fix: have adjustRelogin only function for cold loads, use client-side hook for relogin hijack on ajaxify instead

julianlam · julianlam · commit aac99973716e · 2024-04-02T11:43:35.000-04:00
diff --git a/lib/controllers.js b/lib/controllers.js
@@ -70,7 +70,7 @@ Controllers.renderTotpChallenge = async (req, res, next) => {
 	const uid = res.locals['2factor'] || req.uid;
 	const single = parseInt(req.query.single, 10) === 1;
 
-	if (req.session.tfa === true && ((req.query.next && !req.query.next.startsWith('/admin')) || !req.session.tfaForce)) {
+	if (req.session.tfa === true && !req.session.tfaForce) {
 		return res.redirect(nconf.get('relative_path') + (req.query.next || '/'));
 	}
 
@@ -248,6 +248,6 @@ Controllers.renderAccessNotificationHelp = (req, res, next) => {
 		timeString: date.toLocaleTimeString(date),
 		dateString: date.toLocaleDateString(date),
 	});
-}
+};
 
 module.exports = Controllers;
diff --git a/library.js b/library.js
@@ -105,7 +105,7 @@ plugin.init = async (params) => {
 	plugin.exemptions = {
 		prefixes,
 		paths: new Set(pages.concat(paths)),
-	}
+	};
 };
 
 plugin.addRoutes = async ({ router, middleware, helpers }) => {
@@ -412,7 +412,10 @@ plugin.adjustRelogin = async ({ req, res }) => {
 	if (await plugin.hasKey(req.uid)) {
 		req.session.forceLogin = 0;
 		req.session.tfaForce = 1;
-		controllerHelpers.redirect(res, `/login/2fa?next=${req.session.returnTo}`);
+
+		if (!res.locals.isAPI) {
+			controllerHelpers.redirect(res, `/login/2fa?next=${req.session.returnTo}`);
+		}
 	}
 };
 
@@ -426,7 +429,7 @@ plugin.handle2faFailure = async (uid) => {
 	});
 
 	await notifications.push(notification, [uid]);
-}
+};
 
 plugin.integrations = {};
 
diff --git a/plugin.json b/plugin.json
@@ -21,6 +21,9 @@
 	"scss": [
 		"static/style.scss"
 	],
+	"scripts": [
+		"static/lib/main.js"
+	],
 	"modules": {
 		"../admin/plugins/2factor.js": "./static/lib/admin.js",
 		"../client/login-totp.js": "./static/lib/totp.js",
diff --git a/static/lib/main.js b/static/lib/main.js
@@ -0,0 +1,9 @@
+'use strict';
+
+(async () => {
+	const hooks = await app.require('hooks');
+	hooks.on('filter:admin.reauth', (data) => {
+		data.url = `/login/2fa?next=/${ajaxify.currentPage}`;
+		return data;
+	});
+})();
