From f2ae1cd044eeed8a6192ce6ad78e75ed4f5f6dcb Mon Sep 17 00:00:00 2001 From: Clement Michaud Date: Sun, 15 Oct 2017 21:51:21 +0200 Subject: [PATCH] Block 'already logged in' page to unauthenticated user --- server/src/lib/routes/loggedin/get.ts | 9 +++++++-- server/test/server/PrivatePages.ts | 4 ++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/server/src/lib/routes/loggedin/get.ts b/server/src/lib/routes/loggedin/get.ts index 0a9910a92..9473cc641 100644 --- a/server/src/lib/routes/loggedin/get.ts +++ b/server/src/lib/routes/loggedin/get.ts @@ -1,8 +1,13 @@ import Express = require("express"); import Endpoints = require("../../../../../shared/api"); +import FirstFactorBlocker from "../FirstFactorBlocker"; +import BluebirdPromise = require("bluebird"); -export default function(req: Express.Request, res: Express.Response) { +export default FirstFactorBlocker(handler); + +function handler(req: Express.Request, res: Express.Response): BluebirdPromise { res.render("already-logged-in", { logout_endpoint: Endpoints.LOGOUT_GET }); -} \ No newline at end of file + return BluebirdPromise.resolve(); +} diff --git a/server/test/server/PrivatePages.ts b/server/test/server/PrivatePages.ts index 35cf758c6..8fd9f698a 100644 --- a/server/test/server/PrivatePages.ts +++ b/server/test/server/PrivatePages.ts @@ -173,6 +173,10 @@ describe("Private pages of the server must not be accessible without session", f it("should block " + Endpoints.SECOND_FACTOR_TOTP_POST, function () { return should_post_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_TOTP_POST); }); + + it("should block " + Endpoints.LOGGED_IN, function () { + return should_get_and_reply_with_401(BASE_URL + Endpoints.LOGGED_IN); + }); }); });