Add support for session traps; make mfa challenge session trap; remove DMZ middleware

2020-05-22 09:29:13 -05:00
parent 8701df1acc
commit 64356d42d0
11 changed files with 49 additions and 51 deletions
--- a/app/routing/middleware/Traps.middleware.js
+++ b/app/routing/middleware/Traps.middleware.js
@@ -3,34 +3,49 @@ const { Middleware } = require('libflitter')
 class TrapUtility {
    constructor(req, res, configs) {
        this.request = req
+        this.session = req.session
        this.response = res
        this.user = req.user
        this.configs = configs
    }

-    async begin(trap_name) {
-        this.user.trap = trap_name
-        this.request.trust.assume()
-        await this.user.save()
+    async begin(trap_name, { session_only = false }) {
+        if ( session_only || !this.user ) {
+            this.session.trap = trap_name
+        } else {
+            this.user.trap = trap_name
+            await this.user.save()
+        }
+
+        if ( this.config().assume_trust )
+            this.request.trust.assume()
    }

    redirect() {
-        this.request.trust.assume()
+        if ( this.config().assume_trust )
+            this.request.trust.assume()
        return this.response.redirect(this.config().redirect_to)
    }

    async end() {
-        this.user.trap = ''
-        this.request.trust.unassume()
-        await this.user.save()
+        if ( this.config().assume_trust )
+            this.request.trust.unassume()
+        if ( this.user ) {
+            this.user.trap = ''
+            await this.user.save()
+        }
+        this.session.trap = ''
    }

-    has_trap() {
-        return !!this.user.trap
+    has_trap(name = '') {
+        if ( name )
+            return (this.user && this.user.trap === name) || this.session.trap === name
+        return (this.user && this.user.trap) || this.session.trap
    }

    get_trap() {
-        return this.user.trap
+        if ( this.session.trap ) return this.session.trap
+        else if ( this.user ) return this.user.trap
    }

    config() {
@@ -49,7 +64,6 @@ class TrapsMiddleware extends Middleware {
    }

    async test(req, res, next, args = {}) {
-        if ( !req?.user ) return next()
        req.trap = new TrapUtility(req, res, this.configs.get('traps.types'))

        if ( !req.trap.has_trap() ) return next()
--- a/app/routing/middleware/auth/DMZOnly.middleware.js
+++ b/app/routing/middleware/auth/DMZOnly.middleware.js
@@ -1,17 +0,0 @@
-const Middleware = require('libflitter/middleware/Middleware')
-class DMZOnly extends Middleware {
-
-    async test(req, res, next, args = {}){
-
-        if ( req.is_auth ) return next()
-        else {
-            // If not signed in, save the target url so we can redirect back here after auth
-            req.session.auth.flow = req.originalUrl
-            return res.redirect('/auth/login')
-        }
-
-    }
-
-}
-
-module.exports = DMZOnly
--- a/app/routing/middleware/auth/UserOnly.middleware.js
+++ b/app/routing/middleware/auth/UserOnly.middleware.js
@@ -12,11 +12,7 @@ class UserOnly extends Middleware {
    }

    async test(req, res, next, args = {}){
-        if ( req.is_auth && !req.session.auth.in_dmz ) return next()
-        else if ( req.is_auth ) { // Need an MFA challenge
-            if ( !req.session.auth.flow ) req.session.auth.flow = req.originalUrl
-            return res.redirect('/auth/mfa/challenge')
-        }
+        if ( req.is_auth ) return next()
        else {
            // If not signed in, save the target url so we can redirect back here after auth
            req.session.auth.flow = req.originalUrl