Block 'already logged in' page to unauthenticated user

This commit is contained in:
Clement Michaud 2017-10-15 21:51:21 +02:00
parent 8fa50482df
commit f2ae1cd044
2 changed files with 11 additions and 2 deletions

View File

@ -1,8 +1,13 @@
import Express = require("express");
import Endpoints = require("../../../../../shared/api");
import FirstFactorBlocker from "../FirstFactorBlocker";
import BluebirdPromise = require("bluebird");
export default function(req: Express.Request, res: Express.Response) {
export default FirstFactorBlocker(handler);
function handler(req: Express.Request, res: Express.Response): BluebirdPromise<void> {
res.render("already-logged-in", {
logout_endpoint: Endpoints.LOGOUT_GET
});
return BluebirdPromise.resolve();
}

View File

@ -173,6 +173,10 @@ describe("Private pages of the server must not be accessible without session", f
it("should block " + Endpoints.SECOND_FACTOR_TOTP_POST, function () {
return should_post_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_TOTP_POST);
});
it("should block " + Endpoints.LOGGED_IN, function () {
return should_get_and_reply_with_401(BASE_URL + Endpoints.LOGGED_IN);
});
});
});