Browse Source

web - add login timeout

master
Ruben Meyer 5 months ago
parent
commit
5457ff3f05
Signed by: rxbn_ GPG Key ID: BE3BF898BE352FE2
  1. 1
      bin/config.js
  2. 21
      bin/web/routes/api/login.js

1
bin/config.js

@ -23,6 +23,7 @@ module.exports = {
sessionKey: process.env.SESSION_KEY,
cookieKey: process.env.COOKIE_KEY,
registration: false, // false -> no registration
loginTimeout: 300, // 300 seconds -> 5 minutes
cookieMaxAge: 1000*60*60 // one hour (milliseconds*seconds*minutes)
},
app: {

21
bin/web/routes/api/login.js

@ -1,5 +1,8 @@
var sanitize = require('mongo-sanitize');
var speakeasy = require('speakeasy');
var cfg = require(global['__dirname']+'/bin/config');
let db = global['requireModule']('database');
module.exports = {
@ -23,6 +26,16 @@ module.exports = {
]
}));
}
if(Date.now() > req.session.user.loginTimeout + cfg.web.loginTimeout) {
res.clearCookie('RememberMe');
req.session.destroy();
return res.type('json').status(401).end(JSON.stringify({
status: 401,
message: 'msg.auth.login.failed'
}));
}
let mfa = sanitize(req.body.mfa);
user = await db.getUser(req.session.user.id);
@ -74,6 +87,13 @@ module.exports = {
req.session.user.loggedInFull = true;
delete req.session.user.login_step;
delete req.session.user.login_step_type;
delete req.session.user.loginTimeout;
return res.type('json').end(JSON.stringify({
status: 200,
message: 'msg.auth.login.successful',
type: 'form' // TODO: types - { form, access_app}
}));
} else {
req.session.user.login_step++;
req.session.user.login_step_type = user.reply.mfa.data[req.session.user.login_step].type;
@ -175,6 +195,7 @@ module.exports = {
if(!req.session.user.loggedInFull) { // mfa is active
req.session.user.login_step_type = user.reply.mfa.data[0].type;
req.session.user.login_step = 0;
req.session.user.login_timeout = Date.now();
return res.type('json').end(JSON.stringify({
status: 200,

Loading…
Cancel
Save