refactor: force2fa's logical move into the back office

numerique-gouv · Feb 7, 2025 · 70439df · 70439df
1 parent f21dffe
commit 70439df
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 72 deletions.
diff --git a/assets/js/force2fa.js b/assets/js/force2fa.js
diff --git a/src/controllers/2fa.ts b/src/controllers/2fa.ts
@@ -66,47 +66,39 @@ export const getConfiguringSingleUseCodeController = async (
   }
 };
 
-export const postDisableForce2faController = async (
+export const postSetForce2faController = async (
   req: Request,
   res: Response,
   next: NextFunction,
 ) => {
   try {
     const { id: user_id } = getUserFromAuthenticatedSession(req);
+    const { force2fa } = req.body;
 
-    const updatedUser = await disableForce2fa(user_id);
-
-    updateUserInAuthenticatedSession(req, updatedUser);
-    await sendDisable2faMail({ user_id });
-
-    return res.redirect(
-      `/connection-and-account?notification=2fa_successfully_disabled`,
-    );
-  } catch (error) {
-    next(error);
-  }
-};
-
-export const postEnableForce2faController = async (
-  req: Request,
-  res: Response,
-  next: NextFunction,
-) => {
-  try {
-    const { id: user_id } = getUserFromAuthenticatedSession(req);
-
-    const updatedUser = await enableForce2fa(user_id);
+    if (!force2fa || (force2fa !== "enable" && force2fa !== "disable")) {
+      return next(new HttpErrors.BadRequest("Valeur 2FA invalide."));
+    }
 
-    updateUserInAuthenticatedSession(req, updatedUser);
+    let updatedUser;
 
-    return res.redirect(
-      `/connection-and-account?notification=2fa_successfully_enabled`,
-    );
+    if (force2fa === "enable") {
+      updatedUser = await enableForce2fa(user_id);
+      updateUserInAuthenticatedSession(req, updatedUser);
+      return res.redirect(
+        `/connection-and-account?notification=2fa_successfully_enabled`,
+      );
+    } else {
+      updatedUser = await disableForce2fa(user_id);
+      updateUserInAuthenticatedSession(req, updatedUser);
+      await sendDisable2faMail({ user_id });
+      return res.redirect(
+        `/connection-and-account?notification=2fa_successfully_disabled`,
+      );
+    }
   } catch (error) {
     if (error instanceof UserIsNot2faCapableError) {
-      next(new HttpErrors.UnprocessableEntity());
+      return next(new HttpErrors.UnprocessableEntity());
     }
-
     next(error);
   }
 };
diff --git a/src/routers/main.ts b/src/routers/main.ts
@@ -3,8 +3,7 @@ import nocache from "nocache";
 import {
   getConfiguringSingleUseCodeController,
   getDoubleAuthenticationController,
-  postDisableForce2faController,
-  postEnableForce2faController,
+  postSetForce2faController,
 } from "../controllers/2fa";
 import {
   getConnectionAndAccountController,
@@ -110,23 +109,13 @@ export const mainRouter = (app: Express) => {
   );
 
   mainRouter.post(
-    "/disable-force-2fa",
+    "/set-force-2fa",
     rateLimiterMiddleware,
     urlencoded({ extended: false }),
     ejsLayoutMiddlewareFactory(app, true),
     checkUserCanAccessAdminMiddleware,
     csrfProtectionMiddleware,
-    postDisableForce2faController,
-  );
-
-  mainRouter.post(
-    "/enable-force-2fa",
-    rateLimiterMiddleware,
-    urlencoded({ extended: false }),
-    ejsLayoutMiddlewareFactory(app, true),
-    checkUserCanAccessAdminMiddleware,
-    csrfProtectionMiddleware,
-    postEnableForce2faController,
+    postSetForce2faController,
   );
 
   mainRouter.get(

diff --git a/src/views/connection-and-account.ejs b/src/views/connection-and-account.ejs
@@ -135,7 +135,7 @@
         </section>
 
         <% if (locals.is2faCapable) { %>
-            <form class="fr-mt-4w" id="2fa-form" method="post">
+            <form class="fr-mt-4w" id="2fa-form" method="post" action="/set-force-2fa">
                 <input type="hidden" name="_csrf" value="<%= csrfToken; %>">
             
                 <fieldset class="fr-fieldset fr-mb-0" id="radio-hint" aria-labelledby="radio-hint-legend radio-hint-messages">
@@ -164,7 +164,7 @@
                     </div>
                 </fieldset>
             
-                <button class="fr-btn fr-btn--secondary fr-mb-6w" type="submit" id="submit-btn">
+                <button class="fr-btn fr-btn--secondary fr-mb-6w" type="submit">
                     Valider
                 </button>
             </form>
@@ -187,6 +187,5 @@
             </form>
         </section>
         <script type="module" src="<%= js('confirm.js') %>"></script>
-        <script type="module" src="<%= js('force2fa.js') %>"></script>
     </div>
 </div>