|
|
@ -20,7 +20,7 @@ class AuthController extends Controller {
|
|
|
|
|
|
|
|
|
|
|
|
async get_traps(req, res, next) {
|
|
|
|
async get_traps(req, res, next) {
|
|
|
|
const trap_config = this.configs.get('traps')
|
|
|
|
const trap_config = this.configs.get('traps')
|
|
|
|
const data = [{ name: '(None)', trap: '', redirect_to: '/' }]
|
|
|
|
const data = [{ name: req.T('auth:none'), trap: '', redirect_to: '/' }]
|
|
|
|
for ( const name in trap_config.types ) {
|
|
|
|
for ( const name in trap_config.types ) {
|
|
|
|
if ( !trap_config.types.hasOwnProperty(name) ) continue
|
|
|
|
if ( !trap_config.types.hasOwnProperty(name) ) continue
|
|
|
|
data.push({
|
|
|
|
data.push({
|
|
|
@ -44,18 +44,18 @@ class AuthController extends Controller {
|
|
|
|
for ( const field of required_fields ) {
|
|
|
|
for ( const field of required_fields ) {
|
|
|
|
if ( !req.body[field] )
|
|
|
|
if ( !req.body[field] )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message(`Missing required field: ${field}`)
|
|
|
|
.message(`${req.T('api:missing_field')} ${field}`)
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if ( !req.body.uid.match(/^([A-Z]|[a-z]|[0-9]|_|-|\.)+$/) )
|
|
|
|
if ( !req.body.uid.match(/^([A-Z]|[a-z]|[0-9]|_|-|\.)+$/) )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message('Invalid field: uid (should be alphanumeric with "_", "-", and "." allowed)')
|
|
|
|
.message(`${req.T('api:improper_field')} uid ${req.T('api:alphanum_underscores')}`)
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
if ( !email_validator.validate(req.body.email) )
|
|
|
|
if ( !email_validator.validate(req.body.email) )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message('Invalid field: email')
|
|
|
|
.message(`${req.T('api:improper_field')} email`)
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
for ( const field of unique_fields ) {
|
|
|
|
for ( const field of unique_fields ) {
|
|
|
@ -64,7 +64,7 @@ class AuthController extends Controller {
|
|
|
|
const match_user = await User.findOne(params)
|
|
|
|
const match_user = await User.findOne(params)
|
|
|
|
if ( match_user )
|
|
|
|
if ( match_user )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message(`A user already exists with that ${field}.`)
|
|
|
|
.message(`${req.T('auth:user_exists_with_field')} ${field}`)
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -91,12 +91,12 @@ class AuthController extends Controller {
|
|
|
|
|| req.user.mfa_token.recovery_codes.length < 1
|
|
|
|
|| req.user.mfa_token.recovery_codes.length < 1
|
|
|
|
)
|
|
|
|
)
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message('Your user is not configured to use MFA, or has no recovery codes.')
|
|
|
|
.message(req.T('auth:no_mfa_or_recovery'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
if ( !req.body.code )
|
|
|
|
if ( !req.body.code )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message('Missing required field: code')
|
|
|
|
.message(`${req.T('api:missing_field')} code`)
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
const success = await req.user.mfa_token.attempt_recovery(req.body.code)
|
|
|
|
const success = await req.user.mfa_token.attempt_recovery(req.body.code)
|
|
|
@ -176,7 +176,7 @@ class AuthController extends Controller {
|
|
|
|
|
|
|
|
|
|
|
|
if ( !group || !group.active )
|
|
|
|
if ( !group || !group.active )
|
|
|
|
return res.status(404)
|
|
|
|
return res.status(404)
|
|
|
|
.message('Group not found with that ID.')
|
|
|
|
.message(req.T('api:group_not_found'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
if ( !req.user.can(`auth:group:${group.id}:view`) )
|
|
|
|
if ( !req.user.can(`auth:group:${group.id}:view`) )
|
|
|
@ -196,12 +196,12 @@ class AuthController extends Controller {
|
|
|
|
|
|
|
|
|
|
|
|
if ( !user )
|
|
|
|
if ( !user )
|
|
|
|
return res.status(404)
|
|
|
|
return res.status(404)
|
|
|
|
.message('User not found with that ID.')
