+
+
+
+
+ {this.props.children}
+
+
-
-
-
+
+ {
@@ -29,6 +39,8 @@ class FirstFactorView extends Component {
username: '',
password: '',
loginButtonDisabled: false,
+ errorMessage: null,
+ remoteState: null,
}
}
@@ -56,10 +68,14 @@ class FirstFactorView extends Component {
}
}
- render() {
+ private renderWithState(state: RemoteState) {
const { classes } = this.props;
return (
+ ;
+
+enum Result {
+ NONE,
+ SUCCESS,
+ FAILURE,
+}
+
+interface State {
+ lastResult: Result;
+ loading: boolean;
+ error: string | null;
+
+ remoteState: RemoteState | null;
+ remoteStateLoading: boolean;
+ remoteStateError: string | null;
+
+ logoutLoading: boolean;
+ logoutSuccess: boolean | null;
+ logoutError: string | null;
+}
+
+const initialState: State = {
+ lastResult: Result.NONE,
+ loading: false,
+ error: null,
+ remoteState: null,
+ remoteStateLoading: false,
+ remoteStateError: null,
+ logoutLoading: false,
+ logoutError: null,
+ logoutSuccess: null,
+}
+
+export type PortalState = StateType;
+
+export default (state = initialState, action: FirstFactorAction) => {
+ switch(action.type) {
+ case getType(Actions.authenticate):
+ return {
+ ...state,
+ loading: true,
+ error: null
+ };
+ case getType(Actions.authenticateSuccess):
+ return {
+ ...state,
+ lastResult: Result.SUCCESS,
+ loading: false,
+ error: null,
+ };
+ case getType(Actions.authenticateFailure):
+ return {
+ ...state,
+ lastResult: Result.FAILURE,
+ loading: false,
+ error: action.payload,
+ };
+
+ case getType(Actions.fetchState):
+ return {
+ ...state,
+ remoteState: null,
+ remoteStateError: null,
+ remoteStateLoading: true,
+ };
+ case getType(Actions.fetchStateSuccess):
+ return {
+ ...state,
+ remoteState: action.payload,
+ remoteStateLoading: false,
+ };
+ case getType(Actions.fetchStateFailure):
+ return {
+ ...state,
+ remoteStateError: action.payload,
+ remoteStateLoading: false,
+ };
+
+ case getType(Actions.logout):
+ return {
+ ...state,
+ logoutLoading: true,
+ logoutSuccess: null,
+ logoutError: null,
+ };
+ case getType(Actions.logoutSuccess):
+ return {
+ ...state,
+ logoutLoading: false,
+ logoutSuccess: true,
+ };
+ case getType(Actions.logoutFailure):
+ return {
+ ...state,
+ logoutLoading: false,
+ logoutError: action.payload,
+ }
+ }
+ return state;
+}
\ No newline at end of file
diff --git a/client-react/src/reducers/constants.ts b/client-react/src/reducers/constants.ts
new file mode 100644
index 00000000..a4af97ad
--- /dev/null
+++ b/client-react/src/reducers/constants.ts
@@ -0,0 +1,12 @@
+
+export const FETCH_STATE_REQUEST = '@portal/fetch_state_request';
+export const FETCH_STATE_SUCCESS = '@portal/fetch_state_success';
+export const FETCH_STATE_FAILURE = '@portal/fetch_state_failure';
+
+export const AUTHENTICATE_REQUEST = '@portal/authenticate_request';
+export const AUTHENTICATE_SUCCESS = '@portal/authenticate_success';
+export const AUTHENTICATE_FAILURE = '@portal/authenticate_failure';
+
+export const LOGOUT_REQUEST = '@portal/logout_request';
+export const LOGOUT_SUCCESS = '@portal/logout_success';
+export const LOGOUT_FAILURE = '@portal/logout_failure';
diff --git a/client-react/src/reducers/index.ts b/client-react/src/reducers/index.ts
new file mode 100644
index 00000000..09dcf83f
--- /dev/null
+++ b/client-react/src/reducers/index.ts
@@ -0,0 +1,5 @@
+import PortalReducer, { PortalState } from './Portal/reducer';
+
+export type RootState = PortalState;
+
+export default PortalReducer;
\ No newline at end of file
diff --git a/client-react/src/routes/index.ts b/client-react/src/routes/index.ts
index 990500dc..731c0a05 100644
--- a/client-react/src/routes/index.ts
+++ b/client-react/src/routes/index.ts
@@ -1,4 +1,4 @@
-import PortalLayout from "../layouts/PortalLayout/PortalLayout";
+import PortalLayout from "../containers/layouts/PortalLayout/PortalLayout";
export const routes = [{
path: '/',
diff --git a/client-react/src/routes/routes.ts b/client-react/src/routes/routes.ts
index eb8950be..f7d54929 100644
--- a/client-react/src/routes/routes.ts
+++ b/client-react/src/routes/routes.ts
@@ -1,8 +1,8 @@
-import FirstFactorView from "../views/FirstFactorView/FirstFactorView";
-import SecondFactorView from "../views/SecondFactorView/SecondFactorView";
-import ConfirmationSent from "../views/ConfirmationSentView/ConfirmationSentView";
-import OneTimePasswordRegistrationView from "../views/OneTimePasswordRegistrationView/OneTimePasswordRegistrationView";
-import SecurityKeyRegistrationView from "../views/SecurityKeyRegistrationView/SecurityKeyRegistrationView";
+import FirstFactorView from "../containers/views/FirstFactorView/FirstFactorView";
+import SecondFactorView from "../containers/views/SecondFactorView/SecondFactorView";
+import ConfirmationSentView from "../views/ConfirmationSentView/ConfirmationSentView";
+import OneTimePasswordRegistrationView from "../containers/views/OneTimePasswordRegistrationView/OneTimePasswordRegistrationView";
+import SecurityKeyRegistrationView from "../containers/views/SecurityKeyRegistrationView/SecurityKeyRegistrationView";
import ForgotPasswordView from "../views/ForgotPasswordView/ForgotPasswordView";
import ResetPasswordView from "../views/ResetPasswordView/ResetPasswordView";
@@ -15,9 +15,9 @@ export const routes = [{
title: '2-factor',
component: SecondFactorView,
}, {
- path: '/confirm',
+ path: '/confirmation-sent',
title: 'e-mail sent',
- component: ConfirmationSent
+ component: ConfirmationSentView
}, {
path: '/one-time-password-registration',
title: 'One-time password registration',
diff --git a/client-react/src/types/AuthenticationLevel.ts b/client-react/src/types/AuthenticationLevel.ts
new file mode 100644
index 00000000..550cc947
--- /dev/null
+++ b/client-react/src/types/AuthenticationLevel.ts
@@ -0,0 +1,7 @@
+enum AuthenticationLevel {
+ NOT_AUTHENTICATED = 0,
+ ONE_FACTOR = 1,
+ TWO_FACTOR = 2
+};
+
+export default AuthenticationLevel;
\ No newline at end of file
diff --git a/client-react/src/views/ConfirmationSentView/ConfirmationSentView.tsx b/client-react/src/views/ConfirmationSentView/ConfirmationSentView.tsx
index ae253834..113fb7cd 100644
--- a/client-react/src/views/ConfirmationSentView/ConfirmationSentView.tsx
+++ b/client-react/src/views/ConfirmationSentView/ConfirmationSentView.tsx
@@ -9,7 +9,7 @@ import { RouterProps } from "react-router";
interface Props extends RouterProps {}
-export default class ConfirmationSent extends Component {
+class ConfirmationSentView extends Component {
render() {
return (
)
}
-}
\ No newline at end of file
+}
+
+export default ConfirmationSentView;
\ No newline at end of file
diff --git a/client-react/src/views/FirstFactorView/FirstFactorView.tsx b/client-react/src/views/FirstFactorView/FirstFactorView.tsx
index 179a0820..b232468d 100644
--- a/client-react/src/views/FirstFactorView/FirstFactorView.tsx
+++ b/client-react/src/views/FirstFactorView/FirstFactorView.tsx
@@ -11,14 +11,24 @@ import { RouterProps } from "react-router";
import { WithStyles, withStyles } from "@material-ui/core";
import firstFactorViewStyles from '../../assets/jss/views/FirstFactorView/FirstFactorView';
+import FormNotification from "../../components/FormNotification/FormNotification";
-interface Props extends RouterProps, WithStyles {}
+import CheckBoxOutlineBlankIcon from '@material-ui/icons/CheckBoxOutlineBlank'
+import CheckBoxIcon from '@material-ui/icons/CheckBox';
+import StateSynchronizer from "../../containers/components/StateSynchronizer/StateSynchronizer";
+import RemoteState from "../../reducers/Portal/RemoteState";
+
+export interface Props extends RouterProps, WithStyles {
+ onAuthenticationRequested(username: string, password: string): void;
+}
interface State {
rememberMe: boolean;
username: string;
password: string;
loginButtonDisabled: boolean;
+ errorMessage: string | null;
+ remoteState: RemoteState | null;
}
