settings: make user_directory setting route

src/test/users-test.js

@@ -9,6 +9,7 @@ const BoxError = require('../boxerror.js'),
     common = require('./common.js'),
     expect = require('expect.js'),
     safe = require('safetydance'),
+    tokens = require('../tokens.js'),
     users = require('../users.js'),
     _ = require('underscore');
 
@@ -542,4 +543,22 @@ describe('User', function () {
 
         it('can re-create user after user was removed', createOwner);
     });
+
+    describe('profile config', function () {
+        it('can get default profile config', async function () {
+            const profileConfig = await users.getProfileConfig();
+            expect(profileConfig.lockUserProfiles).to.be(false);
+            expect(profileConfig.mandatory2FA).to.be(false);
+        });
+
+        it('can set default profile config', async function () {
+            await tokens.add({ name: 'token1', identifier: admin.id, clientId: tokens.ID_WEBADMIN, expires: Number.MAX_SAFE_INTEGER, lastUsedTime: null });
+            let result = await tokens.listByUserId(admin.id);
+            expect(result.length).to.be(1); // just confirm the token was really added!
+
+            await users.setProfileConfig({ mandatory2FA: true, lockUserProfiles: true });
+            result = await tokens.listByUserId(admin.id);
+            expect(result.length).to.be(0); // should have been removed by mandatory 2fa setting change
+        });
+    });
 });