|
|
|
|
.message(req.T('api:user_not_found'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
if ( !req.user.can(`auth:user:${user.id}:view`) )
|
|
|
|
if ( !req.user.can(`auth:user:${user.id}:view`) )
|
|
|
|
return res.status(401)
|
|
|
|
return res.status(401)
|
|
|
|
.message('Insufficient permissions.')
|
|
|
|
.message(req.T('api:insufficient_permissions'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
return res.api(await user.to_api())
|
|
|
|
return res.api(await user.to_api())
|
|
|
@ -210,12 +210,12 @@ class AuthController extends Controller {
|
|
|
|
async create_group(req, res, next) {
|
|
|
|
async create_group(req, res, next) {
|
|
|
|
if ( !req.user.can(`auth:group:create`) )
|
|
|
|
if ( !req.user.can(`auth:group:create`) )
|
|
|
|
return res.status(401)
|
|
|
|
return res.status(401)
|
|
|
|
.message('Insufficient permissions.')
|
|
|
|
.message(req.T('api:insufficient_permissions'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
if ( !req.body.name )
|
|
|
|
if ( !req.body.name )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message('Missing required field: name')
|
|
|
|
.message(`${req.T('api:missing_field')} name`)
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
const Group = this.models.get('auth:Group')
|
|
|
|
const Group = this.models.get('auth:Group')
|
|
|
@ -224,7 +224,7 @@ class AuthController extends Controller {
|
|
|
|
const existing_group = await Group.findOne({ name: req.body.name })
|
|
|
|
const existing_group = await Group.findOne({ name: req.body.name })
|
|
|
|
if ( existing_group )
|
|
|
|
if ( existing_group )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message('A group with that name already exists.')
|
|
|
|
.message(req.T('api:group_already_exists'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
const group = new Group({ name: req.body.name })
|
|
|
|
const group = new Group({ name: req.body.name })
|
|
|
@ -238,7 +238,7 @@ class AuthController extends Controller {
|
|
|
|
const user = await User.findById(user_id)
|
|
|
|
const user = await User.findById(user_id)
|
|
|
|
if ( !user )
|
|
|
|
if ( !user )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message('Invalid user_id.')
|
|
|
|
.message(`${req.T('common:invalid')} user_id.`)
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -252,14 +252,14 @@ class AuthController extends Controller {
|
|
|
|
async create_user(req, res, next) {
|
|
|
|
async create_user(req, res, next) {
|
|
|
|
if ( !req.user.can('auth:user:create') )
|
|
|
|
if ( !req.user.can('auth:user:create') )
|
|
|
|
return res.status(401)
|
|
|
|
return res.status(401)
|
|
|
|
.message('Insufficient permissions.')
|
|
|
|
.message(req.T('api:insufficient_permissions'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
const required_fields = ['uid', 'first_name', 'last_name', 'email', 'password']
|
|
|
|
const required_fields = ['uid', 'first_name', 'last_name', 'email', 'password']
|
|
|
|
for ( const field of required_fields ) {
|
|
|
|
for ( const field of required_fields ) {
|
|
|
|
if ( !req.body[field] )
|
|
|
|
if ( !req.body[field] )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message(`Missing required field: ${field}`)
|
|
|
|
.message(`${req.T('api:missing_field')} ${field}`)
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -272,7 +272,7 @@ class AuthController extends Controller {
|
|
|
|
const existing_user = await User.findOne(filter)
|
|
|
|
const existing_user = await User.findOne(filter)
|
|
|
|
if ( existing_user )
|
|
|
|
if ( existing_user )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message(`A user already exists with that ${field}`)
|
|
|
|
.message(`${req.T('auth:user_exists_with_field')} ${field}`)
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -281,7 +281,7 @@ class AuthController extends Controller {
|
|
|
|
const result = zxcvbn(req.body.password)
|
|
|
|
const result = zxcvbn(req.body.password)
|
|
|
|
if ( result.score < min_score )
|
|
|
|
if ( result.score < min_score )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message(`Password does not meet the minimum complexity score of ${min_score}.`)
|
|
|
|
.message(req.T('auth:password_complexity_fail').replace('MIN_SCORE', min_score))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
const user = new User({
|
|
|
|
const user = new User({
|
|
|
@ -297,7 +297,7 @@ class AuthController extends Controller {
|
|
|
|
if ( req.body.trap ) {
|
|
|
|
if ( req.body.trap ) {
|
|
|
|
if ( !req.trap.trap_exists(req.body.trap) )
|
|
|
|
if ( !req.trap.trap_exists(req.body.trap) )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message('Invalid trap type.')
