split routes and model code into user-directory.js

src/user-directory.js

@@ -0,0 +1,41 @@
+'use strict';
+
+exports = module.exports = {
+    getProfileConfig,
+    setProfileConfig
+};
+
+const assert = require('assert'),
+    BoxError = require('./boxerror.js'),
+    constants = require('./constants.js'),
+    debug = require('debug')('box:user-directory'),
+    oidc = require('./oidc.js'),
+    settings = require('./settings.js'),
+    tokens = require('./tokens.js'),
+    users = require('./users.js');
+
+async function getProfileConfig() {
+    const value = await settings.getJson(settings.PROFILE_CONFIG_KEY);
+    return value || { lockUserProfiles: false, mandatory2FA: false };
+}
+
+async function setProfileConfig(profileConfig) {
+    assert.strictEqual(typeof profileConfig, 'object');
+
+    if (constants.DEMO) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');
+
+    const oldConfig = await getProfileConfig();
+    await settings.setJson(settings.PROFILE_CONFIG_KEY, profileConfig);
+
+    if (profileConfig.mandatory2FA && !oldConfig.mandatory2FA) {
+        debug('setProfileConfig: logging out non-2FA users to enforce 2FA');
+
+        const allUsers = await users.list();
+        for (const user of allUsers) {
+            if (user.twoFactorAuthenticationEnabled) continue;
+
+            await tokens.delByUserIdAndType(user.id, tokens.ID_WEBADMIN);
+            await oidc.revokeByUserId(user.id);
+        }
+    }
+}