class FirstFactorView extends Component
+
-
{this.renderTitle()}
-
+
{routes.map((r, key) => {
return {
+
)
}
-}
\ No newline at end of file
+}
+
+export default withStyles(styles)(PortalLayout);
\ No newline at end of file
diff --git a/client-react/src/reducers/Portal/RemoteState.ts b/client-react/src/reducers/Portal/RemoteState.ts
new file mode 100644
index 00000000..aa10b406
--- /dev/null
+++ b/client-react/src/reducers/Portal/RemoteState.ts
@@ -0,0 +1,8 @@
+import AuthenticationLevel from '../../types/AuthenticationLevel';
+
+interface RemoteState {
+ username: string;
+ authentication_level: AuthenticationLevel;
+}
+
+export default RemoteState;
\ No newline at end of file
diff --git a/client-react/src/reducers/Portal/actions.ts b/client-react/src/reducers/Portal/actions.ts
new file mode 100644
index 00000000..5548dcd5
--- /dev/null
+++ b/client-react/src/reducers/Portal/actions.ts
@@ -0,0 +1,41 @@
+import { createAction } from 'typesafe-actions';
+import {
+ AUTHENTICATE_REQUEST,
+ AUTHENTICATE_SUCCESS,
+ AUTHENTICATE_FAILURE,
+ FETCH_STATE_REQUEST,
+ FETCH_STATE_SUCCESS,
+ FETCH_STATE_FAILURE,
+ LOGOUT_REQUEST,
+ LOGOUT_SUCCESS,
+ LOGOUT_FAILURE
+} from "../constants";
+import RemoteState from './RemoteState';
+
+/* FETCH_STATE */
+export const fetchState = createAction(FETCH_STATE_REQUEST);
+export const fetchStateSuccess = createAction(FETCH_STATE_SUCCESS, resolve => {
+ return (state: RemoteState) => {
+ return resolve(state);
+ }
+});
+export const fetchStateFailure = createAction(FETCH_STATE_FAILURE, resolve => {
+ return (err: string) => {
+ return resolve(err);
+ }
+})
+
+/* AUTHENTICATE_REQUEST */
+export const authenticate = createAction(AUTHENTICATE_REQUEST);
+export const authenticateSuccess = createAction(AUTHENTICATE_SUCCESS);
+export const authenticateFailure = createAction(AUTHENTICATE_FAILURE, resolve => {
+ return (error: string) => resolve(error);
+});
+
+
+/* AUTHENTICATE_REQUEST */
+export const logout = createAction(LOGOUT_REQUEST);
+export const logoutSuccess = createAction(LOGOUT_SUCCESS);
+export const logoutFailure = createAction(LOGOUT_FAILURE, resolve => {
+ return (error: string) => resolve(error);
+});
diff --git a/client-react/src/reducers/Portal/reducer.ts b/client-react/src/reducers/Portal/reducer.ts
new file mode 100644
index 00000000..203fbcbf
--- /dev/null
+++ b/client-react/src/reducers/Portal/reducer.ts
@@ -0,0 +1,106 @@
+
+import * as Actions from './actions';
+import { ActionType, getType, StateType } from 'typesafe-actions';
+import RemoteState from './RemoteState';
+
+export type FirstFactorAction = ActionTypePowered by Authelia
@@ -20,15 +20,17 @@ export default class ConfirmationSent extends Component {
Please check your e-mails and follow the instructions to confirm the operation.
+
+ {this.state.errorMessage || ''}
+
{
{
)
}
+ render() {
+ return (
+ {
+ constructor(props: Props) {
+ super(props);
+ this.state = {
+ secret: {
+ otp_url: 'https://coucou',
+ base32_secret: 'coucou',
+ },
+ }
}
-}
\ No newline at end of file
+ componentDidMount() {
+ if (!this.props.location) {
+ console.error('There is no location to retrieve query params from...');
+ return;
+ }
+ const params = QueryString.parse(this.props.location.search);
+ if (!('token' in params)) {
+ console.error('Token parameter is expected and not provided');
+ return;
+ }
+ this.props.componentDidMount(
+ params['token'] as string,
+ this.onSuccess,
+ this.onFailure);
+ }
+
+ onSuccess = (secret: Secret) => {
+ this.setState({secret});
+ }
+
+ onFailure = (err: Error) => {}
+
+ private renderWithSecret(secret: Secret) {
+ const { classes } = this.props;
+ return (
+ {
@@ -18,6 +29,7 @@ class SecondFactorView extends Component {
super(props);
this.state = {
mode: 'u2f',
+ remoteState: null,
}
}
@@ -71,14 +83,32 @@ class SecondFactorView extends Component {
}
}
- render() {
+ private onRegisterClicked = () => {
+ const mode = this.state.mode;
+ if (mode === 'u2f') {
+ this.props.onRegisterSecurityKeyClicked();
+ } else {
+ this.props.onRegisterOneTimePasswordClicked();
+ }
+ }
+
+ private renderWithState(state: RemoteState) {
+ if (state.authentication_level < AuthenticationLevel.ONE_FACTOR) {
+ return {
+ componentDidMount() {
+ if (!this.props.location) {
+ console.error('There is no location to retrieve query params from...');
+ return;
+ }
+ const params = QueryString.parse(this.props.location.search);
+ if (!('token' in params)) {
+ console.error('Token parameter is expected and not provided');
+ return;
+ }
+ this.props.componentDidMount(params['token'] as string);
}
-}
\ No newline at end of file
+
+ render() {
+ const {classes} = this.props;
+ return (
+ {
const five_minutes = 4 * 60 * 1000;
const token = randomstring.generate({ length: 64 });
- const that = this;
return userDataStore.produceIdentityValidationToken(userid, token, challenge,
five_minutes)
@@ -46,9 +41,9 @@ export function register(app: Express.Application,
handler: IdentityValidable,
vars: ServerVariables) {
- app.get(pre_validation_endpoint,
+ app.post(pre_validation_endpoint,
get_start_validation(handler, post_validation_endpoint, vars));
- app.get(post_validation_endpoint,
+ app.post(post_validation_endpoint,
get_finish_validation(handler, vars));
}
@@ -69,7 +64,7 @@ export function get_finish_validation(handler: IdentityValidable,
let authSession: AuthenticationSession;
const identityToken = objectPath.get(
- req, "query.identity_token");
+ req, "query.token");
vars.logger.debug(req, "Identity token provided is %s", identityToken);
return checkIdentityToken(req, identityToken)
@@ -89,7 +84,7 @@ export function get_finish_validation(handler: IdentityValidable,
handler.postValidationResponse(req, res);
return BluebirdPromise.resolve();
})
- .catch(ErrorReplies.replyWithError401(req, res, vars.logger));
+ .catch(ErrorReplies.replyWithError200(req, res, vars.logger, OPERATION_FAILED));
};
}
@@ -118,8 +113,8 @@ export function get_start_validation(handler: IdentityValidable,
})
.then((token) => {
const host = req.get("Host");
- const link_url = util.format("https://%s%s?identity_token=%s", host,
- postValidationEndpoint, token);
+ const link_url = util.format("https://%s%s?token=%s", host,
+ handler.destinationPath(), token);
vars.logger.info(req, "Notification sent to user \"%s\"",
identity.userid);
return vars.notifier.notify(identity.email, handler.mailSubject(),
diff --git a/server/src/lib/IdentityValidable.ts b/server/src/lib/IdentityValidable.ts
index 075580c9..85a9a45c 100644
--- a/server/src/lib/IdentityValidable.ts
+++ b/server/src/lib/IdentityValidable.ts
@@ -16,4 +16,5 @@ export interface IdentityValidable {
// Serves the page if identity validated
postValidationResponse(req: Express.Request, res: Express.Response): void;
mailSubject(): string;
+ destinationPath(): string;
}
\ No newline at end of file
diff --git a/server/src/lib/IdentityValidableStub.spec.ts b/server/src/lib/IdentityValidableStub.spec.ts
index 20a97714..af9f1a79 100644
--- a/server/src/lib/IdentityValidableStub.spec.ts
+++ b/server/src/lib/IdentityValidableStub.spec.ts
@@ -1,7 +1,6 @@
import Sinon = require("sinon");
import { IdentityValidable } from "./IdentityValidable";
-import express = require("express");
import Bluebird = require("bluebird");
import { Identity } from "../../types/Identity";
@@ -13,6 +12,7 @@ export class IdentityValidableStub implements IdentityValidable {
preValidationResponseStub: Sinon.SinonStub;
postValidationResponseStub: Sinon.SinonStub;
mailSubjectStub: Sinon.SinonStub;
+ destinationPathStub: Sinon.SinonStub;
constructor() {
this.challengeStub = Sinon.stub();
@@ -49,4 +49,8 @@ export class IdentityValidableStub implements IdentityValidable {
mailSubject(): string {
return this.mailSubjectStub();
}
+
+ destinationPath(): string {
+ return this.destinationPathStub();
+ }
}
\ No newline at end of file