|
|
|
|
.message(req.T('auth:invalid_trap'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
user.trap = req.body.trap
|
|
|
|
user.trap = req.body.trap
|
|
|
@ -315,24 +315,24 @@ class AuthController extends Controller {
|
|
|
|
const group = await Group.findById(req.params.id)
|
|
|
|
const group = await Group.findById(req.params.id)
|
|
|
|
if ( !group )
|
|
|
|
if ( !group )
|
|
|
|
return res.status(404)
|
|
|
|
return res.status(404)
|
|
|
|
.message('Group not found with that ID.')
|
|
|
|
.message(req.T('api:group_not_found'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
if ( !req.user.can(`auth:group:${group.id}:update`) )
|
|
|
|
if ( !req.user.can(`auth:group:${group.id}:update`) )
|
|
|
|
return res.status(401)
|
|
|
|
return res.status(401)
|
|
|
|
.message('Insufficient permissions.')
|
|
|
|
.message(req.T('api:insufficient_permissions'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
if ( !req.body.name )
|
|
|
|
if ( !req.body.name )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message('Missing required field: name')
|
|
|
|
.message(`${req.T('api:missing_field')} name`)
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
// Make sure the group name is unique
|
|
|
|
// Make sure the group name is unique
|
|
|
|
const existing_group = await Group.findOne({ name: req.body.name })
|
|
|
|
const existing_group = await Group.findOne({ name: req.body.name })
|
|
|
|
if ( existing_group && existing_group.id !== group.id )
|
|
|
|
if ( existing_group && existing_group.id !== group.id )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message('A group with that name already exists.')
|
|
|
|
.message(req.T('api:group_already_exists'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
// Validate user_ids
|
|
|
|
// Validate user_ids
|
|
|
@ -343,7 +343,7 @@ class AuthController extends Controller {
|
|
|
|
const user = await User.findById(user_id)
|
|
|
|
const user = await User.findById(user_id)
|
|
|
|
if ( !user )
|
|
|
|
if ( !user )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message('Invalid user_id.')
|
|
|
|
.message(`${req.T('common:invalid')} user_id.`)
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -363,19 +363,19 @@ class AuthController extends Controller {
|
|
|
|
|
|
|
|
|
|
|
|
if ( !user )
|
|
|
|
if ( !user )
|
|
|
|
return res.status(404)
|
|
|
|
return res.status(404)
|
|
|
|
.message('User not found with that ID.')
|
|
|
|
.message(req.T('api:user_not_found'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
if ( !req.user.can(`auth:user:${user.id}:update`) )
|
|
|
|
if ( !req.user.can(`auth:user:${user.id}:update`) )
|
|
|
|
return res.status(401)
|
|
|
|
return res.status(401)
|
|
|
|
.message('Insufficient permissions.')
|
|
|
|
.message(req.T('api:insufficient_permissions'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
const required_fields = ['uid', 'first_name', 'last_name', 'email']
|
|
|
|
const required_fields = ['uid', 'first_name', 'last_name', 'email']
|
|
|
|
for ( const field of required_fields ) {
|
|
|
|
for ( const field of required_fields ) {
|
|
|
|
if ( !req.body[field] )
|
|
|
|
if ( !req.body[field] )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message(`Missing required field: ${field}`)
|
|
|
|
.message(`${req.T('api:missing_field')} ${field}`)
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -387,7 +387,7 @@ class AuthController extends Controller {
|
|
|
|
const existing_user = await User.findOne(filter)
|
|
|
|
const existing_user = await User.findOne(filter)
|
|
|
|
if ( existing_user && existing_user.id !== user.id )
|
|
|
|
if ( existing_user && existing_user.id !== user.id )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message(`A user already exists with that ${field}`)
|
|
|
|
.message(`${req.T('auth:user_exists_with_field')} ${field}`)
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -397,7 +397,7 @@ class AuthController extends Controller {
|
|
|
|
const result = zxcvbn(req.body.password)
|
|
|
|
const result = zxcvbn(req.body.password)
|
|
|
|
if (result.score < min_score)
|
|
|
|
if (result.score < min_score)
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message(`Password does not meet the minimum complexity score of ${min_score}.`)
|
|
|
|
.message(req.T('auth:password_complexity_fail').replace('MIN_SCORE', min_score))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
await user.reset_password(req.body.password, 'api')
|
|
|
|
await user.reset_password(req.body.password, 'api')
|
|
|
@ -416,7 +416,7 @@ class AuthController extends Controller {
|
|
|
|
if ( req.body.trap ) {
|
|
|
|
if ( req.body.trap ) {
|
|
|
|
if ( !req.trap.trap_exists(req.body.trap) )
|
|
|
|
if ( !req.trap.trap_exists(req.body.trap) )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message('Invalid trap type.')
