diff --git a/src/js/main.js b/src/js/main.js index 6e1ff6331..14a75402c 100644 --- a/src/js/main.js +++ b/src/js/main.js @@ -57,6 +57,8 @@ angular.module('Application').controller('MainController', ['$scope', '$route', }; function init() { + console.log(window.location); + Client.getStatus(function (error, status) { if (error) return Client.initError(error, init); @@ -110,6 +112,11 @@ angular.module('Application').controller('MainController', ['$scope', '$route', $scope.initialized = true; + if (Client.getConfig().mandatory2FA && !Client.getUserInfo().twoFactorAuthenticationEnabled) { + $location.path('/profile').search({ setup2fa: true }); + return; + } + refreshNotifications(true); $scope.updateSubscriptionStatus(); diff --git a/src/views/profile.html b/src/views/profile.html index 467e0cac7..e88798e07 100644 --- a/src/views/profile.html +++ b/src/views/profile.html @@ -170,7 +170,11 @@

Enable Two-Factor Authentication

-
+

+ Your Cloudron Administrator has required all members to enable two-factor authentication. You will be unable to access + the dashboard until you enable 2FA. +

+

@@ -194,8 +198,9 @@
- - + + +
diff --git a/src/views/profile.js b/src/views/profile.js index 4ab30af3c..cdc1b020c 100644 --- a/src/views/profile.js +++ b/src/views/profile.js @@ -4,11 +4,13 @@ /* global angular */ /* global $ */ -angular.module('Application').controller('ProfileController', ['$scope', '$location', 'Client', function ($scope, $location, Client) { +angular.module('Application').controller('ProfileController', ['$scope', '$location', 'Client', '$timeout', function ($scope, $location, Client, $timeout) { $scope.user = Client.getUserInfo(); $scope.config = Client.getConfig(); $scope.apps = Client.getInstalledApps(); + console.log($scope.twoFactorAuthenticationEnableForm); + $scope.twoFactorAuthentication = { busy: false, error: null, @@ -16,6 +18,8 @@ angular.module('Application').controller('ProfileController', ['$scope', '$locat totpToken: '', secret: '', qrcode: '', + mandatory2FA: false, + mandatory2FAHelp: false, // show the initial help text when mandatory 2fa forces modal popup reset: function () { $scope.twoFactorAuthentication.busy = false; @@ -24,6 +28,7 @@ angular.module('Application').controller('ProfileController', ['$scope', '$locat $scope.twoFactorAuthentication.totpToken = ''; $scope.twoFactorAuthentication.secret = ''; $scope.twoFactorAuthentication.qrcode = ''; + $scope.twoFactorAuthentication.mandatory2FAHelp = false; $scope.twoFactorAuthenticationEnableForm.$setUntouched(); $scope.twoFactorAuthenticationEnableForm.$setPristine(); @@ -31,6 +36,25 @@ angular.module('Application').controller('ProfileController', ['$scope', '$locat $scope.twoFactorAuthenticationDisableForm.$setPristine(); }, + getSecret: function () { + $scope.twoFactorAuthentication.mandatory2FAHelp = false; + + Client.setTwoFactorAuthenticationSecret(function (error, result) { + if (error) return console.error(error); + + $scope.twoFactorAuthentication.secret = result.secret; + $scope.twoFactorAuthentication.qrcode = result.qrcode; + }); + }, + + showMandatory2FA: function () { + $scope.twoFactorAuthentication.reset(); + $scope.twoFactorAuthentication.mandatory2FA = true; + $scope.twoFactorAuthentication.mandatory2FAHelp = true; + + $('#twoFactorAuthenticationEnableModal').modal({ backdrop: 'static', keyboard: false }); // undimissable dialog + }, + show: function () { $scope.twoFactorAuthentication.reset(); @@ -39,12 +63,7 @@ angular.module('Application').controller('ProfileController', ['$scope', '$locat } else { $('#twoFactorAuthenticationEnableModal').modal('show'); - Client.setTwoFactorAuthenticationSecret(function (error, result) { - if (error) return console.error(error); - - $scope.twoFactorAuthentication.secret = result.secret; - $scope.twoFactorAuthentication.qrcode = result.qrcode; - }); + $scope.twoFactorAuthentication.getSecret(); } }, @@ -601,4 +620,9 @@ angular.module('Application').controller('ProfileController', ['$scope', '$locat }); $('.modal-backdrop').remove(); + + if ($location.search().setup2fa) { + // the form elements of the FormController won't appear in scope yet + $timeout(function () { $scope.twoFactorAuthentication.showMandatory2FA(); }, 1000); + } }]); diff --git a/src/views/users.html b/src/views/users.html index 20656e2fa..75a5adefa 100644 --- a/src/views/users.html +++ b/src/views/users.html @@ -533,6 +533,11 @@   Allow users to edit their name & email +
+ +
diff --git a/src/views/users.js b/src/views/users.js index 80651a5a2..f051e232c 100644 --- a/src/views/users.js +++ b/src/views/users.js @@ -466,6 +466,7 @@ angular.module('Application').controller('UsersController', ['$scope', '$locatio $scope.directoryConfig = { editableUserProfiles: true, + mandatory2FA: false, error: {}, loadDirectoryConfig: function () { @@ -473,6 +474,7 @@ angular.module('Application').controller('UsersController', ['$scope', '$locatio if (error) return console.error('Unable to get directory config.', error); $scope.directoryConfig.editableUserProfiles = !result.lockUserProfiles; + $scope.directoryConfig.mandatory2FA = !!result.mandatory2FA; }); }, @@ -482,7 +484,8 @@ angular.module('Application').controller('UsersController', ['$scope', '$locatio $scope.directoryConfig.success = false; var data = { - lockUserProfiles: !$scope.directoryConfig.editableUserProfiles + lockUserProfiles: !$scope.directoryConfig.editableUserProfiles, + mandatory2FA: $scope.directoryConfig.mandatory2FA }; Client.setDirectoryConfig(data, function (error) {