Fix MFA enforcement redirect loop (#4991)

3 files changed, 34 insertions, 22 deletions

diff --git a/webapp/routes/route_root.jsx b/webapp/routes/route_root.jsx
index f72e35302..cd0cb9a5d 100644
--- a/webapp/routes/route_root.jsx
+++ b/webapp/routes/route_root.jsx
@@ -13,7 +13,6 @@ import helpRoute from 'routes/route_help.jsx';
 
 import BrowserStore from 'stores/browser_store.jsx';
 import ErrorStore from 'stores/error_store.jsx';
-import UserStore from 'stores/user_store.jsx';
 import * as UserAgent from 'utils/user_agent.jsx';
 
 import {browserHistory} from 'react-router/es6';
@@ -31,28 +30,10 @@ function preLogin(nextState, replace, callback) {
     callback();
 }
 
-const mfaPaths = [
-    '/mfa/setup',
-    '/mfa/confirm'
-];
-
-const mfaAuthServices = [
-    '',
-    'email',
-    'ldap'
-];
-
 function preLoggedIn(nextState, replace, callback) {
-    if (window.mm_license.MFA === 'true' &&
-            window.mm_config.EnableMultifactorAuthentication === 'true' &&
-            window.mm_config.EnforceMultifactorAuthentication === 'true' &&
-            mfaPaths.indexOf(nextState.location.pathname) === -1) {
-        const user = UserStore.getCurrentUser();
-        if (user && !user.mfa_active &&
-                mfaAuthServices.indexOf(user.auth_service) !== -1) {
-            browserHistory.push('/mfa/setup');
-            return;
-        }
+    if (RouteUtils.checkIfMFARequired(nextState)) {
+        browserHistory.push('/mfa/setup');
+        return;
     }
 
     ErrorStore.clearLastError();
diff --git a/webapp/routes/route_team.jsx b/webapp/routes/route_team.jsx
index 8416b91c0..4cc85c81b 100644
--- a/webapp/routes/route_team.jsx
+++ b/webapp/routes/route_team.jsx
@@ -61,6 +61,11 @@ function doChannelChange(state, replace, callback) {
 }
 
 function preNeedsTeam(nextState, replace, callback) {
+    if (RouteUtils.checkIfMFARequired(nextState)) {
+        browserHistory.push('/mfa/setup');
+        return;
+    }
+
     // First check to make sure you're in the current team
     // for the current url.
     const teamName = nextState.params.team;
diff --git a/webapp/routes/route_utils.jsx b/webapp/routes/route_utils.jsx
index f3a159cbc..f36d7bcd8 100644
--- a/webapp/routes/route_utils.jsx
+++ b/webapp/routes/route_utils.jsx
@@ -2,6 +2,7 @@
 // See License.txt for license information.
 
 import * as Utils from 'utils/utils.jsx';
+import UserStore from 'stores/user_store.jsx';
 
 export function importComponentSuccess(callback) {
     return (comp) => callback(null, comp.default);
@@ -18,3 +19,28 @@ export const notFoundParams = {
     linkmessage: Utils.localizeMessage('error.not_found.link_message', 'Back to Mattermost')
 };
 
+const mfaPaths = [
+    '/mfa/setup',
+    '/mfa/confirm'
+];
+
+const mfaAuthServices = [
+    '',
+    'email',
+    'ldap'
+];
+
+export function checkIfMFARequired(state) {
+    if (window.mm_license.MFA === 'true' &&
+            window.mm_config.EnableMultifactorAuthentication === 'true' &&
+            window.mm_config.EnforceMultifactorAuthentication === 'true' &&
+            mfaPaths.indexOf(state.location.pathname) === -1) {
+        const user = UserStore.getCurrentUser();
+        if (user && !user.mfa_active &&
+                mfaAuthServices.indexOf(user.auth_service) !== -1) {
+            return true;
+        }
+    }
+
+    return false;
+}