PLT-4767 Implement MFA Enforcement (#4662)

* Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
author: Joram Wilander <jwawilander@gmail.com> 2016-12-12 08:16:10 -0500
committer: enahum <nahumhbl@gmail.com> 2016-12-12 10:16:10 -0300
commit: 30a10d35a8406f4af96fcc8200c4e2173856837d (patch)
tree: a2cc82592b3c7f6b6901d64fb4a3003180b7b154 /webapp/routes
parent: f0d71d87899967335210b9130a7e2b8d180bef46 (diff)
download: chat-30a10d35a8406f4af96fcc8200c4e2173856837d.tar.gz
chat-30a10d35a8406f4af96fcc8200c4e2173856837d.tar.bz2
chat-30a10d35a8406f4af96fcc8200c4e2173856837d.zip
3 files changed, 58 insertions, 1 deletions
diff --git a/webapp/routes/route_admin_console.jsx b/webapp/routes/route_admin_console.jsx
index a67cb3e83..5b0f5d28e 100644
--- a/webapp/routes/route_admin_console.jsx
+++ b/webapp/routes/route_admin_console.jsx
@@ -21,6 +21,7 @@ import ClusterSettings from 'components/admin_console/cluster_settings.jsx';
 import MetricsSettings from 'components/admin_console/metrics_settings.jsx';
 import SignupSettings from 'components/admin_console/signup_settings.jsx';
 import PasswordSettings from 'components/admin_console/password_settings.jsx';
+import MfaSettings from 'components/admin_console/mfa_settings.jsx';
 import PublicLinkSettings from 'components/admin_console/public_link_settings.jsx';
 import SessionSettings from 'components/admin_console/session_settings.jsx';
 import ConnectionSettings from 'components/admin_console/connection_settings.jsx';
@@ -104,6 +105,10 @@ export default (
                 path='saml'
                 component={SamlSettings}
             />
+            <Route
+                path='mfa'
+                component={MfaSettings}
+            />
         </Route>
         <Route path='security'>
             <IndexRedirect to='sign_up'/>
diff --git a/webapp/routes/route_mfa.jsx b/webapp/routes/route_mfa.jsx
new file mode 100644
index 000000000..517d3802e
--- /dev/null
+++ b/webapp/routes/route_mfa.jsx
@@ -0,0 +1,24 @@
+import * as RouteUtils from 'routes/route_utils.jsx';
+
+export default {
+    path: 'mfa',
+    getComponents: (location, callback) => {
+        System.import('components/mfa/mfa_controller.jsx').then(RouteUtils.importComponentSuccess(callback));
+    },
+    getChildRoutes: RouteUtils.createGetChildComponentsFunction(
+        [
+            {
+                path: 'setup',
+                getComponents: (location, callback) => {
+                    System.import('components/mfa/components/setup.jsx').then(RouteUtils.importComponentSuccess(callback));
+                }
+            },
+            {
+                path: 'confirm',
+                getComponents: (location, callback) => {
+                    System.import('components/mfa/components/confirm.jsx').then(RouteUtils.importComponentSuccess(callback));
+                }
+            }
+        ]
+    )
+};
diff --git a/webapp/routes/route_root.jsx b/webapp/routes/route_root.jsx
index 9d64c6012..f72e35302 100644
--- a/webapp/routes/route_root.jsx
+++ b/webapp/routes/route_root.jsx
@@ -6,14 +6,18 @@ import * as RouteUtils from 'routes/route_utils.jsx';
 import Root from 'components/root.jsx';
 
 import claimAccountRoute from 'routes/route_claim.jsx';
+import mfaRoute from 'routes/route_mfa.jsx';
 import createTeamRoute from 'routes/route_create_team.jsx';
 import teamRoute from 'routes/route_team.jsx';
 import helpRoute from 'routes/route_help.jsx';
 
 import BrowserStore from 'stores/browser_store.jsx';
 import ErrorStore from 'stores/error_store.jsx';
+import UserStore from 'stores/user_store.jsx';
 import * as UserAgent from 'utils/user_agent.jsx';
 
+import {browserHistory} from 'react-router/es6';
+
 function preLogin(nextState, replace, callback) {
     // redirect to the mobile landing page if the user hasn't seen it before
     if (window.mm_config.IosAppDownloadLink && UserAgent.isIosWeb() && !BrowserStore.hasSeenLandingPage()) {
@@ -27,7 +31,30 @@ function preLogin(nextState, replace, callback) {
     callback();
 }
 
+const mfaPaths = [
+    '/mfa/setup',
+    '/mfa/confirm'
+];
+
+const mfaAuthServices = [
+    '',
+    'email',
+    'ldap'
+];
+
 function preLoggedIn(nextState, replace, callback) {
+    if (window.mm_license.MFA === 'true' &&
+            window.mm_config.EnableMultifactorAuthentication === 'true' &&
+            window.mm_config.EnforceMultifactorAuthentication === 'true' &&
+            mfaPaths.indexOf(nextState.location.pathname) === -1) {
+        const user = UserStore.getCurrentUser();
+        if (user && !user.mfa_active &&
+                mfaAuthServices.indexOf(user.auth_service) !== -1) {
+            browserHistory.push('/mfa/setup');
+            return;
+        }
+    }
+
     ErrorStore.clearLastError();
     callback();
 }
@@ -154,7 +181,8 @@ export default {
                                 ]
                             )
                         },
-                        teamRoute
+                        teamRoute,
+                        mfaRoute
                     ]
                 )
             },
author	Joram Wilander <jwawilander@gmail.com>	2016-12-12 08:16:10 -0500
committer	enahum <nahumhbl@gmail.com>	2016-12-12 10:16:10 -0300
commit	30a10d35a8406f4af96fcc8200c4e2173856837d (patch)
tree	a2cc82592b3c7f6b6901d64fb4a3003180b7b154 /webapp/routes
parent	f0d71d87899967335210b9130a7e2b8d180bef46 (diff)
download	chat-30a10d35a8406f4af96fcc8200c4e2173856837d.tar.gz chat-30a10d35a8406f4af96fcc8200c4e2173856837d.tar.bz2 chat-30a10d35a8406f4af96fcc8200c4e2173856837d.zip