diff --git a/server/src/lib/Server.ts b/server/src/lib/Server.ts
index 4090f629..1a510578 100644
--- a/server/src/lib/Server.ts
+++ b/server/src/lib/Server.ts
@@ -1,11 +1,8 @@
import BluebirdPromise = require("bluebird");
-import ObjectPath = require("object-path");
import { Configuration } from "./configuration/schema/Configuration";
import { GlobalDependencies } from "../../types/Dependencies";
-import { UserDataStore } from "./storage/UserDataStore";
import { ConfigurationParser } from "./configuration/ConfigurationParser";
-import { SessionConfigurationBuilder } from "./configuration/SessionConfigurationBuilder";
import { GlobalLogger } from "./logging/GlobalLogger";
import { RequestLogger } from "./logging/RequestLogger";
import { ServerVariables } from "./ServerVariables";
@@ -13,7 +10,6 @@ import { ServerVariablesInitializer } from "./ServerVariablesInitializer";
import { Configurator } from "./web_server/Configurator";
import * as Express from "express";
-import * as Path from "path";
import * as http from "http";
function clone(obj: any) {
diff --git a/server/src/lib/ServerVariablesInitializer.ts b/server/src/lib/ServerVariablesInitializer.ts
index df79238c..fcf146d0 100644
--- a/server/src/lib/ServerVariablesInitializer.ts
+++ b/server/src/lib/ServerVariablesInitializer.ts
@@ -1,29 +1,19 @@
-import winston = require("winston");
import BluebirdPromise = require("bluebird");
-import U2F = require("u2f");
import Nodemailer = require("nodemailer");
import { IRequestLogger } from "./logging/IRequestLogger";
-import { RequestLogger } from "./logging/RequestLogger";
import { TotpHandler } from "./authentication/totp/TotpHandler";
-import { ITotpHandler } from "./authentication/totp/ITotpHandler";
import { NotifierFactory } from "./notifiers/NotifierFactory";
import { MailSenderBuilder } from "./notifiers/MailSenderBuilder";
import { LdapUsersDatabase } from "./authentication/backends/ldap/LdapUsersDatabase";
import { ConnectorFactory } from "./authentication/backends/ldap/connector/ConnectorFactory";
-import { IUserDataStore } from "./storage/IUserDataStore";
import { UserDataStore } from "./storage/UserDataStore";
-import { INotifier } from "./notifiers/INotifier";
import { Regulator } from "./regulation/Regulator";
-import { IRegulator } from "./regulation/IRegulator";
import Configuration = require("./configuration/schema/Configuration");
import { CollectionFactoryFactory } from "./storage/CollectionFactoryFactory";
-import { ICollectionFactory } from "./storage/ICollectionFactory";
-import { MongoCollectionFactory } from "./storage/mongo/MongoCollectionFactory";
-import { IMongoClient } from "./connectors/mongo/IMongoClient";
import { GlobalDependencies } from "../../types/Dependencies";
import { ServerVariables } from "./ServerVariables";
diff --git a/server/src/lib/authentication/Level.ts b/server/src/lib/authentication/Level.ts
index 57b6a234..dad04dd0 100644
--- a/server/src/lib/authentication/Level.ts
+++ b/server/src/lib/authentication/Level.ts
@@ -1,5 +1,3 @@
-export enum Level {
- NOT_AUTHENTICATED = 0,
- ONE_FACTOR = 1,
- TWO_FACTOR = 2
-}
\ No newline at end of file
+import { default as Level } from '../../../../shared/AuthenticationLevel';
+
+export {Level};
\ No newline at end of file
diff --git a/server/src/lib/notifiers/AbstractEmailNotifier.ts b/server/src/lib/notifiers/AbstractEmailNotifier.ts
index 198e4e5d..626f2b6a 100644
--- a/server/src/lib/notifiers/AbstractEmailNotifier.ts
+++ b/server/src/lib/notifiers/AbstractEmailNotifier.ts
@@ -1,6 +1,5 @@
import { INotifier } from "../notifiers/INotifier";
-import { Identity } from "../../../types/Identity";
import Fs = require("fs");
import Path = require("path");
diff --git a/server/src/lib/notifiers/EmailNotifier.ts b/server/src/lib/notifiers/EmailNotifier.ts
index 4df7c861..4ffd385d 100644
--- a/server/src/lib/notifiers/EmailNotifier.ts
+++ b/server/src/lib/notifiers/EmailNotifier.ts
@@ -1,6 +1,3 @@
-
-import * as BluebirdPromise from "bluebird";
-
import { AbstractEmailNotifier } from "../notifiers/AbstractEmailNotifier";
import { EmailNotifierConfiguration } from "../configuration/schema/NotifierConfiguration";
import { IMailSender } from "./IMailSender";
diff --git a/server/src/lib/routes/firstfactor/get.ts b/server/src/lib/routes/firstfactor/get.ts
deleted file mode 100644
index d94f656c..00000000
--- a/server/src/lib/routes/firstfactor/get.ts
+++ /dev/null
@@ -1,72 +0,0 @@
-
-import express = require("express");
-import Endpoints = require("../../../../../shared/api");
-import BluebirdPromise = require("bluebird");
-import { AuthenticationSessionHandler } from "../../AuthenticationSessionHandler";
-import Constants = require("../../../../../shared/constants");
-import Util = require("util");
-import { ServerVariables } from "../../ServerVariables";
-import { SafeRedirector } from "../../utils/SafeRedirection";
-import { Level } from "../../authentication/Level";
-
-function getRedirectParam(
- req: express.Request) {
- return req.query[Constants.REDIRECT_QUERY_PARAM] != "undefined"
- ? req.query[Constants.REDIRECT_QUERY_PARAM]
- : undefined;
-}
-
-function redirectToSecondFactorPage(
- req: express.Request,
- res: express.Response) {
-
- const redirectUrl = getRedirectParam(req);
- if (!redirectUrl)
- res.redirect(Endpoints.SECOND_FACTOR_GET);
- else
- res.redirect(
- Util.format("%s?%s=%s",
- Endpoints.SECOND_FACTOR_GET,
- Constants.REDIRECT_QUERY_PARAM,
- redirectUrl));
-}
-
-function redirectToService(
- req: express.Request,
- res: express.Response,
- redirector: SafeRedirector) {
- const redirectUrl = getRedirectParam(req);
- if (!redirectUrl) {
- res.redirect(Endpoints.LOGGED_IN);
- } else {
- redirector.redirectOrElse(res, redirectUrl, Endpoints.LOGGED_IN);
- }
-}
-
-function renderFirstFactor(
- res: express.Response) {
-
- res.render("firstfactor", {
- first_factor_post_endpoint: Endpoints.FIRST_FACTOR_POST,
- reset_password_request_endpoint: Endpoints.RESET_PASSWORD_REQUEST_GET
- });
-}
-
-export default function (
- vars: ServerVariables) {
-
- const redirector = new SafeRedirector(vars.config.session.domain);
- return function (req: express.Request, res: express.Response): BluebirdPromise {
- return new BluebirdPromise(function (resolve, reject) {
- const authSession = AuthenticationSessionHandler.get(req, vars.logger);
- if (authSession.authentication_level == Level.ONE_FACTOR) {
- redirectToSecondFactorPage(req, res);
- } else if (authSession.authentication_level == Level.TWO_FACTOR) {
- redirectToService(req, res, redirector);
- } else {
- renderFirstFactor(res);
- }
- resolve();
- });
- };
-}
diff --git a/server/src/lib/routes/firstfactor/post.ts b/server/src/lib/routes/firstfactor/post.ts
index 565681d6..e1332071 100644
--- a/server/src/lib/routes/firstfactor/post.ts
+++ b/server/src/lib/routes/firstfactor/post.ts
@@ -10,7 +10,7 @@ import UserMessages = require("../../../../../shared/UserMessages");
import { ServerVariables } from "../../ServerVariables";
import { AuthenticationSession } from "../../../../types/AuthenticationSession";
import { GroupsAndEmails } from "../../authentication/backends/GroupsAndEmails";
-import { Level as AuthenticationLevel } from "../../authentication/Level";
+import {Level} from "../../authentication/Level";
import { Level as AuthorizationLevel } from "../../authorization/Level";
import { URLDecomposer } from "../../utils/URLDecomposer";
@@ -48,7 +48,7 @@ export default function (vars: ServerVariables) {
JSON.stringify(groupsAndEmails));
authSession.userid = username;
authSession.keep_me_logged_in = keepMeLoggedIn;
- authSession.authentication_level = AuthenticationLevel.ONE_FACTOR;
+ authSession.authentication_level = Level.ONE_FACTOR;
const redirectUrl: string = req.query[Constants.REDIRECT_QUERY_PARAM] !== "undefined"
// Fuck, don't know why it is a string!
