demo is just a constant, not a setting

src/users.js

@@ -420,7 +420,7 @@ async function del(user, auditSource) {
     assert.strictEqual(typeof user, 'object');
     assert(auditSource && typeof auditSource === 'object');
 
-    if (settings.isDemo() && user.username === constants.DEMO_USERNAME) throw new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode');
+    if (constants.DEMO && user.username === constants.DEMO_USERNAME) throw new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode');
 
     const queries = [];
     queries.push({ query: 'DELETE FROM groupMembers WHERE userId = ?', args: [ user.id ] });
@@ -572,7 +572,7 @@ async function update(user, data, auditSource) {
     assert(!('active' in data) || (typeof data.active === 'boolean'));
     assert(!('loginLocations' in data) || (Array.isArray(data.loginLocations)));
 
-    if (settings.isDemo() && user.username === constants.DEMO_USERNAME) throw new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode');
+    if (constants.DEMO && user.username === constants.DEMO_USERNAME) throw new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode');
 
     let error, result;
 
@@ -713,7 +713,7 @@ async function notifyLoginLocation(user, ip, userAgent, auditSource) {
 
     debug(`notifyLoginLocation: ${user.id} ${ip} ${userAgent}`);
 
-    if (settings.isDemo()) return;
+    if (constants.DEMO) return;
     if (constants.TEST && ip === '127.0.0.1') return;
 
     const response = await superagent.get('https://geolocation.cloudron.io/json').query({ ip }).ok(() => true);
@@ -754,7 +754,7 @@ async function setPassword(user, newPassword, auditSource) {
     let error = validatePassword(newPassword);
     if (error) throw error;
 
-    if (settings.isDemo() && user.username === constants.DEMO_USERNAME) throw new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode');
+    if (constants.DEMO && user.username === constants.DEMO_USERNAME) throw new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode');
     if (user.source) throw new BoxError(BoxError.CONFLICT, 'User is from an external directory');
 
     let salt, derivedKey;
@@ -849,7 +849,7 @@ async function setTwoFactorAuthenticationSecret(userId, auditSource) {
     const user = await get(userId);
     if (!user) throw new BoxError(BoxError.NOT_FOUND, 'User not found');
 
-    if (settings.isDemo() && user.username === constants.DEMO_USERNAME) throw new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode');
+    if (constants.DEMO && user.username === constants.DEMO_USERNAME) throw new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode');
 
     if (user.twoFactorAuthenticationEnabled) throw new BoxError(BoxError.ALREADY_EXISTS);
 
@@ -959,7 +959,7 @@ async function getProfileConfig() {
 async function setProfileConfig(profileConfig) {
     assert.strictEqual(typeof profileConfig, 'object');
 
-    if (settings.isDemo()) throw new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode');
+    if (constants.DEMO) throw new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode');
 
     const oldConfig = await getProfileConfig();
     await settings.setJson(settings.PROFILE_CONFIG_KEY, profileConfig);