Add support for session traps; make mfa challenge session trap; remove DMZ middleware

2020-05-22 09:29:13 -05:00
parent 8701df1acc
commit 64356d42d0
11 changed files with 49 additions and 51 deletions
--- a/app/routing/routers/auth/forms.routes.js
+++ b/app/routing/routers/auth/forms.routes.js
@@ -51,7 +51,7 @@ const index = {
        
        '/:provider/logout': [
            'middleware::auth:ProviderRoute',
-            'middleware::auth:DMZOnly',
+            'middleware::auth:UserOnly',
            'controller::auth:Forms.logout_provider_clean_session',

            // Note, this separation is between when the auth action has happened properly
@@ -62,7 +62,7 @@ const index = {
        ],
        '/logout': [
            'middleware::auth:ProviderRoute',
-            'middleware::auth:DMZOnly',
+            'middleware::auth:UserOnly',
            'controller::auth:Forms.logout_provider_clean_session',
            'controller::auth:Forms.logout_provider_present_success',
        ],
@@ -100,13 +100,13 @@ const index = {
        ],
        '/:provider/logout': [
            'middleware::auth:ProviderRoute',
-            'middleware::auth:DMZOnly',
+            'middleware::auth:UserOnly',
            'controller::auth:Forms.logout_provider_clean_session',
            'controller::auth:Forms.logout_provider_present_success',
        ],
        '/logout': [
            'middleware::auth:ProviderRoute',
-            'middleware::auth:DMZOnly',
+            'middleware::auth:UserOnly',
            'controller::auth:Forms.logout_provider_clean_session',
            'controller::auth:Forms.logout_provider_present_success',
        ],
--- a/app/routing/routers/auth/mfa.routes.js
+++ b/app/routing/routers/auth/mfa.routes.js
@@ -2,25 +2,21 @@ const mfa_routes = {
    prefix: '/auth/mfa',

    middleware: [
-
+        'auth:UserOnly',
    ],

    get: {
        '/setup': [
-            'middleware::auth:UserOnly',
            ['middleware::auth:RequireTrust', { scope: 'mfa.enable' }],
            'controller::auth:MFA.setup',
        ],
        '/challenge': [
-            'middleware::auth:DMZOnly',
            'controller::auth:MFA.challenge',
        ],
        '/disable': [
-            'middleware::auth:UserOnly',
            'controller::auth:MFA.get_disable',
        ],
        '/disable/process': [
-            'middleware::auth:UserOnly',
            ['middleware::auth:RequireTrust', { scope: 'mfa.disable' }],
            'controller::auth:MFA.do_disable',
        ],