chrisscott/stepUpMFA.js

## stepUpMFA.js
function stepUpMFA(user, context, callback) {

  // Check if has done MFA in the last 10 minutes
  const completedMfa =
    context.authentication &&
    !!context.authentication.methods.find(method => {
      if (method.name === 'mfa') {
        // Require MFA every 10 minutes
        const requireMFAAt = method.timestamp + 600 * 1000;
        return requireMFAAt > Date.now();
      }
      return false;
    });

  // Function to trigger MFA
  function forceMFA() {
    context.multifactor = {
      provider: 'any',
      allowRememberBrowser: false
    };
  }

  // Skip if has already completed MFA
  if (completedMfa) {
    callback(null, user, context);
    return;
  }

  // Enforce MFA on these operations
  function isSensitiveOperation() {
    const scopes =
      (context.request.query && context.request.query.scope) ||
      (context.request.body && context.request.body.scope);
    if (!scopes) {
      return false;
    }

    const sensitiveScopes = ['read:payment', 'update:payment'];
    const requestedScopes = scopes.split(' ');
    return requestedScopes.some(scope => sensitiveScopes.includes(scope));
  }

  // Check if the current operation is sensitive
  if (isSensitiveOperation()) {
    console.log(`Forcing MFA for user ${user.name} due sensitive action`);
    forceMFA();
  }

  callback(null, user, context);
}
	function stepUpMFA(user, context, callback) {

	// Check if has done MFA in the last 10 minutes
	const completedMfa =
	context.authentication &&
	!!context.authentication.methods.find(method => {
	if (method.name === 'mfa') {
	// Require MFA every 10 minutes
	const requireMFAAt = method.timestamp + 600 * 1000;
	return requireMFAAt > Date.now();
	}
	return false;
	});

	// Function to trigger MFA
	function forceMFA() {
	context.multifactor = {
	provider: 'any',
	allowRememberBrowser: false
	};
	}

	// Skip if has already completed MFA
	if (completedMfa) {
	callback(null, user, context);
	return;
	}

	// Enforce MFA on these operations
	function isSensitiveOperation() {
	const scopes =
	(context.request.query && context.request.query.scope) \|\|
	(context.request.body && context.request.body.scope);
	if (!scopes) {
	return false;
	}

	const sensitiveScopes = ['read:payment', 'update:payment'];
	const requestedScopes = scopes.split(' ');
	return requestedScopes.some(scope => sensitiveScopes.includes(scope));
	}

	// Check if the current operation is sensitive
	if (isSensitiveOperation()) {
	console.log(`Forcing MFA for user ${user.name} due sensitive action`);
	forceMFA();
	}

	callback(null, user, context);
	}