jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

settings: make user_directory setting route

Browse Source
This commit is contained in:
Girish Ramakrishnan
2023-08-03 08:11:42 +05:30
parent d475df8d63
commit d12e6ee2b3
10 changed files with 85 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
src/users.js
View File

@@ -51,6 +51,9 @@ exports = module.exports = {
getBackgroundImage,
setBackgroundImage,
getProfileConfig,
setProfileConfig,
AP_MAIL: 'mail',
AP_WEBADMIN: 'webadmin',
@@ -273,10 +276,10 @@ async function setGhost(user, password, expiresAt) {
debug(`setGhost: ${user.username} expiresAt ${expiresAt}`);
const ghostData = await settings.getGhosts();
const ghostData = safe.JSON.parse(await settings.get(settings.GHOSTS_CONFIG_KEY)) || {};
ghostData[user.username] = { password, expiresAt };
await settings.setGhosts(ghostData);
await settings.set(settings.GHOSTS_CONFIG_KEY, JSON.stringify(ghostData));
}
// returns true if ghost user was matched
@@ -284,7 +287,7 @@ async function verifyGhost(username, password) {
assert.strictEqual(typeof username, 'string');
assert.strictEqual(typeof password, 'string');
const ghostData = await settings.getGhosts();
const ghostData = safe.JSON.parse(await settings.get(settings.GHOSTS_CONFIG_KEY)) || {};
// either the username is an object with { password, expiresAt } or a string with the password which will expire on first match
if (username in ghostData) {
@@ -293,7 +296,7 @@ async function verifyGhost(username, password) {
debug('verifyGhost: password expired');
delete ghostData[username];
await settings.setGhosts(ghostData);
await settings.set(settings.GHOSTS_CONFIG_KEY, JSON.stringify(ghostData));
return false;
} else if (ghostData[username].password === password) {
@@ -306,8 +309,7 @@ async function verifyGhost(username, password) {
debug('verifyGhost: matched ghost user');
delete ghostData[username];
await settings.setGhosts(ghostData);
await settings.set(settings.GHOSTS_CONFIG_KEY, JSON.stringify(ghostData));
return true;
}
}
@@ -793,7 +795,7 @@ async function getInviteLink(user, auditSource) {
if (user.source) throw new BoxError(BoxError.CONFLICT, 'User is from an external directory');
if (!user.inviteToken) throw new BoxError(BoxError.BAD_STATE, 'User already used invite link');
const directoryConfig = await settings.getProfileConfig();
const directoryConfig = await getProfileConfig();
let inviteLink = `${settings.dashboardOrigin()}/setupaccount.html?inviteToken=${user.inviteToken}&email=${encodeURIComponent(user.email)}`;
if (user.username) inviteLink += `&username=${encodeURIComponent(user.username)}`;
@@ -820,7 +822,7 @@ async function setupAccount(user, data, auditSource) {
assert.strictEqual(typeof data, 'object');
assert(auditSource && typeof auditSource === 'object');
const profileConfig = await settings.getProfileConfig();
const profileConfig = await getProfileConfig();
const tmp = { inviteToken: '' };
@@ -948,3 +950,27 @@ async function setBackgroundImage(id, backgroundImage) {
const result = await database.query('UPDATE users SET backgroundImage=? WHERE id = ?', [ backgroundImage, id ]);
if (result.length === 0) throw new BoxError(BoxError.NOT_FOUND, 'User not found');
}
async function getProfileConfig() {
const value = await settings.get(settings.PROFILE_CONFIG_KEY);
if (value === null) return { lockUserProfiles: false, mandatory2FA: false };
return JSON.parse(value);
}
async function setProfileConfig(profileConfig) {
assert.strictEqual(typeof profileConfig, 'object');
if (settings.isDemo()) throw new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode');
const oldConfig = await getProfileConfig();
await settings.set(settings.PROFILE_CONFIG_KEY, JSON.stringify(profileConfig));
if (profileConfig.mandatory2FA && !oldConfig.mandatory2FA) {
debug('setProfileConfig: logging out non-2FA users to enforce 2FA');
const allUsers = await list();
for (const user of allUsers) {
if (!user.twoFactorAuthenticationEnabled) await tokens.delByUserIdAndType(user.id, tokens.ID_WEBADMIN);
}
}
}