From f2ae1cd044eeed8a6192ce6ad78e75ed4f5f6dcb Mon Sep 17 00:00:00 2001
From: Clement Michaud <clement.michaud34@gmail.com>
Date: Sun, 15 Oct 2017 21:51:21 +0200
Subject: [PATCH] Block 'already logged in' page to unauthenticated user

---
 server/src/lib/routes/loggedin/get.ts | 9 +++++++--
 server/test/server/PrivatePages.ts    | 4 ++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/server/src/lib/routes/loggedin/get.ts b/server/src/lib/routes/loggedin/get.ts
index 0a9910a9..9473cc64 100644
--- a/server/src/lib/routes/loggedin/get.ts
+++ b/server/src/lib/routes/loggedin/get.ts
@@ -1,8 +1,13 @@
 import Express = require("express");
 import Endpoints = require("../../../../../shared/api");
+import FirstFactorBlocker from "../FirstFactorBlocker";
+import BluebirdPromise = require("bluebird");
 
-export default function(req: Express.Request, res: Express.Response) {
+export default FirstFactorBlocker(handler);
+
+function handler(req: Express.Request, res: Express.Response): BluebirdPromise<void> {
   res.render("already-logged-in", {
     logout_endpoint: Endpoints.LOGOUT_GET
   });
-}
\ No newline at end of file
+  return BluebirdPromise.resolve();
+}
diff --git a/server/test/server/PrivatePages.ts b/server/test/server/PrivatePages.ts
index 35cf758c..8fd9f698 100644
--- a/server/test/server/PrivatePages.ts
+++ b/server/test/server/PrivatePages.ts
@@ -173,6 +173,10 @@ describe("Private pages of the server must not be accessible without session", f
     it("should block " + Endpoints.SECOND_FACTOR_TOTP_POST, function () {
       return should_post_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_TOTP_POST);
     });
+
+    it("should block " + Endpoints.LOGGED_IN, function () {
+      return should_get_and_reply_with_401(BASE_URL + Endpoints.LOGGED_IN);
+    });
   });
 });