@@ -55,16 +55,17 @@ export default class TwoFactorsAuthPlugin extends AdminForthPlugin {
5555 return { skipAllowed : false } ;
5656 }
5757
58- private generateHashForStepUpMfaGraceCookie ( headers ) : string {
58+ private generateHashForStepUpMfaGraceCookie ( headers , cookies ) : string {
5959 const ip = this . adminforth . auth . getClientIp ( headers ) ;
6060 const userAgent = headers [ 'user-agent' ] || '' ;
6161 const acceptLanguage = headers [ 'accept-language' ] || '' ;
62- if ( ! ip || ! userAgent || ! acceptLanguage ) {
62+ const session_cookie = this . adminforth . auth . getCustomCookie ( { cookies : cookies , name : "jwt" } ) ;
63+ if ( ! ip || ! userAgent || ! acceptLanguage || ! session_cookie ) {
6364 console . error ( "❗️❗️❗️ Cannot set step-up MFA grace cookie: missing required request headers to identify client ❗️❗️❗️" ) ;
6465 return null ;
6566 } else {
6667 const hmac = crypto . createHmac ( 'sha256' , process . env . ADMINFORTH_SECRET )
67- . update ( `${ acceptLanguage } ${ userAgent } ${ ip } )
68+ . update ( `${ acceptLanguage } ${ userAgent } ${ ip } _ ${ session_cookie } )
6869 . digest ( 'hex' ) ;
6970 return hmac ;
7071 }
@@ -73,7 +74,7 @@ export default class TwoFactorsAuthPlugin extends AdminForthPlugin {
7374 private issueTempSkip2FAGraceJWT ( opts ) : void {
7475 if ( opts . response ) {
7576 if ( opts . extra . headers ) {
76- const hash = this . generateHashForStepUpMfaGraceCookie ( opts . extra . headers ) ;
77+ const hash = this . generateHashForStepUpMfaGraceCookie ( opts . extra . headers , opts . cookies ) ;
7778 if ( ! hash ) {
7879 return ;
7980 }
@@ -88,7 +89,7 @@ export default class TwoFactorsAuthPlugin extends AdminForthPlugin {
8889 }
8990
9091 private async isTempSkip2FAGraceValid ( headers , cookies , checkIfJWTAboutToExpire : boolean = false ) : Promise < boolean > {
91- const hash = this . generateHashForStepUpMfaGraceCookie ( headers ) ;
92+ const hash = this . generateHashForStepUpMfaGraceCookie ( headers , cookies ) ;
9293 if ( ! hash ) {
9394 return false ;
9495 }
0 commit comments