Starship/CoreID
1
0
Fork 0
Code Issues 8 Pull Requests Releases 34 Wiki Activity

Add MFA support

Browse Source
This commit is contained in:
garrettmills
2020-04-22 16:56:39 -05:00
parent d68d5141c8
commit e3ecfb0d37
30 changed files with 802 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/routing/middleware/auth/DMZOnly.middleware.js Normal file
View File

@@ -0,0 +1,17 @@
const Middleware = require('libflitter/middleware/Middleware')
class DMZOnly extends Middleware {
async test(req, res, next, args = {}){
if ( req.is_auth ) return next()
else {
// If not signed in, save the target url so we can redirect back here after auth
req.session.auth.flow = req.originalUrl
return res.redirect('/auth/login')
}
}
}
module.exports = DMZOnly

19
app/routing/middleware/auth/UserOnly.middleware.js
View File

@@ -7,8 +7,25 @@
*/
const Middleware = require('flitter-auth/middleware/UserOnly')
class UserOnly extends Middleware {
static get services() {
return [...super.services, 'output']
}
async test(req, res, next, args = {}){
if ( req.is_auth && !req.session.auth.in_dmz ) return next()
else if ( req.is_auth ) { // Need an MFA challenge
if ( !req.session.auth.flow ) req.session.auth.flow = req.originalUrl
return res.redirect('/auth/mfa/challenge')
}
else {
// If not signed in, save the target url so we can redirect back here after auth
req.session.auth.flow = req.originalUrl
this.output.debug('Set auth flow: '+req.originalUrl)
return res.redirect('/auth/login')
}
}
}

3
app/routing/routers/api/v1/auth.routes.js
View File

@@ -12,6 +12,9 @@ const auth_routes = {
post: {
'/validate/username': ['controller::api:v1:Auth.validate_username'],
'/attempt': [ 'controller::api:v1:Auth.attempt' ],
'/mfa/generate': ['middleware::auth:UserOnly', 'controller::api:v1:Auth.generate_mfa_key'],
'/mfa/attempt': ['middleware::auth:DMZOnly', 'controller::api:v1:Auth.attempt_mfa'],
'/mfa/enable': ['middleware::auth:UserOnly', 'controller::api:v1:Auth.enable_mfa'],
},
}

11
app/routing/routers/auth/forms.routes.js
View File

@@ -5,7 +5,7 @@
* The general structure is as follows:
*
* /auth/{provider name}/{action}
*
* Individual providers may be interacted with individually, therefore:
*
* /auth/flitter/register
@@ -49,7 +49,7 @@ const index = {
'/:provider/logout': [
'middleware::auth:ProviderRoute',
'middleware::auth:UserOnly',
'middleware::auth:DMZOnly',
'controller::auth:Forms.logout_provider_clean_session',
// Note, this separation is between when the auth action has happened properly
@@ -60,7 +60,7 @@ const index = {
],
'/logout': [
'middleware::auth:ProviderRoute',
'middleware::auth:UserOnly',
'middleware::auth:DMZOnly',
'controller::auth:Forms.logout_provider_clean_session',
'controller::auth:Forms.logout_provider_present_success',
],
@@ -94,16 +94,15 @@ const index = {
'controller::auth:Forms.login_provider_authenticate_user',
'controller::auth:Forms.login_provider_present_success',
],
'/:provider/logout': [
'middleware::auth:ProviderRoute',
'middleware::auth:UserOnly',
'middleware::auth:DMZOnly',
'controller::auth:Forms.logout_provider_clean_session',
'controller::auth:Forms.logout_provider_present_success',
],
'/logout': [
'middleware::auth:ProviderRoute',
'middleware::auth:UserOnly',
'middleware::auth:DMZOnly',
'controller::auth:Forms.logout_provider_clean_session',
'controller::auth:Forms.logout_provider_present_success',
],

24
app/routing/routers/auth/mfa.routes.js Normal file
View File

@@ -0,0 +1,24 @@
const mfa_routes = {
prefix: '/auth/mfa',
middleware: [
],
get: {
'/setup': [
'middleware::auth:UserOnly',
'controller::auth:MFA.setup',
],
'/challenge': [
'middleware::auth:DMZOnly',
'controller::auth:MFA.challenge',
],
},
post: {
},
}
module.exports = exports = mfa_routes