2018-07-08 22:02:28 +07:00
|
|
|
import Bluebird = require("bluebird");
|
|
|
|
|
import Express = require("express");
|
2017-05-25 20:09:29 +07:00
|
|
|
|
2017-07-20 02:06:12 +07:00
|
|
|
import { TOTPSecretDocument } from "../../../../storage/TOTPSecretDocument";
|
2017-10-07 05:09:42 +07:00
|
|
|
import Endpoints = require("../../../../../../../shared/api");
|
2018-07-08 22:02:28 +07:00
|
|
|
import Redirect from "../../redirect";
|
2017-05-25 20:09:29 +07:00
|
|
|
import ErrorReplies = require("../../../../ErrorReplies");
|
2017-10-22 22:42:05 +07:00
|
|
|
import { AuthenticationSessionHandler } from "../../../../AuthenticationSessionHandler";
|
2017-10-18 04:24:02 +07:00
|
|
|
import { AuthenticationSession } from "../../../../../../types/AuthenticationSession";
|
2017-10-11 04:03:30 +07:00
|
|
|
import UserMessages = require("../../../../../../../shared/UserMessages");
|
2017-10-17 05:35:34 +07:00
|
|
|
import { ServerVariables } from "../../../../ServerVariables";
|
2018-10-23 04:21:17 +07:00
|
|
|
import { Level } from "../../../../authentication/Level";
|
2017-05-25 20:09:29 +07:00
|
|
|
|
|
|
|
|
const UNAUTHORIZED_MESSAGE = "Unauthorized access";
|
|
|
|
|
|
2017-10-17 05:35:34 +07:00
|
|
|
export default function (vars: ServerVariables) {
|
2018-07-08 22:02:28 +07:00
|
|
|
function handler(req: Express.Request, res: Express.Response): Bluebird<void> {
|
2017-10-18 04:24:02 +07:00
|
|
|
let authSession: AuthenticationSession;
|
2017-10-17 05:35:34 +07:00
|
|
|
const token = req.body.token;
|
2017-05-25 20:09:29 +07:00
|
|
|
|
2018-07-08 22:02:28 +07:00
|
|
|
return new Bluebird(function (resolve, reject) {
|
2017-10-22 22:42:05 +07:00
|
|
|
authSession = AuthenticationSessionHandler.get(req, vars.logger);
|
|
|
|
|
vars.logger.info(req, "Initiate TOTP validation for user \"%s\".", authSession.userid);
|
|
|
|
|
resolve();
|
|
|
|
|
})
|
|
|
|
|
.then(function () {
|
2017-10-17 05:35:34 +07:00
|
|
|
return vars.userDataStore.retrieveTOTPSecret(authSession.userid);
|
|
|
|
|
})
|
|
|
|
|
.then(function (doc: TOTPSecretDocument) {
|
|
|
|
|
if (!vars.totpHandler.validate(token, doc.secret.base32))
|
2018-07-08 22:02:28 +07:00
|
|
|
return Bluebird.reject(new Error("Invalid TOTP token."));
|
2017-10-17 05:35:34 +07:00
|
|
|
|
|
|
|
|
vars.logger.debug(req, "TOTP validation succeeded.");
|
2018-10-23 04:21:17 +07:00
|
|
|
authSession.authentication_level = Level.TWO_FACTOR;
|
2018-07-08 22:02:28 +07:00
|
|
|
Redirect(vars)(req, res);
|
|
|
|
|
return Bluebird.resolve();
|
2017-10-17 05:35:34 +07:00
|
|
|
})
|
|
|
|
|
.catch(ErrorReplies.replyWithError200(req, res, vars.logger,
|
|
|
|
|
UserMessages.OPERATION_FAILED));
|
|
|
|
|
}
|
2017-10-22 22:42:05 +07:00
|
|
|
return handler;
|
2017-05-25 20:09:29 +07:00
|
|
|
}
|
