1
0
Fork 0

Compare commits

...

4 Commits

Author SHA1 Message Date
Ruben Meyer 5eeee38bbf
web - fix logout while MFA request 2021-08-15 14:30:47 +02:00
Ruben Meyer 8ed3d8cbf5
web - fix login timeout 2021-08-15 14:30:22 +02:00
Ruben Meyer 5457ff3f05
web - add login timeout 2021-08-15 13:32:20 +02:00
Ruben Meyer 44caa9d7ae
web - update UIkit 2021-08-15 13:31:34 +02:00
6 changed files with 30 additions and 6 deletions

View File

@ -23,6 +23,7 @@ module.exports = {
sessionKey: process.env.SESSION_KEY,
cookieKey: process.env.COOKIE_KEY,
registration: false, // false -> no registration
loginTimeout: 300, // 300 seconds -> 5 minutes
cookieMaxAge: 1000*60*60 // one hour (milliseconds*seconds*minutes)
},
app: {

View File

@ -100,6 +100,17 @@ methods.start = () => {
}
app.use(session_handler(session_options));
// login timeout, clear on all requests
app.use((req, res, next) => {
if(req.session && req.session.user && req.session.user.login_timeout) {
if(Date.now() > req.session.user.login_timeout + cfg.web.loginTimeout * 1000) {
res.clearCookie('RememberMe');
req.session.destroy();
}
}
next();
})
// web routes
let mRoutes = require(global['__dirname']+'/bin/web/routes/static');
let mainRoutes = await mRoutes.getRoutes();

View File

@ -1,5 +1,8 @@
var sanitize = require('mongo-sanitize');
var speakeasy = require('speakeasy');
var cfg = require(global['__dirname']+'/bin/config');
let db = global['requireModule']('database');
module.exports = {
@ -23,6 +26,7 @@ module.exports = {
]
}));
}
let mfa = sanitize(req.body.mfa);
user = await db.getUser(req.session.user.id);
@ -74,6 +78,13 @@ module.exports = {
req.session.user.loggedInFull = true;
delete req.session.user.login_step;
delete req.session.user.login_step_type;
delete req.session.user.loginTimeout;
return res.type('json').end(JSON.stringify({
status: 200,
message: 'msg.auth.login.successful',
type: 'form' // TODO: types - { form, access_app}
}));
} else {
req.session.user.login_step++;
req.session.user.login_step_type = user.reply.mfa.data[req.session.user.login_step].type;
@ -175,6 +186,7 @@ module.exports = {
if(!req.session.user.loggedInFull) { // mfa is active
req.session.user.login_step_type = user.reply.mfa.data[0].type;
req.session.user.login_step = 0;
req.session.user.login_timeout = Date.now();
return res.type('json').end(JSON.stringify({
status: 200,

View File

@ -17,8 +17,8 @@ footer
block scripts
//- UIkit JS
script(src="https://cdnjs.cloudflare.com/ajax/libs/uikit/3.1.5/js/uikit.min.js")
script(src="https://cdnjs.cloudflare.com/ajax/libs/uikit/3.1.5/js/uikit-icons.min.js")
script(src="https://cdn.jsdelivr.net/npm/uikit@3.7.2/dist/js/uikit.min.js")
script(src="https://cdn.jsdelivr.net/npm/uikit@3.7.2/dist/js/uikit-icons.min.js")
//- Custom scripts for this template
//script(src="/public/js/locales.js")

View File

@ -12,10 +12,10 @@ head
block css
//- UIkit CSS
link(href="https://cdnjs.cloudflare.com/ajax/libs/uikit/3.1.5/css/uikit.min.css", rel="stylesheet")
link(href="https://cdn.jsdelivr.net/npm/uikit@3.7.2/dist/css/uikit.min.css", rel="stylesheet")
//- Custom Stylesheet
link(href="/res/css/stylesheet.css", rel="stylesheet")
//- Custom fonts for this template
link(href="https://use.fontawesome.com/releases/v5.1.1/css/all.css" integrity="sha384-O8whS3fhG2OnA5Kas0Y9l3cfpmYjapjI0E4theH4iuMD+pLhbf6JI0jIMfYcK3yZ", crossorigin="anonymous", rel="stylesheet")
link(href="https://use.fontawesome.com/releases/v5.15.4/css/all.css" integrity="sha384-DyZ88mC6Up2uqS4h/KRgHuoeGwBcD4Ng9SiP4dIRy0EXTlnuz47vAwmeGwVChigm", crossorigin="anonymous", rel="stylesheet")

View File

@ -1,11 +1,11 @@
extends blocks/layout.pug
append var
if(session && session.user && session.user.loggedInFull)
if(session && session.user)
- var breadcrumb = {0: {"name": cfg.app.name, "href": "/"}, 1: {"name": "Logout", "active": true}};
- var title = "Logout";
append content
if(session && session.user && session.user.loggedInFull)
if(session && session.user)
.uk-flex.uk-margin-medium-top.uk-margin-medium-bottom
div(class="uk-width-auto uk-width-1-4@s")
.uk-flex.uk-flex-auto.uk-flex-column.uk-flex-center.uk-margin-left.uk-margin-right