jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

mandatory2fa: fix workflow when using external LDAP

Browse Source 
* Always allow the mandatory 2fa setting to be saved
* Show warning for user if they have no 2fa setup and if not external 2fa
* If they get locked out anyway, they have to use CLI tool
* redirect for mandatory 2fa only if not external 2fa as well
This commit is contained in:
Girish Ramakrishnan
2024-05-25 12:54:40 +02:00
parent 077f95049e
commit d34b102e52
8 changed files with 27 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/user-directory.js
View File

@@ -20,8 +20,9 @@ async function getProfileConfig() {
return value || { lockUserProfiles: false, mandatory2FA: false };
}
async function setProfileConfig(profileConfig, auditSource) {
async function setProfileConfig(profileConfig, options, auditSource) {
assert.strictEqual(typeof profileConfig, 'object');
assert.strictEqual(typeof options, 'object');
assert(auditSource && typeof auditSource === 'object');
if (constants.DEMO) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');
@@ -35,8 +36,10 @@ async function setProfileConfig(profileConfig, auditSource) {
debug('setProfileConfig: logging out non-2FA users to enforce 2FA');
const allUsers = await users.list();
for (const user of allUsers) {
if (user.twoFactorAuthenticationEnabled) continue;
if (options.persistUserIdSessions === user.id) continue; // do not logout the API caller
await tokens.delByUserIdAndType(user.id, tokens.ID_WEBADMIN);
await oidc.revokeByUserId(user.id);