src/user-directory.js

'use strict';

exports = module.exports = {
    getProfileConfig,
    setProfileConfig
};

const assert = require('node:assert'),
    BoxError = require('./boxerror.js'),
    constants = require('./constants.js'),
    debug = require('debug')('box:user-directory'),
    eventlog = require('./eventlog.js'),
    oidcClients = require('./oidcclients.js'),
    oidcServer = require('./oidcserver.js'),
    settings = require('./settings.js'),
    tokens = require('./tokens.js'),
    users = require('./users.js');

async function getProfileConfig() {
    const value = await settings.getJson(settings.PROFILE_CONFIG_KEY);
    return value || { lockUserProfiles: false, mandatory2FA: false };
}

async function setProfileConfig(profileConfig, options, auditSource) {
    assert.strictEqual(typeof profileConfig, 'object');
    assert.strictEqual(typeof options, 'object');
    assert(auditSource && typeof auditSource === 'object');

    if (constants.DEMO) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');

    const oldConfig = await getProfileConfig();
    await settings.setJson(settings.PROFILE_CONFIG_KEY, profileConfig);

    await eventlog.add(eventlog.ACTION_USER_DIRECTORY_PROFILE_CONFIG_UPDATE, auditSource, { oldConfig, config: profileConfig });

    if (profileConfig.mandatory2FA && !oldConfig.mandatory2FA) {
        debug('setProfileConfig: logging out non-2FA users to enforce 2FA');

        const allUsers = await users.list();

        for (const user of allUsers) {
            if (user.twoFactorAuthenticationEnabled) continue;
            if (options.persistUserIdSessions === user.id) continue; // do not logout the API caller

            await tokens.delByUserIdAndType(user.id, oidcClients.ID_WEBADMIN);
            await oidcServer.revokeByUsername(user.username);
        }
    }
}
split routes and model code into user-directory.js 2024-06-12 10:27:59 +02:00			`'use strict';`

			`exports = module.exports = {`
			`getProfileConfig,`
			`setProfileConfig`
			`};`

use node: prefix for requires mostly because code is being autogenerated by all the AI stuff using this prefix. it's also used in the stack trace. 2025-08-14 11:17:38 +05:30			`const assert = require('node:assert'),`
split routes and model code into user-directory.js 2024-06-12 10:27:59 +02:00			`BoxError = require('./boxerror.js'),`
			`constants = require('./constants.js'),`
			`debug = require('debug')('box:user-directory'),`
userdirectory: add eventlog entry 2024-06-12 10:46:23 +02:00			`eventlog = require('./eventlog.js'),`
move tokens.ID_ into oidcClients.ID_ 2025-06-11 22:53:29 +02:00			`oidcClients = require('./oidcclients.js'),`
split oidc into server and clients 2025-06-11 22:00:09 +02:00			`oidcServer = require('./oidcserver.js'),`
split routes and model code into user-directory.js 2024-06-12 10:27:59 +02:00			`settings = require('./settings.js'),`
			`tokens = require('./tokens.js'),`
			`users = require('./users.js');`

			`async function getProfileConfig() {`
			`const value = await settings.getJson(settings.PROFILE_CONFIG_KEY);`
			`return value \|\| { lockUserProfiles: false, mandatory2FA: false };`
			`}`

mandatory2fa: fix workflow when using external LDAP * Always allow the mandatory 2fa setting to be saved * Show warning for user if they have no 2fa setup and if not external 2fa * If they get locked out anyway, they have to use CLI tool * redirect for mandatory 2fa only if not external 2fa as well 2024-05-25 12:54:40 +02:00			`async function setProfileConfig(profileConfig, options, auditSource) {`
split routes and model code into user-directory.js 2024-06-12 10:27:59 +02:00			`assert.strictEqual(typeof profileConfig, 'object');`
mandatory2fa: fix workflow when using external LDAP * Always allow the mandatory 2fa setting to be saved * Show warning for user if they have no 2fa setup and if not external 2fa * If they get locked out anyway, they have to use CLI tool * redirect for mandatory 2fa only if not external 2fa as well 2024-05-25 12:54:40 +02:00			`assert.strictEqual(typeof options, 'object');`
userdirectory: add eventlog entry 2024-06-12 10:46:23 +02:00			`assert(auditSource && typeof auditSource === 'object');`
split routes and model code into user-directory.js 2024-06-12 10:27:59 +02:00
			`if (constants.DEMO) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');`

			`const oldConfig = await getProfileConfig();`
			`await settings.setJson(settings.PROFILE_CONFIG_KEY, profileConfig);`

userdirectory: add eventlog entry 2024-06-12 10:46:23 +02:00			`await eventlog.add(eventlog.ACTION_USER_DIRECTORY_PROFILE_CONFIG_UPDATE, auditSource, { oldConfig, config: profileConfig });`

split routes and model code into user-directory.js 2024-06-12 10:27:59 +02:00			`if (profileConfig.mandatory2FA && !oldConfig.mandatory2FA) {`
			`debug('setProfileConfig: logging out non-2FA users to enforce 2FA');`

			`const allUsers = await users.list();`
mandatory2fa: fix workflow when using external LDAP * Always allow the mandatory 2fa setting to be saved * Show warning for user if they have no 2fa setup and if not external 2fa * If they get locked out anyway, they have to use CLI tool * redirect for mandatory 2fa only if not external 2fa as well 2024-05-25 12:54:40 +02:00
split routes and model code into user-directory.js 2024-06-12 10:27:59 +02:00			`for (const user of allUsers) {`
			`if (user.twoFactorAuthenticationEnabled) continue;`
mandatory2fa: fix workflow when using external LDAP * Always allow the mandatory 2fa setting to be saved * Show warning for user if they have no 2fa setup and if not external 2fa * If they get locked out anyway, they have to use CLI tool * redirect for mandatory 2fa only if not external 2fa as well 2024-05-25 12:54:40 +02:00			`if (options.persistUserIdSessions === user.id) continue; // do not logout the API caller`
split routes and model code into user-directory.js 2024-06-12 10:27:59 +02:00
move tokens.ID_ into oidcClients.ID_ 2025-06-11 22:53:29 +02:00			`await tokens.delByUserIdAndType(user.id, oidcClients.ID_WEBADMIN);`
the oidc module expect accountId and sub to be the same in our case sub is the username exposed to the app, not the userId internal to Cloudron Upstream behavior change https://github.com/panva/node-oidc-provider/commit/9b89153c0ea2f2280a26e35f3b66d1900aed7c79 2025-07-01 22:07:31 +02:00			`await oidcServer.revokeByUsername(user.username);`
split routes and model code into user-directory.js 2024-06-12 10:27:59 +02:00			`}`
			`}`
			`}`