From 30a10d35a8406f4af96fcc8200c4e2173856837d Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Mon, 12 Dec 2016 08:16:10 -0500
Subject: PLT-4767 Implement MFA Enforcement (#4662)

* Create MFA setup page and remove MFA setup from account settings modal

* Add enforce MFA to system console and force redirect

* Lockdown mfa required API routes, add localization, other changes

* Minor fixes

* Fix typo

* Fix some unit tests

* Fix more unit tests

* Minor fix

* Updating UI for MFA screen (#4670)

* Updating UI for MFA screen

* Updating styles for MFA page

* Add the ability to switch between email/sso with MFA enabled

* Added mfa change email

* Minor UI updates for MFA enforcement

* Fix unit test

* Fix client unit test

* Allow switching email to ldap and back when MFA is enabled

* Fix unit test

* Revert config.json
---
 webapp/routes/route_root.jsx | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

(limited to 'webapp/routes/route_root.jsx')

diff --git a/webapp/routes/route_root.jsx b/webapp/routes/route_root.jsx
index 9d64c6012..f72e35302 100644
--- a/webapp/routes/route_root.jsx
+++ b/webapp/routes/route_root.jsx
@@ -6,14 +6,18 @@ import * as RouteUtils from 'routes/route_utils.jsx';
 import Root from 'components/root.jsx';
 
 import claimAccountRoute from 'routes/route_claim.jsx';
+import mfaRoute from 'routes/route_mfa.jsx';
 import createTeamRoute from 'routes/route_create_team.jsx';
 import teamRoute from 'routes/route_team.jsx';
 import helpRoute from 'routes/route_help.jsx';
 
 import BrowserStore from 'stores/browser_store.jsx';
 import ErrorStore from 'stores/error_store.jsx';
+import UserStore from 'stores/user_store.jsx';
 import * as UserAgent from 'utils/user_agent.jsx';
 
+import {browserHistory} from 'react-router/es6';
+
 function preLogin(nextState, replace, callback) {
     // redirect to the mobile landing page if the user hasn't seen it before
     if (window.mm_config.IosAppDownloadLink && UserAgent.isIosWeb() && !BrowserStore.hasSeenLandingPage()) {
@@ -27,7 +31,30 @@ function preLogin(nextState, replace, callback) {
     callback();
 }
 
+const mfaPaths = [
+    '/mfa/setup',
+    '/mfa/confirm'
+];
+
+const mfaAuthServices = [
+    '',
+    'email',
+    'ldap'
+];
+
 function preLoggedIn(nextState, replace, callback) {
+    if (window.mm_license.MFA === 'true' &&
+            window.mm_config.EnableMultifactorAuthentication === 'true' &&
+            window.mm_config.EnforceMultifactorAuthentication === 'true' &&
+            mfaPaths.indexOf(nextState.location.pathname) === -1) {
+        const user = UserStore.getCurrentUser();
+        if (user && !user.mfa_active &&
+                mfaAuthServices.indexOf(user.auth_service) !== -1) {
+            browserHistory.push('/mfa/setup');
+            return;
+        }
+    }
+
     ErrorStore.clearLastError();
     callback();
 }
@@ -154,7 +181,8 @@ export default {
                                 ]
                             )
                         },
-                        teamRoute
+                        teamRoute,
+                        mfaRoute
                     ]
                 )
             },
-- 
cgit v1.2.3-1-g7c22