Merge pull request #155 from clems4ever/block-logged-in-page

Block 'already logged in' page to unauthenticated user
2017-10-15 22:03:11 +02:00 · 2017-10-15 22:03:11 +02:00 · 35b66ba630
parent 8fa50482df f2ae1cd044
commit 35b66ba630
2 changed files with 11 additions and 2 deletions
--- a/server/src/lib/routes/loggedin/get.ts
+++ b/server/src/lib/routes/loggedin/get.ts
@ -1,8 +1,13 @@
 import Express = require("express");
 import Endpoints = require("../../../../../shared/api");
+import FirstFactorBlocker from "../FirstFactorBlocker";
+import BluebirdPromise = require("bluebird");

-export default function(req: Express.Request, res: Express.Response) {
+export default FirstFactorBlocker(handler);
+
+function handler(req: Express.Request, res: Express.Response): BluebirdPromise<void> {
  res.render("already-logged-in", {
    logout_endpoint: Endpoints.LOGOUT_GET
  });
-}
+  return BluebirdPromise.resolve();
+}
--- a/server/test/server/PrivatePages.ts
+++ b/server/test/server/PrivatePages.ts
@ -173,6 +173,10 @@ describe("Private pages of the server must not be accessible without session", f
    it("should block " + Endpoints.SECOND_FACTOR_TOTP_POST, function () {
      return should_post_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_TOTP_POST);
    });
+
+    it("should block " + Endpoints.LOGGED_IN, function () {
+      return should_get_and_reply_with_401(BASE_URL + Endpoints.LOGGED_IN);
+    });
  });
 });