? req.query[Constants.REDIRECT_QUERY_PARAM]
@@ -80,7 +80,7 @@ export default function (vars: ServerVariables) {
vars.logger.debug(req, "Redirect to '%s'", redirectUrl);
}
else {
- let newRedirectUrl = Endpoint.SECOND_FACTOR_GET;
+ let newRedirectUrl = '/2fa';
if (redirectUrl) {
newRedirectUrl += "?" + Constants.REDIRECT_QUERY_PARAM + "="
+ redirectUrl;
diff --git a/server/src/lib/routes/loggedin/get.ts b/server/src/lib/routes/loggedin/get.ts
index 283a041b..3a6f183d 100644
--- a/server/src/lib/routes/loggedin/get.ts
+++ b/server/src/lib/routes/loggedin/get.ts
@@ -10,7 +10,7 @@ export default function (vars: ServerVariables) {
return new BluebirdPromise(function (resolve, reject) {
const authSession = AuthenticationSessionHandler.get(req, vars.logger);
res.render("already-logged-in", {
- logout_endpoint: Endpoints.LOGOUT_GET,
+ logout_endpoint: Endpoints.LOGOUT_POST,
username: authSession.userid,
redirection_url: vars.config.default_redirection_url
});
diff --git a/server/src/lib/routes/logout/get.ts b/server/src/lib/routes/logout/post.ts
similarity index 100%
rename from server/src/lib/routes/logout/get.ts
rename to server/src/lib/routes/logout/post.ts
diff --git a/server/src/lib/routes/password-reset/identity/PasswordResetHandler.ts b/server/src/lib/routes/password-reset/identity/PasswordResetHandler.ts
index 42ae92cd..a5116a8b 100644
--- a/server/src/lib/routes/password-reset/identity/PasswordResetHandler.ts
+++ b/server/src/lib/routes/password-reset/identity/PasswordResetHandler.ts
@@ -66,4 +66,8 @@ export default class PasswordResetHandler implements IdentityValidable {
mailSubject(): string {
return "Reset your password";
}
+
+ destinationPath(): string {
+ return "/reset-password";
+ }
}
\ No newline at end of file
diff --git a/server/src/lib/routes/secondfactor/get.spec.ts b/server/src/lib/routes/secondfactor/get.spec.ts
deleted file mode 100644
index 6c77e1f6..00000000
--- a/server/src/lib/routes/secondfactor/get.spec.ts
+++ /dev/null
@@ -1,44 +0,0 @@
-import SecondFactorGet from "./get";
-import { ServerVariablesMockBuilder, ServerVariablesMock }
- from "../../ServerVariablesMockBuilder.spec";
-import { ServerVariables } from "../../ServerVariables";
-import Sinon = require("sinon");
-import ExpressMock = require("../../stubs/express.spec");
-import Assert = require("assert");
-import Endpoints = require("../../../../../shared/api");
-import BluebirdPromise = require("bluebird");
-
-describe("routes/secondfactor/get", function () {
- let mocks: ServerVariablesMock;
- let vars: ServerVariables;
- let req: ExpressMock.RequestMock;
- let res: ExpressMock.ResponseMock;
-
- beforeEach(function () {
- const s = ServerVariablesMockBuilder.build();
- mocks = s.mocks;
- vars = s.variables;
-
- req = ExpressMock.RequestMock();
- res = ExpressMock.ResponseMock();
-
- req.session = {
- auth: {
- userid: "user",
- first_factor: true,
- second_factor: false
- }
- };
- });
-
- describe("test rendering", function () {
- it("should render second factor page", function () {
- req.session.auth.second_factor = false;
- return SecondFactorGet(vars)(req as any, res as any)
- .then(function () {
- Assert(res.render.calledWith("secondfactor"));
- return BluebirdPromise.resolve();
- });
- });
- });
-});
\ No newline at end of file
diff --git a/server/src/lib/routes/secondfactor/get.ts b/server/src/lib/routes/secondfactor/get.ts
deleted file mode 100644
index 9f6deb4c..00000000
--- a/server/src/lib/routes/secondfactor/get.ts
+++ /dev/null
@@ -1,28 +0,0 @@
-
-import Express = require("express");
-import Endpoints = require("../../../../../shared/api");
-import BluebirdPromise = require("bluebird");
-import { AuthenticationSessionHandler } from "../../AuthenticationSessionHandler";
-import { ServerVariables } from "../../ServerVariables";
-
-const TEMPLATE_NAME = "secondfactor";
-
-export default function (vars: ServerVariables) {
- function handler(req: Express.Request, res: Express.Response)
- : BluebirdPromise {
-
- return new BluebirdPromise(function (resolve, reject) {
- const authSession = AuthenticationSessionHandler.get(req, vars.logger);
-
- res.render(TEMPLATE_NAME, {
- username: authSession.userid,
- totp_identity_start_endpoint:
- Endpoints.SECOND_FACTOR_TOTP_IDENTITY_START_GET,
- u2f_identity_start_endpoint:
- Endpoints.SECOND_FACTOR_U2F_IDENTITY_START_GET
- });
- resolve();
- });
- }
- return handler;
-}
diff --git a/server/src/lib/routes/secondfactor/redirect.ts b/server/src/lib/routes/secondfactor/redirect.ts
index 5d84d9eb..75132f96 100644
--- a/server/src/lib/routes/secondfactor/redirect.ts
+++ b/server/src/lib/routes/secondfactor/redirect.ts
@@ -1,13 +1,10 @@
import express = require("express");
-import objectPath = require("object-path");
-import Endpoints = require("../../../../../shared/api");
import { ServerVariables } from "../../ServerVariables";
import BluebirdPromise = require("bluebird");
import ErrorReplies = require("../../ErrorReplies");
import UserMessages = require("../../../../../shared/UserMessages");
import { RedirectionMessage } from "../../../../../shared/RedirectionMessage";
-import Constants = require("../../../../../shared/constants");
export default function (vars: ServerVariables) {
return function (req: express.Request, res: express.Response)
diff --git a/server/src/lib/routes/secondfactor/totp/identity/RegistrationHandler.ts b/server/src/lib/routes/secondfactor/totp/identity/RegistrationHandler.ts
index b39b6d04..91407676 100644
--- a/server/src/lib/routes/secondfactor/totp/identity/RegistrationHandler.ts
+++ b/server/src/lib/routes/secondfactor/totp/identity/RegistrationHandler.ts
@@ -97,7 +97,7 @@ export default class RegistrationHandler implements IdentityValidable {
.then(function () {
AuthenticationSessionHandler.reset(req);
- res.render(Constants.TEMPLATE_NAME, {
+ res.json({
base32_secret: secret.base32,
otpauth_url: secret.otpauth_url,
login_endpoint: Endpoints.FIRST_FACTOR_GET
@@ -109,4 +109,8 @@ export default class RegistrationHandler implements IdentityValidable {
mailSubject(): string {
return "Set up Authelia's one-time password";
}
+
+ destinationPath(): string {
+ return "/one-time-password-registration";
+ }
}
\ No newline at end of file
diff --git a/server/src/lib/routes/secondfactor/totp/sign/post.ts b/server/src/lib/routes/secondfactor/totp/sign/post.ts
index 34a276d1..2da0cfad 100644
--- a/server/src/lib/routes/secondfactor/totp/sign/post.ts
+++ b/server/src/lib/routes/secondfactor/totp/sign/post.ts
@@ -2,7 +2,6 @@ import Bluebird = require("bluebird");
import Express = require("express");
import { TOTPSecretDocument } from "../../../../storage/TOTPSecretDocument";
-import Endpoints = require("../../../../../../../shared/api");
import Redirect from "../../redirect";
import ErrorReplies = require("../../../../ErrorReplies");
import { AuthenticationSessionHandler } from "../../../../AuthenticationSessionHandler";
@@ -11,8 +10,6 @@ import UserMessages = require("../../../../../../../shared/UserMessages");
import { ServerVariables } from "../../../../ServerVariables";
import { Level } from "../../../../authentication/Level";
-const UNAUTHORIZED_MESSAGE = "Unauthorized access";
-
