From c64f1495c4642eb6546d4f054b1ee47488cd3137 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Samu=C3=ABl=20WEBER?= <samuel.weber@gresille.org>
Date: Mon, 20 Apr 2026 17:31:19 +0200
Subject: [PATCH] fix: raising resolver404 exception breaks the middleware

---
 src/wagtail_2fa/middleware.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/wagtail_2fa/middleware.py b/src/wagtail_2fa/middleware.py
index 9773a78..8b3c956 100644
--- a/src/wagtail_2fa/middleware.py
+++ b/src/wagtail_2fa/middleware.py
@@ -2,6 +2,7 @@
 
 import django_otp
 from django.conf import settings
+from django.urls.exceptions import Resolver404
 from django.contrib.auth.views import redirect_to_login
 from django.urls import resolve, reverse
 from django.utils.functional import SimpleLazyObject
@@ -74,7 +75,11 @@ def _require_verified_user(self, request):
             return False
 
         # Don't require verification for specified URL names
-        request_url_name = resolve(request.path_info).url_name
+        try:
+            request_url_name = resolve(request.path_info).url_name
+        except Resolver404:
+            return False
+
         if request_url_name in self._allowed_url_names:
             return False