mandatory 2fa: revoke oidc sessions of non-2fa users

2024-06-12 10:16:49 +02:00
parent 57bf3709f3
commit e1f87161a8
1 changed files with 5 additions and 1 deletions
--- a/src/users.js
+++ b/src/users.js
@@ -91,6 +91,7 @@ const appPasswords = require('./apppasswords.js'),
    mail = require('./mail.js'),
    mailer = require('./mailer.js'),
    mysql = require('mysql'),
+    oidc = require('../oidc.js'),
    qrcode = require('qrcode'),
    safe = require('safetydance'),
    settings = require('./settings.js'),
@@ -989,7 +990,10 @@ async function setProfileConfig(profileConfig) {

        const allUsers = await list();
        for (const user of allUsers) {
-            if (!user.twoFactorAuthenticationEnabled) await tokens.delByUserIdAndType(user.id, tokens.ID_WEBADMIN);
+            if (!user.twoFactorAuthenticationEnabled) {
+                await tokens.delByUserIdAndType(user.id, tokens.ID_WEBADMIN);
+                await oidc.revokeByUserId(user.id);
+            }
        }
    }
 }