export default function (vars: ServerVariables) {
function handler(req: Express.Request, res: Express.Response): Bluebird {
let authSession: AuthenticationSession;
@@ -27,8 +24,9 @@ export default function (vars: ServerVariables) {
return vars.userDataStore.retrieveTOTPSecret(authSession.userid);
})
.then(function (doc: TOTPSecretDocument) {
- if (!vars.totpHandler.validate(token, doc.secret.base32))
+ if (!vars.totpHandler.validate(token, doc.secret.base32)) {
return Bluebird.reject(new Error("Invalid TOTP token."));
+ }
vars.logger.debug(req, "TOTP validation succeeded.");
authSession.authentication_level = Level.TWO_FACTOR;
diff --git a/server/src/lib/routes/secondfactor/u2f/identity/RegistrationHandler.ts b/server/src/lib/routes/secondfactor/u2f/identity/RegistrationHandler.ts
index bc4713c7..25bfc9a8 100644
--- a/server/src/lib/routes/secondfactor/u2f/identity/RegistrationHandler.ts
+++ b/server/src/lib/routes/secondfactor/u2f/identity/RegistrationHandler.ts
@@ -69,5 +69,9 @@ export default class RegistrationHandler implements IdentityValidable {
mailSubject(): string {
return MAIL_SUBJECT;
}
+
+ destinationPath(): string {
+ return "/security-key-registration";
+ }
}
diff --git a/server/src/lib/routes/secondfactor/u2f/register_request/get.ts b/server/src/lib/routes/secondfactor/u2f/register_request/get.ts
index f611af93..ecac24f4 100644
--- a/server/src/lib/routes/secondfactor/u2f/register_request/get.ts
+++ b/server/src/lib/routes/secondfactor/u2f/register_request/get.ts
@@ -1,7 +1,4 @@
-import { UserDataStore } from "../../../../storage/UserDataStore";
-
-import objectPath = require("object-path");
import u2f_common = require("../U2FCommon");
import BluebirdPromise = require("bluebird");
import express = require("express");
@@ -21,8 +18,6 @@ export default function (vars: ServerVariables) {
authSession = AuthenticationSessionHandler.get(req, vars.logger);
if (!authSession.identity_check
|| authSession.identity_check.challenge != "u2f-register") {
- res.status(403);
- res.send();
return reject(new Error("Bad challenge."));
}
diff --git a/server/src/lib/routes/state/get.ts b/server/src/lib/routes/state/get.ts
new file mode 100644
index 00000000..be3e5507
--- /dev/null
+++ b/server/src/lib/routes/state/get.ts
@@ -0,0 +1,17 @@
+import * as Express from 'express';
+import * as Bluebird from 'bluebird';
+import { ServerVariables } from "../../ServerVariables";
+import { AuthenticationSessionHandler } from '../../AuthenticationSessionHandler';
+
+export default function (vars: ServerVariables) {
+ return function (req: Express.Request, res: Express.Response): Bluebird {
+ return new Bluebird(function (resolve, reject) {
+ const authSession = AuthenticationSessionHandler.get(req, vars.logger);
+ res.json({
+ username: authSession.userid,
+ authentication_level: authSession.authentication_level
+ })
+ resolve();
+ });
+ };
+}
diff --git a/server/src/lib/routes/verify/access_control.ts b/server/src/lib/routes/verify/access_control.ts
index 136239ae..cbf97ab3 100644
--- a/server/src/lib/routes/verify/access_control.ts
+++ b/server/src/lib/routes/verify/access_control.ts
@@ -6,7 +6,6 @@ import Exceptions = require("../../Exceptions");
import { Level as AuthorizationLevel } from "../../authorization/Level";
import { Level as AuthenticationLevel } from "../../authentication/Level";
-import { AuthenticationSessionHandler } from "../../AuthenticationSessionHandler";
import { ServerVariables } from "../../ServerVariables";
function isAuthorized(
diff --git a/server/src/lib/web_server/RestApi.ts b/server/src/lib/web_server/RestApi.ts
index 9144a15b..12d66117 100644
--- a/server/src/lib/web_server/RestApi.ts
+++ b/server/src/lib/web_server/RestApi.ts
@@ -1,10 +1,8 @@
import Express = require("express");
-import FirstFactorGet = require("../routes/firstfactor/get");
-import SecondFactorGet = require("../routes/secondfactor/get");
-
import FirstFactorPost = require("../routes/firstfactor/post");
-import LogoutGet = require("../routes/logout/get");
+import LogoutPost from "../routes/logout/post";
+import StateGet from "../routes/state/get";
import VerifyGet = require("../routes/verify/get");
import TOTPSignGet = require("../routes/secondfactor/totp/sign/post");
@@ -69,15 +67,15 @@ function setupU2f(app: Express.Application, vars: ServerVariables) {
RequireValidatedFirstFactor.middleware(vars.logger),
U2FRegisterPost.default(vars));
- app.get(Endpoints.SECOND_FACTOR_U2F_IDENTITY_START_GET,
+ app.post(Endpoints.SECOND_FACTOR_U2F_IDENTITY_START_POST,
RequireValidatedFirstFactor.middleware(vars.logger));
- app.get(Endpoints.SECOND_FACTOR_U2F_IDENTITY_FINISH_GET,
+ app.post(Endpoints.SECOND_FACTOR_U2F_IDENTITY_FINISH_POST,
RequireValidatedFirstFactor.middleware(vars.logger));
IdentityCheckMiddleware.register(app,
- Endpoints.SECOND_FACTOR_U2F_IDENTITY_START_GET,
- Endpoints.SECOND_FACTOR_U2F_IDENTITY_FINISH_GET,
+ Endpoints.SECOND_FACTOR_U2F_IDENTITY_START_POST,
+ Endpoints.SECOND_FACTOR_U2F_IDENTITY_FINISH_POST,
new U2FRegistrationIdentityHandler(vars.logger), vars);
}
@@ -102,13 +100,9 @@ function setupErrors(app: Express.Application, vars: ServerVariables) {
export class RestApi {
static setup(app: Express.Application, vars: ServerVariables): void {
- app.get(Endpoints.FIRST_FACTOR_GET, FirstFactorGet.default(vars));
+ app.get(Endpoints.STATE_GET, StateGet(vars));
- app.get(Endpoints.SECOND_FACTOR_GET,
- RequireValidatedFirstFactor.middleware(vars.logger),
- SecondFactorGet.default(vars));
-
- app.get(Endpoints.LOGOUT_GET, LogoutGet.default(vars));
+ app.post(Endpoints.LOGOUT_POST, LogoutPost(vars));
app.get(Endpoints.VERIFY_GET, VerifyGet.default(vars));
app.post(Endpoints.FIRST_FACTOR_POST, FirstFactorPost.default(vars));
diff --git a/shared/AuthenticationLevel.ts b/shared/AuthenticationLevel.ts
new file mode 100644
index 00000000..b92d6a0a
--- /dev/null
+++ b/shared/AuthenticationLevel.ts
@@ -0,0 +1,7 @@
+enum Level {
+ NOT_AUTHENTICATED = 0,
+ ONE_FACTOR = 1,
+ TWO_FACTOR = 2
+};
+
+export default Level;
\ No newline at end of file
diff --git a/shared/api.ts b/shared/api.ts
index 2ebe5d3d..65be01e4 100644
--- a/shared/api.ts
+++ b/shared/api.ts
@@ -109,17 +109,17 @@ export const SECOND_FACTOR_TOTP_POST = "/api/totp";
/**
- * @api {get} /secondfactor/u2f/identity/start Start U2F registration identity validation
+ * @api {get} /api/secondfactor/u2f/identity/start Start U2F registration identity validation
* @apiName RequestU2FRegistration
* @apiGroup U2F
* @apiVersion 1.0.0
* @apiUse UserSession
* @apiUse IdentityValidationStart
*/
-export const SECOND_FACTOR_U2F_IDENTITY_START_GET = "/secondfactor/u2f/identity/start";
+export const SECOND_FACTOR_U2F_IDENTITY_START_POST = "/api/secondfactor/u2f/identity/start";
/**
- * @api {get} /secondfactor/u2f/identity/finish Finish U2F registration identity validation
+ * @api {get} /api/secondfactor/u2f/identity/finish Finish U2F registration identity validation
* @apiName ServeU2FRegistrationPage
* @apiGroup U2F
* @apiVersion 1.0.0
@@ -129,12 +129,12 @@ export const SECOND_FACTOR_U2F_IDENTITY_START_GET = "/secondfactor/u2f/identity/
* @apiDescription Serves the U2F registration page that asks the user to
* touch the token of the U2F device.
