($controller, $methodName) {
-		$reflectionMethod = new ReflectionMethod($controller, $methodName);
-
-		if ($this->middlewareUtils->hasAnnotationOrAttribute($reflectionMethod, 'NoTwoFactorRequired', NoTwoFactorRequired::class)) {
+		if ($this->reflector->hasAnnotationOrAttribute('NoTwoFactorRequired', NoTwoFactorRequired::class)) {
 			// Route handler explicitly marked to work without finished 2FA are
 			// not blocked
 			return;
@@ -59,6 +57,7 @@ class TwoFactorMiddleware extends Middleware {
 			return;
 		}
 
+		$reflectionMethod = new ReflectionMethod($controller, $methodName);
 		if ($controller instanceof TwoFactorChallengeController
 			&& $this->userSession->getUser() !== null
 			&& !$reflectionMethod->getAttributes(TwoFactorSetUpDoneRequired::class)) {
diff --git a/tests/Core/Middleware/TwoFactorMiddlewareTest.php b/tests/Core/Middleware/TwoFactorMiddlewareTest.php
index 062b1d94b5e..9d4a98b07d0 100644
--- a/tests/Core/Middleware/TwoFactorMiddlewareTest.php
+++ b/tests/Core/Middleware/TwoFactorMiddlewareTest.php
@@ -10,7 +10,6 @@ namespace Test\Core\Middleware;
 
 use OC\AppFramework\Http\Attributes\TwoFactorSetUpDoneRequired;
 use OC\AppFramework\Http\Request;
-use OC\AppFramework\Middleware\MiddlewareUtils;
 use OC\AppFramework\Utility\ControllerMethodReflector;
 use OC\Authentication\Exceptions\TwoFactorAuthRequiredException;
 use OC\Authentication\Exceptions\UserAlreadyLoggedInException;
@@ -102,7 +101,7 @@ class TwoFactorMiddlewareTest extends TestCase {
 			$this->createMock(IConfig::class)
 		);
 
-		$this->middleware = new TwoFactorMiddleware($this->twoFactorManager, $this->userSession, $this->session, $this->urlGenerator, new MiddlewareUtils($this->reflector, $this->logger), $this->request);
+		$this->middleware = new TwoFactorMiddleware($this->twoFactorManager, $this->userSession, $this->session, $this->urlGenerator, $this->reflector, $this->request);
 	}
 
 	public function testBeforeControllerNotLoggedIn(): void {