Fixes #4858 - Calendar non functional with activated 2fa authentication

Co-authored-by: Florian Liebe <fl@zammad.com>

app/controllers/application_controller/authenticates.rb

@@ -53,7 +53,9 @@ module ApplicationController::Authenticates
         raise Exceptions::Forbidden, 'API password access disabled!'
       end
 
-      auth = Auth.new(username, password)
+      # Disable 2FA for iCal and calendar subscriptions
+      only_verify_password = %w[/ical /calendar_subscriptions].any? { |path| request.path.start_with?(path) }
+      auth = Auth.new(username, password, only_verify_password:)
 
       begin
         auth.valid!

spec/requests/calendar_subscriptions_spec.rb

@@ -11,6 +11,32 @@ RSpec.describe 'iCal endpoints', type: :request do
     end
   end
 
+  context 'with basic auth as agent' do
+    let(:password)   { Faker::Internet.password }
+    let(:user)       { create(:agent, password: password) }
+    let(:basic_auth) { ActionController::HttpAuthentication::Basic.encode_credentials(user.email, password) }
+
+    context 'when two-factor auth is disabled' do
+      it 'returns 200 OK' do
+        get '/ical/tickets', headers: { 'Authorization' => basic_auth }
+        expect(response).to have_http_status(:ok)
+      end
+    end
+
+    context 'when two-factor auth is enabled' do
+      before do
+        Setting.set('two_factor_authentication_enforce_role_ids', [])
+        Setting.set('two_factor_authentication_method_authenticator_app', true)
+        create(:user_two_factor_preference, :authenticator_app, user: user)
+      end
+
+      it 'returns 200 OK' do
+        get '/ical/tickets', headers: { 'Authorization' => basic_auth }
+        expect(response).to have_http_status(:ok)
+      end
+    end
+  end
+
   describe 'time zone', authenticated_as: :user do
     let(:group) { create(:group) }
     let(:user)  { create(:agent) }