authelia/internal/middlewares/require_authentication_leve...

package middlewares

import (
	"github.com/valyala/fasthttp"

	"github.com/authelia/authelia/v4/internal/authentication"
)

// Require1FA requires the user to have authenticated with at least one-factor authentication (i.e. password).
func Require1FA(next RequestHandler) RequestHandler {
	return func(ctx *AutheliaCtx) {
		if ctx.GetSession().AuthenticationLevel < authentication.OneFactor {
			ctx.ReplyForbidden()
			return
		}

		next(ctx)
	}
}

// Require2FA requires the user to have authenticated with two-factor authentication.
func Require2FA(next RequestHandler) RequestHandler {
	return func(ctx *AutheliaCtx) {
		if ctx.GetSession().AuthenticationLevel < authentication.TwoFactor {
			ctx.ReplyForbidden()
			return
		}

		next(ctx)
	}
}

// Require2FAWithAPIResponse requires the user to have authenticated with two-factor authentication.
func Require2FAWithAPIResponse(next RequestHandler) RequestHandler {
	return func(ctx *AutheliaCtx) {
		if ctx.GetSession().AuthenticationLevel < authentication.TwoFactor {
			ctx.SetAuthenticationErrorJSON(fasthttp.StatusForbidden, "Authentication Required.", true, false)
			return
		}

		next(ctx)
	}
}
feat: move webauthn device enrollment flow to new settings ui (#4376) The current 2-factor authentication method registration flow requires email verification for both initial 2FA registration, and 2FA re-registration even if the user is already logged in with 2FA. This change removes email ID verification for users who are already logged in with 2-factor authentication. Users who have only completed first factor authentication (password) are still required to complete email ID verification. 2022-11-19 05:48:47 +00:00			`package middlewares`

			`import (`
refactor: 2fa api 2022-12-31 07:48:43 +00:00			`"github.com/valyala/fasthttp"`

feat: move webauthn device enrollment flow to new settings ui (#4376) The current 2-factor authentication method registration flow requires email verification for both initial 2FA registration, and 2FA re-registration even if the user is already logged in with 2FA. This change removes email ID verification for users who are already logged in with 2-factor authentication. Users who have only completed first factor authentication (password) are still required to complete email ID verification. 2022-11-19 05:48:47 +00:00			`"github.com/authelia/authelia/v4/internal/authentication"`
			`)`

			`// Require1FA requires the user to have authenticated with at least one-factor authentication (i.e. password).`
			`func Require1FA(next RequestHandler) RequestHandler {`
			`return func(ctx *AutheliaCtx) {`
			`if ctx.GetSession().AuthenticationLevel < authentication.OneFactor {`
			`ctx.ReplyForbidden()`
			`return`
			`}`

			`next(ctx)`
			`}`
			`}`

			`// Require2FA requires the user to have authenticated with two-factor authentication.`
			`func Require2FA(next RequestHandler) RequestHandler {`
			`return func(ctx *AutheliaCtx) {`
			`if ctx.GetSession().AuthenticationLevel < authentication.TwoFactor {`
			`ctx.ReplyForbidden()`
			`return`
			`}`

			`next(ctx)`
			`}`
			`}`
refactor: 2fa api 2022-12-31 07:48:43 +00:00
			`// Require2FAWithAPIResponse requires the user to have authenticated with two-factor authentication.`
			`func Require2FAWithAPIResponse(next RequestHandler) RequestHandler {`
			`return func(ctx *AutheliaCtx) {`
			`if ctx.GetSession().AuthenticationLevel < authentication.TwoFactor {`
			`ctx.SetAuthenticationErrorJSON(fasthttp.StatusForbidden, "Authentication Required.", true, false)`
			`return`
			`}`

			`next(ctx)`
			`}`
			`}`