*/
-export const SECOND_FACTOR_U2F_IDENTITY_FINISH_GET = "/secondfactor/u2f/identity/finish";
+export const SECOND_FACTOR_U2F_IDENTITY_FINISH_POST = "/api/secondfactor/u2f/identity/finish";
/**
- * @api {get} /secondfactor/totp/identity/start Start TOTP registration identity validation
+ * @api {get} /api/secondfactor/totp/identity/start Start TOTP registration identity validation
* @apiName StartTOTPRegistration
* @apiGroup TOTP
* @apiVersion 1.0.0
@@ -143,12 +143,12 @@ export const SECOND_FACTOR_U2F_IDENTITY_FINISH_GET = "/secondfactor/u2f/identity
*
* @apiDescription Initiates the identity validation
*/
-export const SECOND_FACTOR_TOTP_IDENTITY_START_GET = "/secondfactor/totp/identity/start";
+export const SECOND_FACTOR_TOTP_IDENTITY_START_GET = "/api/secondfactor/totp/identity/start";
/**
- * @api {get} /secondfactor/totp/identity/finish Finish TOTP registration identity validation
+ * @api {get} /api/secondfactor/totp/identity/finish Finish TOTP registration identity validation
* @apiName FinishTOTPRegistration
* @apiGroup TOTP
* @apiVersion 1.0.0
@@ -159,7 +159,7 @@ export const SECOND_FACTOR_TOTP_IDENTITY_START_GET = "/secondfactor/totp/identit
* @apiDescription Serves the TOTP registration page that displays the secret.
* The secret is a QRCode and a base32 secret.
*/
-export const SECOND_FACTOR_TOTP_IDENTITY_FINISH_GET = "/secondfactor/totp/identity/finish";
+export const SECOND_FACTOR_TOTP_IDENTITY_FINISH_GET = "/api/secondfactor/totp/identity/finish";
@@ -252,16 +252,17 @@ export const FIRST_FACTOR_POST = "/api/firstfactor";
export const FIRST_FACTOR_GET = "/";
/**
- * @api {get} /secondfactor Second factor page
- * @apiName SecondFactor
+ * @api {get} /state Authentication state
+ * @apiName State
* @apiGroup Authentication
* @apiVersion 1.0.0
- *
- * @apiSuccess (Success 200) {String} Content The content of second factor page.
- *
- * @apiDescription Serves the second factor page
+ *
+ * @apiSuccess (Success 200) A dict containing the username and the authentication
+ * level
+ *
+ * @apiDescription Get the authentication state of the user based on the cookie.
*/
-export const SECOND_FACTOR_GET = "/secondfactor";
+export const STATE_GET = "/api/state";
/**
* @api {get} /api/verify Verify user authentication
@@ -287,17 +288,16 @@ export const SECOND_FACTOR_GET = "/secondfactor";
export const VERIFY_GET = "/api/verify";
/**
- * @api {get} /logout Serves logout page
+ * @api {post} /api/logout Logout procedure
* @apiName Logout
* @apiGroup Authentication
* @apiVersion 1.0.0
*
- * @apiParam {String} redirect Redirect to this URL when user is deauthenticated.
- * @apiSuccess (Success 302) redirect Redirect to the URL.
+ * @apiSuccess (Success 200)
*
- * @apiDescription Log out the user and redirect to the URL.
+ * @apiDescription Resets the session to logout the user.
*/
-export const LOGOUT_GET = "/logout";
+export const LOGOUT_POST = "/api/logout";
export const ERROR_401_GET = "/error/401";
export const ERROR_403_GET = "/error/403";
+ this.setState({remoteState})}/>
+ {this.state.remoteState ? this.renderWithState(this.state.remoteState) : null}
+
+ )
+ }
+
private authenticate() {
- this.setState({loginButtonDisabled: true})
- fetch('/api/firstfactor', {
- method: 'POST',
- headers: {
- 'Accept': 'application/json',
- 'Content-Type': 'application/json',
- },
- body: JSON.stringify({
- username: this.state.username,
- password: this.state.password,
- })
- }).then(async (res) => {
- const json = await res.json();
- if ('error' in json) {
- console.log('ERROR!');
- this.setState({loginButtonDisabled: false});
- return;
- }
- this.props.history.push('/2fa');
+ this.setState({loginButtonDisabled: true});
+ this.props.onAuthenticationRequested(
+ this.state.username,
+ this.state.password);
+ this.setState({errorMessage: null});
+ }
+
+ onFailure = (error: string) => {
+ this.setState({
+ loginButtonDisabled: false,
+ errorMessage: 'An error occured. Your username/password are probably wrong.'
});
}
+
+ onSuccess = () => {
+ this.props.history.push('/2fa');
+ }
}
export default withStyles(firstFactorViewStyles)(FirstFactorView);
\ No newline at end of file
diff --git a/client-react/src/views/OneTimePasswordRegistrationView/OneTimePasswordRegistrationView.tsx b/client-react/src/views/OneTimePasswordRegistrationView/OneTimePasswordRegistrationView.tsx
index 77711515..90564a74 100644
--- a/client-react/src/views/OneTimePasswordRegistrationView/OneTimePasswordRegistrationView.tsx
+++ b/client-react/src/views/OneTimePasswordRegistrationView/OneTimePasswordRegistrationView.tsx
@@ -1,8 +1,88 @@
import React, { Component } from "react";
+import { WithStyles, withStyles, TextField } from "@material-ui/core";
-export default class OneTimePasswordRegistrationView extends Component {
- render() {
- return ()
+import styles from '../../assets/jss/views/OneTimePasswordRegistrationView/OneTimePasswordRegistrationView';
+import { RouteProps } from "react-router";
+import QueryString from 'query-string';
+
+import QRCode from 'qrcode.react';
+
+export type OnSuccess = (secret: Secret) => void;
+export type OnFailure = (err: Error) => void;
+
+export interface Props extends WithStyles, RouteProps {
+ componentDidMount: (token: string, onSuccess: OnSuccess, onFailure: OnFailure) => void;
+}
+
+export interface Secret {
+ otp_url: string;
+ base32_secret: string;
+}
+
+interface State {
+ secret: Secret | null;
+}
+
+class OneTimePasswordRegistrationView extends Component
+
+ )
+ }
+
+ render() {
+ return this.state.secret ? this.renderWithSecret(this.state.secret) : null;
+ }
+}
+
+export default withStyles(styles)(OneTimePasswordRegistrationView);
\ No newline at end of file
diff --git a/client-react/src/views/SecondFactorView/SecondFactorView.tsx b/client-react/src/views/SecondFactorView/SecondFactorView.tsx
index 97afb3fd..6e9e78ec 100644
--- a/client-react/src/views/SecondFactorView/SecondFactorView.tsx
+++ b/client-react/src/views/SecondFactorView/SecondFactorView.tsx
@@ -4,13 +4,24 @@ import { WithStyles, withStyles, Button, TextField } from '@material-ui/core';
import styles from '../../assets/jss/views/SecondFactorView/SecondFactorView';
import securityKeyImage from '../../assets/images/security-key-hand.png';
+import StateSynchronizer from '../../containers/components/StateSynchronizer/StateSynchronizer';
+import { RouterProps, Redirect } from 'react-router';
+import RemoteState from '../../reducers/Portal/RemoteState';
+import AuthenticationLevel from '../../types/AuthenticationLevel';
+import { WithState } from '../../components/StateSynchronizer/WithState';
type Mode = 'u2f' | 'totp';
-interface Props extends WithStyles {};
+export interface Props extends WithStyles, RouterProps, WithState {
+ onLogoutClicked: () => void;
+ onRegisterSecurityKeyClicked: () => void;
+ onRegisterOneTimePasswordClicked: () => void;
+ onStateLoaded: (state: RemoteState) => void;
+};
interface State {
mode: Mode;
+ remoteState: RemoteState | null;
}
class SecondFactorView extends Component
+
+
+ {this.state.secret ?
