diff --git a/services/web/app/coffee/Features/SudoMode/SudoModeMiddlewear.coffee b/services/web/app/coffee/Features/SudoMode/SudoModeMiddlewear.coffee new file mode 100644 index 0000000000..62516f0d34 --- /dev/null +++ b/services/web/app/coffee/Features/SudoMode/SudoModeMiddlewear.coffee @@ -0,0 +1,21 @@ +logger = require 'logger-sharelatex' +SudoModeHandler = require './SudoModeHandler' +AuthenticationController = require '../Authentication/AuthenticationController' + + +module.exports = SudoModeMiddlewear = + + protectPage: (req, res, next) -> + userId = AuthenticationController.getLoggedInUserId(req) + logger.log {userId}, "[SudoMode] protecting endpoint, checking if sudo mode is active" + SudoModeHandler.isSudoModeActive userId, (err, isActive) -> + if err? + logger.err {err, userId}, "[SudoMode] error checking if sudo mode is active" + return next(err) + if isActive + logger.log {userId}, "[SudoMode] sudo mode active, continuing" + return next() + else + logger.log {userId}, "[SudoMode] sudo mode not active, redirecting" + AuthenticationController._setRedirectInSession(req) + return res.redirect('/confirm-password') diff --git a/services/web/app/coffee/router.coffee b/services/web/app/coffee/router.coffee index ff5cd4b64c..5bbc416581 100644 --- a/services/web/app/coffee/router.coffee +++ b/services/web/app/coffee/router.coffee @@ -39,6 +39,7 @@ ReferencesController = require('./Features/References/ReferencesController') AuthorizationMiddlewear = require('./Features/Authorization/AuthorizationMiddlewear') BetaProgramController = require('./Features/BetaProgram/BetaProgramController') SudoModeController = require('./Features/SudoMode/SudoModeController') +SudoModeMiddlewear = require('./Features/SudoMode/SudoModeMiddlewear') AnalyticsRouter = require('./Features/Analytics/AnalyticsRouter') AnnouncementsController = require("./Features/Announcements/AnnouncementsController") @@ -86,7 +87,10 @@ module.exports = class Router webRouter.get '/user/activate', UserPagesController.activateAccountPage AuthenticationController.addEndpointToLoginWhitelist '/user/activate' - webRouter.get '/user/settings', AuthenticationController.requireLogin(), UserPagesController.settingsPage + webRouter.get '/user/settings', + AuthenticationController.requireLogin(), + SudoModeMiddlewear.protectPage, + UserPagesController.settingsPage webRouter.post '/user/settings', AuthenticationController.requireLogin(), UserController.updateUserSettings webRouter.post '/user/password/update', AuthenticationController.requireLogin(), UserController.changePassword