|
|
|
|
.message(req.T('auth:invalid_trap'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
user.trap = req.body.trap
|
|
|
|
user.trap = req.body.trap
|
|
|
@ -433,12 +433,12 @@ class AuthController extends Controller {
|
|
|
|
|
|
|
|
|
|
|
|
if ( !group )
|
|
|
|
if ( !group )
|
|
|
|
return res.status(404)
|
|
|
|
return res.status(404)
|
|
|
|
.message('Group not found with that ID.')
|
|
|
|
.message(req.T('api:group_not_found'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
if ( !req.user.can(`auth:group:${group.id}:delete`) )
|
|
|
|
if ( !req.user.can(`auth:group:${group.id}:delete`) )
|
|
|
|
return res.status(401)
|
|
|
|
return res.status(401)
|
|
|
|
.message('Insufficient permissions.')
|
|
|
|
.message(req.T('api:insufficient_permissions'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
group.active = false
|
|
|
|
group.active = false
|
|
|
@ -452,12 +452,12 @@ class AuthController extends Controller {
|
|
|
|
|
|
|
|
|
|
|
|
if ( !user )
|
|
|
|
if ( !user )
|
|
|
|
return res.status(404)
|
|
|
|
return res.status(404)
|
|
|
|
.message('User not found with that ID.')
|
|
|
|
.message(req.T('api:user_not_found'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
if ( !req.user.can(`auth:user:${user.id}:delete`) )
|
|
|
|
if ( !req.user.can(`auth:user:${user.id}:delete`) )
|
|
|
|
return res.status(401)
|
|
|
|
return res.status(401)
|
|
|
|
.message('Insufficient permissions.')
|
|
|
|
.message(req.T('api:insufficient_permissions'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
// check if the user is an LDAP client. if so, delete the client
|
|
|
|
// check if the user is an LDAP client. if so, delete the client
|
|
|
@ -493,7 +493,7 @@ class AuthController extends Controller {
|
|
|
|
|
|
|
|
|
|
|
|
if ( !req.body.username && !req.body.email )
|
|
|
|
if ( !req.body.username && !req.body.email )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message('Please provide one of: username, email')
|
|
|
|
.message(`${req.T('api:provide_one')} username, email`)
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
const data = {}
|
|
|
|
const data = {}
|
|
|
@ -529,7 +529,7 @@ class AuthController extends Controller {
|
|
|
|
const errors = await flitter.validate_login(req.body)
|
|
|
|
const errors = await flitter.validate_login(req.body)
|
|
|
|
if ( errors && errors.length > 0 )
|
|
|
|
if ( errors && errors.length > 0 )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message(`Unable to complete authentication: one or more errors occurred`)
|
|
|
|
.message(req.T('auth:unable_to_complete'))
|
|
|
|
.api({ errors })
|
|
|
|
.api({ errors })
|
|
|
|
|
|
|
|
|
|
|
|
const login_args = await flitter.get_login_args(req.body)
|
|
|
|
const login_args = await flitter.get_login_args(req.body)
|
|
|
@ -537,9 +537,9 @@ class AuthController extends Controller {
|
|
|
|
|
|
|
|
|
|
|
|
if ( !user )
|
|
|
|
if ( !user )
|
|
|
|
return res.status(200)
|
|
|
|
return res.status(200)
|
|
|
|
.message(`Invalid username or password.`)
|
|
|
|
.message(req.T('auth:invalid_un_or_pw'))
|
|
|
|
.api({
|
|
|
|
.api({
|
|
|
|
message: `Invalid username or password.`,
|
|
|
|
message: req.T('auth:invalid_un_or_pw'),
|
|
|
|
success: false,
|
|
|
|
success: false,
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
@ -549,9 +549,9 @@ class AuthController extends Controller {
|
|
|
|
const client = await Client.findOne({ user_id: user.id })
|
|
|
|
const client = await Client.findOne({ user_id: user.id })
|
|
|
|
if ( client )
|
|
|
|
if ( client )
|
|
|
|
return res.status(200)
|
|
|
|
return res.status(200)
|
|
|
|
.message(`Invalid username or password.`)
|
|
|
|