+
+
+ {this.state.remoteState ? this.renderWithState(this.state.remoteState) : null}
+
+ )
+ }
}
export default withStyles(styles)(SecondFactorView);
\ No newline at end of file
diff --git a/client-react/src/views/SecurityKeyRegistrationView/SecurityKeyRegistrationView.tsx b/client-react/src/views/SecurityKeyRegistrationView/SecurityKeyRegistrationView.tsx
index 6bd8540d..b5aaa5aa 100644
--- a/client-react/src/views/SecurityKeyRegistrationView/SecurityKeyRegistrationView.tsx
+++ b/client-react/src/views/SecurityKeyRegistrationView/SecurityKeyRegistrationView.tsx
@@ -1,8 +1,41 @@
import React, { Component } from "react";
+import securityKeyImage from '../../assets/images/security-key-hand.png';
+import { WithStyles, withStyles } from "@material-ui/core";
-export default class SecurityKeyRegistrationView extends Component {
- render() {
- return ()
+import styles from '../../assets/jss/views/SecurityKeyRegistrationView/SecurityKeyRegistrationView';
+import { RouteProps } from "react-router";
+import QueryString from 'query-string';
+
+interface Props extends WithStyles, RouteProps {
+ componentDidMount: (token: string) => void;
+}
+
+class SecurityKeyRegistrationView extends Component
+
+ )
+ }
+}
+
+export default withStyles(styles)(SecurityKeyRegistrationView);
\ No newline at end of file
diff --git a/example/compose/nginx/portal/nginx.conf b/example/compose/nginx/portal/nginx.conf
index 646456af..2ac6d384 100644
--- a/example/compose/nginx/portal/nginx.conf
+++ b/example/compose/nginx/portal/nginx.conf
@@ -28,21 +28,6 @@ http {
proxy_pass $frontend_endpoint;
}
-
- # Serves the portal application.
- location /sockjs-node {
- # Allow websockets for webpack to auto-reload.
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "Upgrade";
-
- proxy_pass $frontend_endpoint;
- }
-
- # Serves the portal application.
- location /static {
- proxy_pass $frontend_endpoint;
- }
# Serve the backend API for the portal.
location /api {
@@ -53,12 +38,6 @@ http {
proxy_intercept_errors on;
proxy_pass $backend_endpoint;
-
- if ($request_method !~ ^(POST)$){
- error_page 401 = /error/401;
- error_page 403 = /error/403;
- error_page 404 = /error/404;
- }
}
}
diff --git a/package-lock.json b/package-lock.json
index e7a1e627..6a80683c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -115,21 +115,6 @@
"integrity": "sha512-dWP6LJm9nKT6ALaa+bnL247GHHMWir3vSlZ2+IHgHgktZQx0L3Uvq2uAWcuzIe+fujRsYWBW2q622C5UvGK9iQ==",
"dev": true
},
- "@babel/runtime": {
- "version": "7.2.0",
- "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.2.0.tgz",
- "integrity": "sha512-oouEibCbHMVdZSDlJBO6bZmID/zA/G/Qx3H1d3rSNPTD+L8UNKvCat7aKWSJ74zYbm5zWGh0GQN0hKj8zYFTCg==",
- "requires": {
- "regenerator-runtime": "^0.12.0"
- },
- "dependencies": {
- "regenerator-runtime": {
- "version": "0.12.1",
- "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.12.1.tgz",
- "integrity": "sha512-odxIc1/vDlo4iZcfXqRYFj0vpXFNoGdKMAUieAlFYO6m/nl5e9KR/beGf41z4a1FI+aQgtjhuaSlDxQ0hmkrHg=="
- }
- }
- },
"@babel/template": {
"version": "7.1.2",
"resolved": "https://registry.npmjs.org/@babel/template/-/template-7.1.2.tgz",
@@ -512,11 +497,6 @@
"integrity": "sha512-txsii9cwD2OUOPukfPu3Jpoi3CnznBAwRX3JF26EC4p5T6IA8AaL6PBilACyY2fJkk+ydDNo4BJrJOo/OmNaZw==",
"dev": true
},
- "@types/prop-types": {
- "version": "15.5.8",
- "resolved": "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.5.8.tgz",
- "integrity": "sha512-3AQoUxQcQtLHsK25wtTWIoIpgYjH3vSDroZOUr7PpCHw/jLY1RB9z9E8dBT/OSmwStVgkRNvdh+ZHNiomRieaw=="
- },
"@types/proxyquire": {
"version": "1.3.28",
"resolved": "https://registry.npmjs.org/@types/proxyquire/-/proxyquire-1.3.28.tgz",
@@ -535,24 +515,6 @@
"integrity": "sha512-XRIZIMTxjcUukqQcYBdpFWGbcRDyNBXrvTEtTYgFMIbBNUVt+9mCKsU+jUUDLeFO/RXopUgR5OLiBqbY18vSHQ==",
"dev": true
},
- "@types/react": {
- "version": "16.7.18",
- "resolved": "https://registry.npmjs.org/@types/react/-/react-16.7.18.tgz",
- "integrity": "sha512-Tx4uu3ppK53/iHk6VpamMP3f3ahfDLEVt3ZQc8TFm30a1H3v9lMsCntBREswZIW/SKrvJjkb3Hq8UwO6GREBng==",
- "requires": {
- "@types/prop-types": "*",
- "csstype": "^2.2.0"
- }
- },
- "@types/react-redux": {
- "version": "6.0.12",
- "resolved": "https://registry.npmjs.org/@types/react-redux/-/react-redux-6.0.12.tgz",
- "integrity": "sha512-fvcpm7cfW/JMflRdZgegCVbSGYt/hyEWQKriesaLZDRDjBGKQsAiui08VCQg5lBpocPmulVGKFhICtOAcMUPOQ==",
- "requires": {
- "@types/react": "*",
- "redux": "^4.0.0"
- }
- },
"@types/redis": {
"version": "2.8.6",
"resolved": "https://registry.npmjs.org/@types/redis/-/redis-2.8.6.tgz",
@@ -2281,11 +2243,6 @@
"cssom": "0.3.x"
}
},
- "csstype": {
- "version": "2.6.0",
- "resolved": "https://registry.npmjs.org/csstype/-/csstype-2.6.0.tgz",
- "integrity": "sha512-by8hi8BlLbowQq0qtkx54d9aN73R9oUW20HISpka5kmgsR9F7nnxgfsemuR2sdCKZh+CDNf5egW9UZMm4mgJRg=="
- },
"cucumber": {
"version": "4.2.1",
"resolved": "http://registry.npmjs.org/cucumber/-/cucumber-4.2.1.tgz",
@@ -4748,14 +4705,6 @@
"minimalistic-crypto-utils": "^1.0.1"
}
},
- "hoist-non-react-statics": {
- "version": "3.2.1",
- "resolved": "https://registry.npmjs.org/hoist-non-react-statics/-/hoist-non-react-statics-3.2.1.tgz",
- "integrity": "sha512-TFsu3TV3YLY+zFTZDrN8L2DTFanObwmBLpWvJs1qfUuEQ5bTAdFcwfx2T/bsCXfM9QHSLvjfP+nihEl0yvozxw==",
- "requires": {
- "react-is": "^16.3.2"
- }
- },
"hooker": {
"version": "0.2.3",
"resolved": "https://registry.npmjs.org/hooker/-/hooker-0.2.3.tgz",
@@ -4945,14 +4894,6 @@
"xtend": "^4.0.0"
}
},
- "invariant": {
- "version": "2.2.4",
- "resolved": "https://registry.npmjs.org/invariant/-/invariant-2.2.4.tgz",
- "integrity": "sha512-phJfQVBuaJM5raOpJjSfkiD6BpbCE4Ns//LaXl6wGYtUBY83nWS6Rf9tXm2e8VaK60JEjYldbPif/A2B1C2gNA==",
- "requires": {
- "loose-envify": "^1.0.0"
- }
- },
"invert-kv": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/invert-kv/-/invert-kv-1.0.0.tgz",
@@ -5394,7 +5335,8 @@
"js-tokens": {
"version": "3.0.2",
"resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-3.0.2.tgz",
- "integrity": "sha1-mGbfOVECEw449/mWvOtlRDIJwls="
+ "integrity": "sha1-mGbfOVECEw449/mWvOtlRDIJwls=",
+ "dev": true
},
"js-yaml": {
"version": "3.5.5",
@@ -5888,14 +5830,6 @@
"resolved": "https://registry.npmjs.org/longest/-/longest-1.0.1.tgz",
"integrity": "sha1-MKCy2jj3N3DoKUoNIuZiXtd9AJc="
},
- "loose-envify": {
- "version": "1.4.0",
- "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz",
- "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==",
- "requires": {
- "js-tokens": "^3.0.0 || ^4.0.0"
- }
- },
"loud-rejection": {
"version": "1.6.0",
"resolved": "https://registry.npmjs.org/loud-rejection/-/loud-rejection-1.6.0.tgz",
@@ -8769,15 +8703,6 @@
"asap": "~2.0.3"
}
},
- "prop-types": {
- "version": "15.6.2",
- "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.6.2.tgz",
- "integrity": "sha512-3pboPvLiWD7dkI3qf3KbUe6hKFKa52w+AE0VCqECtf+QHAKgOL37tTaNCnuX1nAAQ4ZhyP+kYVKf8rLmJ/feDQ==",
- "requires": {
