Add support for session traps; make mfa challenge session trap; remove DMZ middleware

config/traps.config.js

@@ -9,6 +9,14 @@ const traps_config = {
                 '/auth/logout',
             ],
         },
+        mfa_challenge: {
+            redirect_to: '/auth/mfa/challenge',
+            allowed_routes: [
+                '/auth/mfa/challenge',
+                '/api/v1/auth/mfa/attempt',
+                '/auth/logout',
+            ],
+        },
     },
 }