.message(req.T('auth:invalid_un_or_pw'))
|
|
|
|
.api({
|
|
|
|
.api({
|
|
|
|
message: `Invalid username or password.`,
|
|
|
|
message: req.T('auth:invalid_un_or_pw'),
|
|
|
|
success: false,
|
|
|
|
success: false,
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
@ -585,7 +585,7 @@ class AuthController extends Controller {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
return res.status(401)
|
|
|
|
return res.status(401)
|
|
|
|
.message(`Unable to grant trust. Grant token is invalid.`)
|
|
|
|
.message(req.T('auth:unable_to_grant_trust'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -600,7 +600,7 @@ class AuthController extends Controller {
|
|
|
|
async get_mfa_recovery(req, res, next) {
|
|
|
|
async get_mfa_recovery(req, res, next) {
|
|
|
|
if ( !req.user.mfa_enabled )
|
|
|
|
if ( !req.user.mfa_enabled )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message('Your user does not have MFA enabled.')
|
|
|
|
.message(req.T('auth:no_mfa'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
const token = req.user.mfa_token
|
|
|
|
const token = req.user.mfa_token
|
|
|
@ -617,7 +617,7 @@ class AuthController extends Controller {
|
|
|
|
async generate_mfa_recovery(req, res, next) {
|
|
|
|
async generate_mfa_recovery(req, res, next) {
|
|
|
|
if ( !req.user.mfa_enabled )
|
|
|
|
if ( !req.user.mfa_enabled )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message('Your user does not have MFA enabled.')
|
|
|
|
.message(req.T('auth:no_mfa'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
const token = req.user.mfa_token
|
|
|
|
const token = req.user.mfa_token
|
|
|
@ -631,7 +631,7 @@ class AuthController extends Controller {
|
|
|
|
async generate_mfa_key(req, res, next) {
|
|
|
|
async generate_mfa_key(req, res, next) {
|
|
|
|
if ( req.user.mfa_enabled )
|
|
|
|
if ( req.user.mfa_enabled )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message(`MFA already configured for user. Cannot fetch key.`)
|
|
|
|
.message(req.T('auth:already_has_mfa'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
const MFAToken = this.models.get('auth:MFAToken')
|
|
|
|
const MFAToken = this.models.get('auth:MFAToken')
|
|
|
@ -654,7 +654,7 @@ class AuthController extends Controller {
|
|
|
|
async attempt_mfa(req, res, next) {
|
|
|
|
async attempt_mfa(req, res, next) {
|
|
|
|
if ( !req.user.mfa_token )
|
|
|
|
if ( !req.user.mfa_token )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message(`The user does not have MFA configured.`)
|
|
|
|
.message(req.T('auth:no_mfa'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
const code = req.body.verify_code
|
|
|
|
const code = req.body.verify_code
|
|
|
@ -682,7 +682,7 @@ class AuthController extends Controller {
|
|
|
|
async enable_mfa(req, res, next) {
|
|
|
|
async enable_mfa(req, res, next) {
|
|
|
|
if ( !req.user.mfa_token )
|
|
|
|
if ( !req.user.mfa_token )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message(`The user does not have an MFA token configured.`)
|
|
|
|
.message(req.T('auth:no_mfa'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
req.user.mfa_enabled = true
|
|
|
|
req.user.mfa_enabled = true
|
|
|
@ -700,7 +700,7 @@ class AuthController extends Controller {
|
|
|
|
async disable_mfa(req, res, next) {
|
|
|
|
async disable_mfa(req, res, next) {
|
|
|
|
if ( !req.user.mfa_enabled )
|
|
|
|
if ( !req.user.mfa_enabled )
|
|
|
|
return res.status(400)
|
|
|
|
return res.status(400)
|
|
|
|
.message('The user does not have MFA enabled.')
|
|
|
|
.message(req.T('auth:no_mfa'))
|
|
|
|
.api()
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
|
|
req.user.mfa_enabled = false
|
|
|
|
req.user.mfa_enabled = false
|
|
|
|