mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
The possible values for ACL policies are now: bypass, one_factor, two_factor, deny. This change also deprecate auth_methods because the method is now associated directly to a resource in the ACLs instead of a domain.
43 lines
1.8 KiB
TypeScript
43 lines
1.8 KiB
TypeScript
import Bluebird = require("bluebird");
|
|
import Express = require("express");
|
|
|
|
import { TOTPSecretDocument } from "../../../../storage/TOTPSecretDocument";
|
|
import Endpoints = require("../../../../../../../shared/api");
|
|
import Redirect from "../../redirect";
|
|
import ErrorReplies = require("../../../../ErrorReplies");
|
|
import { AuthenticationSessionHandler } from "../../../../AuthenticationSessionHandler";
|
|
import { AuthenticationSession } from "../../../../../../types/AuthenticationSession";
|
|
import UserMessages = require("../../../../../../../shared/UserMessages");
|
|
import { ServerVariables } from "../../../../ServerVariables";
|
|
import { Level } from "../../../../authentication/Level";
|
|
|
|
const UNAUTHORIZED_MESSAGE = "Unauthorized access";
|
|
|
|
export default function (vars: ServerVariables) {
|
|
function handler(req: Express.Request, res: Express.Response): Bluebird<void> {
|
|
let authSession: AuthenticationSession;
|
|
const token = req.body.token;
|
|
|
|
return new Bluebird(function (resolve, reject) {
|
|
authSession = AuthenticationSessionHandler.get(req, vars.logger);
|
|
vars.logger.info(req, "Initiate TOTP validation for user \"%s\".", authSession.userid);
|
|
resolve();
|
|
})
|
|
.then(function () {
|
|
return vars.userDataStore.retrieveTOTPSecret(authSession.userid);
|
|
})
|
|
.then(function (doc: TOTPSecretDocument) {
|
|
if (!vars.totpHandler.validate(token, doc.secret.base32))
|
|
return Bluebird.reject(new Error("Invalid TOTP token."));
|
|
|
|
vars.logger.debug(req, "TOTP validation succeeded.");
|
|
authSession.authentication_level = Level.TWO_FACTOR;
|
|
Redirect(vars)(req, res);
|
|
return Bluebird.resolve();
|
|
})
|
|
.catch(ErrorReplies.replyWithError200(req, res, vars.logger,
|
|
UserMessages.OPERATION_FAILED));
|
|
}
|
|
return handler;
|
|
}
|