52 lines
1.8 KiB
JavaScript
52 lines
1.8 KiB
JavaScript
import assert from 'node:assert';
|
|
import BoxError from './boxerror.js';
|
|
import constants from './constants.js';
|
|
import debugModule from 'debug';
|
|
import eventlog from './eventlog.js';
|
|
import oidcClients from './oidcclients.js';
|
|
import oidcServer from './oidcserver.js';
|
|
import settings from './settings.js';
|
|
import tokens from './tokens.js';
|
|
import users from './users.js';
|
|
|
|
const debug = debugModule('box:user-directory');
|
|
|
|
|
|
async function getProfileConfig() {
|
|
const value = await settings.getJson(settings.PROFILE_CONFIG_KEY);
|
|
return value || { lockUserProfiles: false, mandatory2FA: false };
|
|
}
|
|
|
|
async function setProfileConfig(profileConfig, options, auditSource) {
|
|
assert.strictEqual(typeof profileConfig, 'object');
|
|
assert.strictEqual(typeof options, 'object');
|
|
assert(auditSource && typeof auditSource === 'object');
|
|
|
|
if (constants.DEMO) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');
|
|
|
|
const oldConfig = await getProfileConfig();
|
|
await settings.setJson(settings.PROFILE_CONFIG_KEY, profileConfig);
|
|
|
|
await eventlog.add(eventlog.ACTION_USER_DIRECTORY_PROFILE_CONFIG_UPDATE, auditSource, { oldConfig, config: profileConfig });
|
|
|
|
if (profileConfig.mandatory2FA && !oldConfig.mandatory2FA) {
|
|
debug('setProfileConfig: logging out non-2FA users to enforce 2FA');
|
|
|
|
const allUsers = await users.list();
|
|
|
|
for (const user of allUsers) {
|
|
if (user.twoFactorAuthenticationEnabled) continue;
|
|
if (options.persistUserIdSessions === user.id) continue; // do not logout the API caller
|
|
if (!user.username) continue; // if a user has no username set yet
|
|
|
|
await tokens.delByUserIdAndType(user.id, oidcClients.ID_WEBADMIN);
|
|
await oidcServer.revokeByUsername(user.username);
|
|
}
|
|
}
|
|
}
|
|
|
|
export default {
|
|
getProfileConfig,
|
|
setProfileConfig
|
|
};
|