aboutsummaryrefslogblamecommitdiffhomepage
path: root/server/middlewares/validators/two-factor.ts
blob: 106b579b5d1690df1eaafe368488024593a474c0 (plain) (tree)
















































































                                                                                                         
import express from 'express'
import { body, param } from 'express-validator'
import { HttpStatusCode, UserRight } from '@shared/models'
import { exists, isIdValid } from '../../helpers/custom-validators/misc'
import { areValidationErrors, checkUserIdExist } from './shared'

const requestOrConfirmTwoFactorValidator = [
  param('id').custom(isIdValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    if (!await checkCanEnableOrDisableTwoFactor(req.params.id, res)) return

    if (res.locals.user.otpSecret) {
      return res.fail({
        status: HttpStatusCode.BAD_REQUEST_400,
        message: `Two factor is already enabled.`
      })
    }

    return next()
  }
]

const confirmTwoFactorValidator = [
  body('requestToken').custom(exists),
  body('otpToken').custom(exists),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    return next()
  }
]

const disableTwoFactorValidator = [
  param('id').custom(isIdValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    if (!await checkCanEnableOrDisableTwoFactor(req.params.id, res)) return

    if (!res.locals.user.otpSecret) {
      return res.fail({
        status: HttpStatusCode.BAD_REQUEST_400,
        message: `Two factor is already disabled.`
      })
    }

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  requestOrConfirmTwoFactorValidator,
  confirmTwoFactorValidator,
  disableTwoFactorValidator
}

// ---------------------------------------------------------------------------

async function checkCanEnableOrDisableTwoFactor (userId: number | string, res: express.Response) {
  const authUser = res.locals.oauth.token.user

  if (!await checkUserIdExist(userId, res)) return

  if (res.locals.user.id !== authUser.id && authUser.hasRight(UserRight.MANAGE_USERS) !== true) {
    res.fail({
      status: HttpStatusCode.FORBIDDEN_403,
      message: `User ${authUser.username} does not have right to change two factor setting of this user.`
    })

    return false
  }

  return true
}