- "loose-envify": "^1.3.1",
- "object-assign": "^4.1.1"
- }
- },
"proxy-addr": {
"version": "2.0.3",
"resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.3.tgz",
@@ -9105,24 +9030,6 @@
}
}
},
- "react-is": {
- "version": "16.7.0",
- "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.7.0.tgz",
- "integrity": "sha512-Z0VRQdF4NPDoI0tsXVMLkJLiwEBa+RP66g0xDHxgxysxSoCUccSten4RTF/UFvZF1dZvZ9Zu1sx+MDXwcOR34g=="
- },
- "react-redux": {
- "version": "6.0.0",
- "resolved": "https://registry.npmjs.org/react-redux/-/react-redux-6.0.0.tgz",
- "integrity": "sha512-EmbC3uLl60pw2VqSSkj6HpZ6jTk12RMrwXMBdYtM6niq0MdEaRq9KYCwpJflkOZj349BLGQm1MI/JO1W96kLWQ==",
- "requires": {
- "@babel/runtime": "^7.2.0",
- "hoist-non-react-statics": "^3.2.1",
- "invariant": "^2.2.4",
- "loose-envify": "^1.4.0",
- "prop-types": "^15.6.2",
- "react-is": "^16.6.3"
- }
- },
"read-only-stream": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/read-only-stream/-/read-only-stream-2.0.0.tgz",
@@ -9221,15 +9128,6 @@
"resolved": "https://registry.npmjs.org/redis-parser/-/redis-parser-2.6.0.tgz",
"integrity": "sha1-Uu0J2srBCPGmMcB+m2mUHnoZUEs="
},
- "redux": {
- "version": "4.0.1",
- "resolved": "https://registry.npmjs.org/redux/-/redux-4.0.1.tgz",
- "integrity": "sha512-R7bAtSkk7nY6O/OYMVR9RiBI+XghjF9rlbl5806HJbQph0LJVHZrU5oaO4q70eUKiqMRqm4y07KLTlMZ2BlVmg==",
- "requires": {
- "loose-envify": "^1.4.0",
- "symbol-observable": "^1.2.0"
- }
- },
"referrer-policy": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/referrer-policy/-/referrer-policy-1.1.0.tgz",
@@ -10304,11 +10202,6 @@
"integrity": "sha1-U10EXOa2Nj+kARcIRimZXp3zJMc=",
"dev": true
},
- "symbol-observable": {
- "version": "1.2.0",
- "resolved": "https://registry.npmjs.org/symbol-observable/-/symbol-observable-1.2.0.tgz",
- "integrity": "sha512-e900nM8RRtGhlV36KGEU9k65K3mPb1WV70OdjfxlG2EAuM1noi/E/BaW/uMhL7bPEssK8QV57vN3esixjUvcXQ=="
- },
"symbol-tree": {
"version": "3.2.2",
"resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.2.tgz",
diff --git a/package.json b/package.json
index e7a2235d..01580c89 100644
--- a/package.json
+++ b/package.json
@@ -24,7 +24,6 @@
"title": "Authelia API documentation"
},
"dependencies": {
- "@types/react-redux": "^6.0.12",
"ajv": "^6.3.0",
"bluebird": "^3.5.0",
"body-parser": "^1.15.2",
@@ -45,7 +44,6 @@
"pug": "^2.0.0-rc.2",
"randomatic": "^3.1.0",
"randomstring": "^1.1.5",
- "react-redux": "^6.0.0",
"redis": "^2.8.0",
"speakeasy": "^2.0.0",
"u2f": "^0.1.2",
diff --git a/server/src/lib/AuthenticationSessionHandler.ts b/server/src/lib/AuthenticationSessionHandler.ts
index 57361bf8..1e54054f 100644
--- a/server/src/lib/AuthenticationSessionHandler.ts
+++ b/server/src/lib/AuthenticationSessionHandler.ts
@@ -1,8 +1,6 @@
import express = require("express");
-import U2f = require("u2f");
-import BluebirdPromise = require("bluebird");
import { AuthenticationSession } from "../../types/AuthenticationSession";
import { IRequestLogger } from "./logging/IRequestLogger";
import { Level } from "./authentication/Level";
@@ -36,7 +34,8 @@ export class AuthenticationSessionHandler {
}
if (!req.session.auth) {
- logger.debug(req, "Authentication session %s was undefined. Resetting.", req.sessionID);
+ logger.debug(req, "Authentication session %s was undefined. Resetting..." +
+ " If it's unexpected, make sure you are visiting the expected domain.", req.sessionID);
AuthenticationSessionHandler.reset(req);
}
diff --git a/server/src/lib/ErrorReplies.ts b/server/src/lib/ErrorReplies.ts
index f1c5f4fd..93bc8984 100644
--- a/server/src/lib/ErrorReplies.ts
+++ b/server/src/lib/ErrorReplies.ts
@@ -1,5 +1,4 @@
import express = require("express");
-import BluebirdPromise = require("bluebird");
import { IRequestLogger } from "./logging/IRequestLogger";
function replyWithError(req: express.Request, res: express.Response,
diff --git a/server/src/lib/FirstFactorValidator.ts b/server/src/lib/FirstFactorValidator.ts
index 23106000..e098b7e9 100644
--- a/server/src/lib/FirstFactorValidator.ts
+++ b/server/src/lib/FirstFactorValidator.ts
@@ -1,7 +1,6 @@
import BluebirdPromise = require("bluebird");
import express = require("express");
-import objectPath = require("object-path");
import Exceptions = require("./Exceptions");
import { AuthenticationSessionHandler } from "./AuthenticationSessionHandler";
import { IRequestLogger } from "./logging/IRequestLogger";
diff --git a/server/src/lib/IdentityCheckMiddleware.spec.ts b/server/src/lib/IdentityCheckMiddleware.spec.ts
index 842ed6bc..b2fc9df7 100644
--- a/server/src/lib/IdentityCheckMiddleware.spec.ts
+++ b/server/src/lib/IdentityCheckMiddleware.spec.ts
@@ -1,24 +1,15 @@
import sinon = require("sinon");
import IdentityValidator = require("./IdentityCheckMiddleware");
-import { AuthenticationSessionHandler }
- from "./AuthenticationSessionHandler";
-import { AuthenticationSession } from "../../types/AuthenticationSession";
-import { UserDataStore } from "./storage/UserDataStore";
import exceptions = require("./Exceptions");
import { ServerVariables } from "./ServerVariables";
import Assert = require("assert");
import express = require("express");
import BluebirdPromise = require("bluebird");
import ExpressMock = require("./stubs/express.spec");
-import NotifierMock = require("./notifiers/NotifierStub.spec");
import { IdentityValidableStub } from "./IdentityValidableStub.spec";
-import { RequestLoggerStub } from "./logging/RequestLoggerStub.spec";
import { ServerVariablesMock, ServerVariablesMockBuilder }
from "./ServerVariablesMockBuilder.spec";
-import { PRE_VALIDATION_TEMPLATE }
- from "./IdentityCheckPreValidationTemplate";
-
describe("IdentityCheckMiddleware", function () {
let req: ExpressMock.RequestMock;
diff --git a/server/src/lib/IdentityCheckMiddleware.ts b/server/src/lib/IdentityCheckMiddleware.ts
index e72ea4db..15605493 100644
--- a/server/src/lib/IdentityCheckMiddleware.ts
+++ b/server/src/lib/IdentityCheckMiddleware.ts
@@ -3,8 +3,6 @@ import randomstring = require("randomstring");
import BluebirdPromise = require("bluebird");
import util = require("util");
import Exceptions = require("./Exceptions");
-import fs = require("fs");
-import ejs = require("ejs");
import { IUserDataStore } from "./storage/IUserDataStore";
import Express = require("express");
import ErrorReplies = require("./ErrorReplies");
@@ -16,16 +14,13 @@ import { IdentityValidable } from "./IdentityValidable";
import Identity = require("../../types/Identity");
import { IdentityValidationDocument }
from "./storage/IdentityValidationDocument";
-
-const filePath = __dirname + "/../resources/email-template.ejs";
-const email_template = fs.readFileSync(filePath, "utf8");
+import { OPERATION_FAILED } from "../../../shared/UserMessages";
function createAndSaveToken(userid: string, challenge: string,
userDataStore: IUserDataStore): BluebirdPromisePress the gold disk to register your security key
+
+ 
+
+