Add admin panel option to enforce MFA

2023-12-11 16:40:05 +01:00 · 2023-12-11 16:40:05 +01:00 · ac090767ca
parent 542111843a
commit ac090767ca
3 changed files with 30 additions and 0 deletions
--- a/lib/commands/admin-rpc.js
+++ b/lib/commands/admin-rpc.js
@ -495,6 +495,7 @@ var instanceStatus = function (Env, Server, cb) {
        instanceJurisdiction: Env.instanceJurisdiction,
        instanceName: Env.instanceName,
        instanceNotice: Env.instanceNotice,
+        enforceMFA: Env.enforceMFA,
    });
 };

--- a/lib/decrees.js
+++ b/lib/decrees.js
@ -107,6 +107,9 @@ var makeBooleanSetter = function (attr) {
 // CryptPad_AsyncStore.rpc.send('ADMIN', [ 'ADMIN_DECREE', ['DISABLE_EMBEDDING', [true]]], console.log)
 commands.ENABLE_EMBEDDING = makeBooleanSetter('enableEmbedding');

+// CryptPad_AsyncStore.rpc.send('ADMIN', [ 'ADMIN_DECREE', ['ENFORCE_MFA', [true]]], console.log)
+commands.ENFORCE_MFA = makeBooleanSetter('enforceMFA');
+
 // CryptPad_AsyncStore.rpc.send('ADMIN', [ 'ADMIN_DECREE', ['RESTRICT_REGISTRATION', [true]]], console.log)
 commands.RESTRICT_REGISTRATION = makeBooleanSetter('restrictRegistration');

--- a/www/admin/inner.js
+++ b/www/admin/inner.js
@ -63,6 +63,7 @@ define([
            'cp-admin-update-limit',
            'cp-admin-registration',
            'cp-admin-enableembeds',
+            'cp-admin-forcemfa',
            'cp-admin-email',

            'cp-admin-instance-info-notice',
@ -1527,6 +1528,31 @@ Example
        },
    });

+    // Msg.admin_forcemfaHint, .admin_forcemfaTitle
+    Messages.admin_forcemfaTitle = "Enforce MFA on this instance"; // XXX
+    Messages.admin_forcemfaHint = "All CryptPad users will be asked to set up a multi-factor authenticator (TOTP) to log in to their account."; // XXX
+    create['forcemfa'] = makeAdminCheckbox({
+        key: 'forcemfa',
+        getState: function () {
+            return APP.instanceStatus.enforceMFA;
+        },
+        query: function (val, setState) {
+            sFrameChan.query('Q_ADMIN_RPC', {
+                cmd: 'ADMIN_DECREE',
+                data: ['ENFORCE_MFA', [val]]
+            }, function (e, response) {
+                if (e || response.error) {
+                    UI.warn(Messages.error);
+                    console.error(e, response);
+                }
+                APP.updateStatus(function () {
+                    setState(APP.instanceStatus.enforceMFA);
+                    flushCacheNotice();
+                });
+            });
+        },
+    });
+
    create['email'] = function () {
        var key = 'email';
        var $div = makeBlock(key, true); // Msg.admin_emailHint, Msg.admin_emailTitle