Add support for session traps; make mfa challenge session trap; remove DMZ middleware

2020-05-22 09:29:13 -05:00
parent 8701df1acc
commit 64356d42d0
11 changed files with 49 additions and 51 deletions
--- a/app/controllers/api/v1/Auth.controller.js
+++ b/app/controllers/api/v1/Auth.controller.js
@@ -481,8 +481,7 @@ class AuthController extends Controller {
        }

        if ( user.mfa_enabled && !req.session.mfa_remember ) {
-            req.session.auth.in_dmz = true
-            destination = '/auth/mfa/challenge'
+            await req.trap.begin('mfa_challenge', { session_only: true })
        }

        if ( req.session?.auth?.message )
@@ -496,7 +495,7 @@ class AuthController extends Controller {
                // Trust re-verification is granted,
                // but the user might still need to verify MFA
                const next = req.trust.end()
-                if ( req.session.auth.in_dmz ) {
+                if ( req.trap.has_trap('mfa_challenge') ) {
                    req.session.auth.flow = next
                } else {
                    destination = next
@@ -550,7 +549,8 @@ class AuthController extends Controller {

        let next_destination = undefined
        if ( is_valid ) {
-            req.session.auth.in_dmz = false
+            if ( req.trap.has_trap('mfa_challenge') )
+                await req.trap.end()
            next_destination = req.session.auth.flow || this.configs.get('auth.default_login_route')
            delete req.session.auth.flow
        }
--- a/app/controllers/auth/MFA.controller.js
+++ b/app/controllers/auth/MFA.controller.js
@@ -30,7 +30,7 @@ class MFAController extends Controller {
            })
        }

-        if ( !req.session.auth.in_dmz ) {
+        if ( !req.trap.has_trap('mfa_challenge') ) {
            return res.redirect(req.session.auth.flow)
        }