From 7ebd18b00d745daa6519a91ae96d042e2f26f33a Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kyle.spearrin@gmail.com>
Date: Sat, 9 Jun 2018 22:02:45 -0400
Subject: [PATCH] auth guards

---
 src/app/accounts/hint.component.html       |  2 +-
 src/app/accounts/lock.component.ts         | 17 +++++++++++--
 src/app/accounts/register.component.html   |  2 +-
 src/app/accounts/two-factor.component.html |  2 +-
 src/app/app-routing.module.ts              | 29 ++++++++++++----------
 src/app/app.component.ts                   |  2 +-
 src/app/services.module.ts                 |  3 +++
 src/app/services/unauth-guard.service.ts   | 29 ++++++++++++++++++++++
 8 files changed, 67 insertions(+), 19 deletions(-)
 create mode 100644 src/app/services/unauth-guard.service.ts

diff --git a/src/app/accounts/hint.component.html b/src/app/accounts/hint.component.html
index 0e7fab7d6f..b56867f95d 100644
--- a/src/app/accounts/hint.component.html
+++ b/src/app/accounts/hint.component.html
@@ -15,7 +15,7 @@
                             <span [hidden]="form.loading">{{'submit' | i18n}}</span>
                             <i class="fa fa-spinner fa-spin" [hidden]="!form.loading"></i>
                         </button>
-                        <a routerLink="/login" class="btn btn-outline-secondary btn-block ml-2 mt-0">
+                        <a routerLink="/" class="btn btn-outline-secondary btn-block ml-2 mt-0">
                             {{'cancel' | i18n}}
                         </a>
                     </div>
diff --git a/src/app/accounts/lock.component.ts b/src/app/accounts/lock.component.ts
index 39fced9b16..80727dc74e 100644
--- a/src/app/accounts/lock.component.ts
+++ b/src/app/accounts/lock.component.ts
@@ -1,4 +1,7 @@
-import { Component } from '@angular/core';
+import {
+    Component,
+    OnInit,
+} from '@angular/core';
 import { Router } from '@angular/router';
 
 import { ToasterService } from 'angular2-toaster';
@@ -16,7 +19,7 @@ import { LockComponent as BaseLockComponent } from 'jslib/angular/components/loc
     selector: 'app-lock',
     templateUrl: 'lock.component.html',
 })
-export class LockComponent extends BaseLockComponent {
+export class LockComponent extends BaseLockComponent implements OnInit {
     constructor(router: Router, analytics: Angulartics2,
         toasterService: ToasterService, i18nService: I18nService,
         platformUtilsService: PlatformUtilsService, messagingService: MessagingService,
@@ -24,4 +27,14 @@ export class LockComponent extends BaseLockComponent {
         super(router, analytics, toasterService, i18nService, platformUtilsService,
             messagingService, userService, cryptoService);
     }
+
+    async ngOnInit() {
+        const authed = await this.userService.isAuthenticated();
+        const key = await this.cryptoService.getKey();
+        if (!authed) {
+            this.router.navigate(['/']);
+        } else if (key != null) {
+            this.router.navigate(['vault']);
+        }
+    }
 }
diff --git a/src/app/accounts/register.component.html b/src/app/accounts/register.component.html
index b1ae508c54..199155b5ec 100644
--- a/src/app/accounts/register.component.html
+++ b/src/app/accounts/register.component.html
@@ -41,7 +41,7 @@
                             <span [hidden]="form.loading">{{'submit' | i18n}}</span>
                             <i class="fa fa-spinner fa-spin" [hidden]="!form.loading"></i>
                         </button>
-                        <a routerLink="/login" class="btn btn-outline-secondary btn-block ml-2 mt-0">
+                        <a routerLink="/" class="btn btn-outline-secondary btn-block ml-2 mt-0">
                             {{'cancel' | i18n}}
                         </a>
                     </div>
diff --git a/src/app/accounts/two-factor.component.html b/src/app/accounts/two-factor.component.html
index e4acd405cc..404f865e8e 100644
--- a/src/app/accounts/two-factor.component.html
+++ b/src/app/accounts/two-factor.component.html
@@ -1,7 +1,7 @@
 <form id="two-factor-page" #form (ngSubmit)="submit()" [appApiAction]="formPromise">
     <header>
         <div class="left">
-            <a routerLink="/login">{{'back' | i18n}}</a>
+            <a routerLink="/">{{'back' | i18n}}</a>
         </div>
         <div class="center">
             <span class="title">{{title}}</span>
diff --git a/src/app/app-routing.module.ts b/src/app/app-routing.module.ts
index 02db826a97..d2bb0e7ef9 100644
--- a/src/app/app-routing.module.ts
+++ b/src/app/app-routing.module.ts
@@ -16,31 +16,34 @@ import { TwoFactorComponent } from './accounts/two-factor.component';
 
 import { VaultComponent } from './vault/vault.component';
 
