]>
Commit | Line | Data |
---|---|---|
56f47830 C |
1 | import express from 'express' |
2 | import { body, param } from 'express-validator' | |
3 | import { HttpStatusCode, UserRight } from '@shared/models' | |
4 | import { exists, isIdValid } from '../../helpers/custom-validators/misc' | |
5 | import { areValidationErrors, checkUserIdExist } from './shared' | |
6 | ||
7 | const requestOrConfirmTwoFactorValidator = [ | |
8 | param('id').custom(isIdValid), | |
9 | ||
10 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
11 | if (areValidationErrors(req, res)) return | |
12 | ||
13 | if (!await checkCanEnableOrDisableTwoFactor(req.params.id, res)) return | |
14 | ||
15 | if (res.locals.user.otpSecret) { | |
16 | return res.fail({ | |
17 | status: HttpStatusCode.BAD_REQUEST_400, | |
18 | message: `Two factor is already enabled.` | |
19 | }) | |
20 | } | |
21 | ||
22 | return next() | |
23 | } | |
24 | ] | |
25 | ||
26 | const confirmTwoFactorValidator = [ | |
27 | body('requestToken').custom(exists), | |
28 | body('otpToken').custom(exists), | |
29 | ||
30 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
31 | if (areValidationErrors(req, res)) return | |
32 | ||
33 | return next() | |
34 | } | |
35 | ] | |
36 | ||
37 | const disableTwoFactorValidator = [ | |
38 | param('id').custom(isIdValid), | |
39 | ||
40 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
41 | if (areValidationErrors(req, res)) return | |
42 | ||
43 | if (!await checkCanEnableOrDisableTwoFactor(req.params.id, res)) return | |
44 | ||
45 | if (!res.locals.user.otpSecret) { | |
46 | return res.fail({ | |
47 | status: HttpStatusCode.BAD_REQUEST_400, | |
48 | message: `Two factor is already disabled.` | |
49 | }) | |
50 | } | |
51 | ||
52 | return next() | |
53 | } | |
54 | ] | |
55 | ||
56 | // --------------------------------------------------------------------------- | |
57 | ||
58 | export { | |
59 | requestOrConfirmTwoFactorValidator, | |
60 | confirmTwoFactorValidator, | |
61 | disableTwoFactorValidator | |
62 | } | |
63 | ||
64 | // --------------------------------------------------------------------------- | |
65 | ||
66 | async function checkCanEnableOrDisableTwoFactor (userId: number | string, res: express.Response) { | |
67 | const authUser = res.locals.oauth.token.user | |
68 | ||
69 | if (!await checkUserIdExist(userId, res)) return | |
70 | ||
71 | if (res.locals.user.id !== authUser.id && authUser.hasRight(UserRight.MANAGE_USERS) !== true) { | |
72 | res.fail({ | |
73 | status: HttpStatusCode.FORBIDDEN_403, | |
74 | message: `User ${authUser.username} does not have right to change two factor setting of this user.` | |
75 | }) | |
76 | ||
77 | return false | |
78 | } | |
79 | ||
80 | return true | |
81 | } |