From 30a10d35a8406f4af96fcc8200c4e2173856837d Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Mon, 12 Dec 2016 08:16:10 -0500
Subject: PLT-4767 Implement MFA Enforcement (#4662)

* Create MFA setup page and remove MFA setup from account settings modal

* Add enforce MFA to system console and force redirect

* Lockdown mfa required API routes, add localization, other changes

* Minor fixes

* Fix typo

* Fix some unit tests

* Fix more unit tests

* Minor fix

* Updating UI for MFA screen (#4670)

* Updating UI for MFA screen

* Updating styles for MFA page

* Add the ability to switch between email/sso with MFA enabled

* Added mfa change email

* Minor UI updates for MFA enforcement

* Fix unit test

* Fix client unit test

* Allow switching email to ldap and back when MFA is enabled

* Fix unit test

* Revert config.json
---
 webapp/routes/route_admin_console.jsx |  5 +++++
 webapp/routes/route_mfa.jsx           | 24 ++++++++++++++++++++++++
 webapp/routes/route_root.jsx          | 30 +++++++++++++++++++++++++++++-
 3 files changed, 58 insertions(+), 1 deletion(-)
 create mode 100644 webapp/routes/route_mfa.jsx

(limited to 'webapp/routes')

diff --git a/webapp/routes/route_admin_console.jsx b/webapp/routes/route_admin_console.jsx
index a67cb3e83..5b0f5d28e 100644
--- a/webapp/routes/route_admin_console.jsx
+++ b/webapp/routes/route_admin_console.jsx
@@ -21,6 +21,7 @@ import ClusterSettings from 'components/admin_console/cluster_settings.jsx';
 import MetricsSettings from 'components/admin_console/metrics_settings.jsx';
 import SignupSettings from 'components/admin_console/signup_settings.jsx';
 import PasswordSettings from 'components/admin_console/password_settings.jsx';
+import MfaSettings from 'components/admin_console/mfa_settings.jsx';
 import PublicLinkSettings from 'components/admin_console/public_link_settings.jsx';
 import SessionSettings from 'components/admin_console/session_settings.jsx';
 import ConnectionSettings from 'components/admin_console/connection_settings.jsx';
@@ -104,6 +105,10 @@ export default (
                 path='saml'
                 component={SamlSettings}
             />
+            <Route
+                path='mfa'
+                component={MfaSettings}
+            />
         </Route>
         <Route path='security'>
             <IndexRedirect to='sign_up'/>
diff --git a/webapp/routes/route_mfa.jsx b/webapp/routes/route_mfa.jsx
new file mode 100644
index 000000000..517d3802e
--- /dev/null
+++ b/webapp/routes/route_mfa.jsx
@@ -0,0 +1,24 @@
+import * as RouteUtils from 'routes/route_utils.jsx';
+
+export default {
+    path: 'mfa',
+    getComponents: (location, callback) => {
+        System.import('components/mfa/mfa_controller.jsx').then(RouteUtils.importComponentSuccess(callback));
+    },
+    getChildRoutes: RouteUtils.createGetChildComponentsFunction(
+        [
+            {
+                path: 'setup',
+                getComponents: (location, callback) => {
+                    System.import('components/mfa/components/setup.jsx').then(RouteUtils.importComponentSuccess(callback));
+                }
+            },
+            {
+                path: 'confirm',
+                getComponents: (location, callback) => {
+                    System.import('components/mfa/components/confirm.jsx').then(RouteUtils.importComponentSuccess(callback));
+                }
+            }
+        ]
+    )
+};
diff --git a/webapp/routes/route_root.jsx b/webapp/routes/route_root.jsx
index 9d64c6012..f72e35302 100644
--- a/webapp/routes/route_root.jsx
+++ b/webapp/routes/route_root.jsx
@@ -6,14 +6,18 @@ import * as RouteUtils from 'routes/route_utils.jsx';
 import Root from 'components/root.jsx';
 
 import claimAccountRoute from 'routes/route_claim.jsx';
+import mfaRoute from 'routes/route_mfa.jsx';
 import createTeamRoute from 'routes/route_create_team.jsx';
 import teamRoute from 'routes/route_team.jsx';
 import helpRoute from 'routes/route_help.jsx';
 
 import BrowserStore from 'stores/browser_store.jsx';
 import ErrorStore from 'stores/error_store.jsx';
+import UserStore from 'stores/user_store.jsx';
 import * as UserAgent from 'utils/user_agent.jsx';
 
+import {browserHistory} from 'react-router/es6';
+
 function preLogin(nextState, replace, callback) {
     // redirect to the mobile landing page if the user hasn't seen it before
     if (window.mm_config.IosAppDownloadLink && UserAgent.isIosWeb() && !BrowserStore.hasSeenLandingPage()) {
@@ -27,7 +31,30 @@ function preLogin(nextState, replace, callback) {
     callback();
 }
 
+const mfaPaths = [
+    '/mfa/setup',
+    '/mfa/confirm'
+];
+
+const mfaAuthServices = [
+    '',
+    'email',
+    'ldap'
+];
+
 function preLoggedIn(nextState, replace, callback) {
+    if (window.mm_license.MFA === 'true' &&
+            window.mm_config.EnableMultifactorAuthentication === 'true' &&
+            window.mm_config.EnforceMultifactorAuthentication === 'true' &&
+            mfaPaths.indexOf(nextState.location.pathname) === -1) {
+        const user = UserStore.getCurrentUser();
+        if (user && !user.mfa_active &&
+                mfaAuthServices.indexOf(user.auth_service) !== -1) {
+            browserHistory.push('/mfa/setup');
+            return;
+        }
+    }
+
     ErrorStore.clearLastError();
     callback();
 }
@@ -154,7 +181,8 @@ export default {
                                 ]
                             )
                         },
-                        teamRoute
+                        teamRoute,
+                        mfaRoute
                     ]
                 )
             },
-- 
cgit v1.2.3-1-g7c22