+import { UnauthGuardService } from './services/unauth-guard.service';
+
+import { AuthGuardService } from 'jslib/angular/services/auth-guard.service';
+
 const routes: Routes = [
-    {
-        path: '',
-        component: UserLayoutComponent,
-        children: [
-            { path: '', redirectTo: 'vault', pathMatch: 'full' },
-            { path: 'vault', component: VaultComponent },
-        ],
-    },
     {
         path: '',
         component: FrontendLayoutComponent,
         children: [
-            { path: 'login', component: LoginComponent },
-            { path: '2fa', component: TwoFactorComponent },
-            { path: 'register', component: RegisterComponent },
-            { path: 'hint', component: HintComponent },
+            { path: '', pathMatch: 'full', component: LoginComponent, canActivate: [UnauthGuardService] },
+            { path: '2fa', component: TwoFactorComponent, canActivate: [UnauthGuardService] },
+            { path: 'register', component: RegisterComponent, canActivate: [UnauthGuardService] },
+            { path: 'hint', component: HintComponent, canActivate: [UnauthGuardService] },
             { path: 'lock', component: LockComponent },
         ],
     },
+    {
+        path: '',
+        component: UserLayoutComponent,
+        children: [
+            { path: 'vault', component: VaultComponent, canActivate: [AuthGuardService] },
+        ],
+    },
     {
         path: 'organization/:organizationId',
         component: OrganizationLayoutComponent,
         children: [
-            { path: 'vault', component: VaultComponent },
+            { path: 'vault', component: VaultComponent, canActivate: [AuthGuardService] },
         ],
     },
     { path: '**', redirectTo: '' },
diff --git a/src/app/app.component.ts b/src/app/app.component.ts
index 78de2398d8..c06fa5a077 100644
--- a/src/app/app.component.ts
+++ b/src/app/app.component.ts
@@ -143,7 +143,7 @@ export class AppComponent implements OnDestroy, OnInit {
                 this.toasterService.popAsync('warning', this.i18nService.t('loggedOut'),
                     this.i18nService.t('loginExpired'));
             }
-            this.router.navigate(['login']);
+            this.router.navigate(['/']);
         });
     }
 
diff --git a/src/app/services.module.ts b/src/app/services.module.ts
index fa8fabc936..2a5f3ed37e 100644
--- a/src/app/services.module.ts
+++ b/src/app/services.module.ts
@@ -11,6 +11,8 @@ import { I18nService } from '../services/i18n.service';
 import { MemoryStorageService } from '../services/memoryStorage.service';
 import { WebPlatformUtilsService } from '../services/webPlatformUtils.service';
 
+import { UnauthGuardService } from './services/unauth-guard.service';
+
 import { AuthGuardService } from 'jslib/angular/services/auth-guard.service';
 import { BroadcasterService } from 'jslib/angular/services/broadcaster.service';
 import { ValidationService } from 'jslib/angular/services/validation.service';
@@ -135,6 +137,7 @@ export function initFactory(): Function {
     providers: [
         ValidationService,
         AuthGuardService,
+        UnauthGuardService,
         { provide: AuditServiceAbstraction, useValue: auditService },
         { provide: AuthServiceAbstraction, useValue: authService },
         { provide: CipherServiceAbstraction, useValue: cipherService },
diff --git a/src/app/services/unauth-guard.service.ts b/src/app/services/unauth-guard.service.ts
new file mode 100644
index 0000000000..3c89f26d4a
--- /dev/null
+++ b/src/app/services/unauth-guard.service.ts
@@ -0,0 +1,29 @@
+import { Injectable } from '@angular/core';
+import {
+    CanActivate,
+    Router,
+} from '@angular/router';
+
+import { CryptoService } from 'jslib/abstractions/crypto.service';
+import { UserService } from 'jslib/abstractions/user.service';
+
+@Injectable()
+export class UnauthGuardService implements CanActivate {
+    constructor(private cryptoService: CryptoService, private userService: UserService,
+        private router: Router) { }
+
+    async canActivate() {
+        const isAuthed = await this.userService.isAuthenticated();
+        if (isAuthed) {
+            const key = await this.cryptoService.getKey();
+            if (key == null) {
+                this.router.navigate(['lock']);
+            } else {
+                this.router.navigate(['vault']);
+            }
+            return false;
+        }
+
+        return true;
+    }
+}