12e073e8cf
mostly because code is being autogenerated by all the AI stuff using this prefix. it's also used in the stack trace.
50 lines
1.8 KiB
JavaScript
50 lines
1.8 KiB
JavaScript
'use strict';
|
|
|
|
exports = module.exports = {
|
|
getProfileConfig,
|
|
setProfileConfig
|
|
};
|
|
|
|
const assert = require('node:assert'),
|
|
BoxError = require('./boxerror.js'),
|
|
constants = require('./constants.js'),
|
|
debug = require('debug')('box:user-directory'),
|
|
eventlog = require('./eventlog.js'),
|
|
oidcClients = require('./oidcclients.js'),
|
|
oidcServer = require('./oidcserver.js'),
|
|
settings = require('./settings.js'),
|
|
tokens = require('./tokens.js'),
|
|
users = require('./users.js');
|
|
|
|
async function getProfileConfig() {
|
|
const value = await settings.getJson(settings.PROFILE_CONFIG_KEY);
|
|
return value || { lockUserProfiles: false, mandatory2FA: false };
|
|
}
|
|
|
|
async function setProfileConfig(profileConfig, options, auditSource) {
|
|
assert.strictEqual(typeof profileConfig, 'object');
|
|
assert.strictEqual(typeof options, 'object');
|
|
assert(auditSource && typeof auditSource === 'object');
|
|
|
|
if (constants.DEMO) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');
|
|
|
|
const oldConfig = await getProfileConfig();
|
|
await settings.setJson(settings.PROFILE_CONFIG_KEY, profileConfig);
|
|
|
|
await eventlog.add(eventlog.ACTION_USER_DIRECTORY_PROFILE_CONFIG_UPDATE, auditSource, { oldConfig, config: profileConfig });
|
|
|
|
if (profileConfig.mandatory2FA && !oldConfig.mandatory2FA) {
|
|
debug('setProfileConfig: logging out non-2FA users to enforce 2FA');
|
|
|
|
const allUsers = await users.list();
|
|
|
|
for (const user of allUsers) {
|
|
if (user.twoFactorAuthenticationEnabled) continue;
|
|
if (options.persistUserIdSessions === user.id) continue; // do not logout the API caller
|
|
|
|
await tokens.delByUserIdAndType(user.id, oidcClients.ID_WEBADMIN);
|
|
await oidcServer.revokeByUsername(user.username);
|
|
}
|
|
}
|
|
}
|