src/user-directory.js

'use strict';

exports = module.exports = {
    getProfileConfig,
    setProfileConfig
};

const assert = require('assert'),
    BoxError = require('./boxerror.js'),
    constants = require('./constants.js'),
    debug = require('debug')('box:user-directory'),
    oidc = require('./oidc.js'),
    settings = require('./settings.js'),
    tokens = require('./tokens.js'),
    users = require('./users.js');

async function getProfileConfig() {
    const value = await settings.getJson(settings.PROFILE_CONFIG_KEY);
    return value || { lockUserProfiles: false, mandatory2FA: false };
}

async function setProfileConfig(profileConfig) {
    assert.strictEqual(typeof profileConfig, 'object');

    if (constants.DEMO) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');

    const oldConfig = await getProfileConfig();
    await settings.setJson(settings.PROFILE_CONFIG_KEY, profileConfig);

    if (profileConfig.mandatory2FA && !oldConfig.mandatory2FA) {
        debug('setProfileConfig: logging out non-2FA users to enforce 2FA');

        const allUsers = await users.list();
        for (const user of allUsers) {
            if (user.twoFactorAuthenticationEnabled) continue;

            await tokens.delByUserIdAndType(user.id, tokens.ID_WEBADMIN);
            await oidc.revokeByUserId(user.id);
        }
    }
}
split routes and model code into user-directory.js 2024-06-12 10:27:59 +02:00			`'use strict';`

			`exports = module.exports = {`
			`getProfileConfig,`
			`setProfileConfig`
			`};`

			`const assert = require('assert'),`
			`BoxError = require('./boxerror.js'),`
			`constants = require('./constants.js'),`
			`debug = require('debug')('box:user-directory'),`
			`oidc = require('./oidc.js'),`
			`settings = require('./settings.js'),`
			`tokens = require('./tokens.js'),`
			`users = require('./users.js');`

			`async function getProfileConfig() {`
			`const value = await settings.getJson(settings.PROFILE_CONFIG_KEY);`
			`return value \|\| { lockUserProfiles: false, mandatory2FA: false };`
			`}`

			`async function setProfileConfig(profileConfig) {`
			`assert.strictEqual(typeof profileConfig, 'object');`

			`if (constants.DEMO) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');`

			`const oldConfig = await getProfileConfig();`
			`await settings.setJson(settings.PROFILE_CONFIG_KEY, profileConfig);`

			`if (profileConfig.mandatory2FA && !oldConfig.mandatory2FA) {`
			`debug('setProfileConfig: logging out non-2FA users to enforce 2FA');`

			`const allUsers = await users.list();`
			`for (const user of allUsers) {`
			`if (user.twoFactorAuthenticationEnabled) continue;`

			`await tokens.delByUserIdAndType(user.id, tokens.ID_WEBADMIN);`
			`await oidc.revokeByUserId(user.id);`
			`}`
			`}`
			`}`