diff --git a/data/web/api/openapi.yaml b/data/web/api/openapi.yaml index cf54f6add..77c58b609 100644 --- a/data/web/api/openapi.yaml +++ b/data/web/api/openapi.yaml @@ -1072,6 +1072,7 @@ paths: password2: "*" quota: "3072" force_pw_update: "1" + force_tfa: "1" tls_enforce_in: "1" tls_enforce_out: "1" tags: ["tag1", "tag2"] @@ -1118,6 +1119,7 @@ paths: password2: atedismonsin quota: "3072" force_pw_update: "1" + force_tfa: "1" tls_enforce_in: "1" tls_enforce_out: "1" tags: ["tag1", "tag2"] @@ -1151,6 +1153,9 @@ paths: force_pw_update: description: forces the user to update its password on first login type: boolean + force_tfa: + description: force 2FA enrollment at login + type: boolean tls_enforce_in: description: force inbound email tls encryption type: boolean @@ -2510,7 +2515,7 @@ paths: description: >- Using this endpoint you can perform actions on quarantine items. It is possible to release emails from quarantine into to the inbox, or learn them as ham to improve Rspamd filtering. - You must provide the quarantine item IDs. You can get the IDs using the GET method. + You must provide the quarantine item IDs. You can get the IDs using the GET method. operationId: Edit mails in Quarantine requestBody: content: @@ -3414,6 +3419,7 @@ paths: - mailbox - active: "1" force_pw_update: "0" + force_tfa: "0" name: Full name password: "*" password2: "*" @@ -3464,6 +3470,7 @@ paths: attr: active: "1" force_pw_update: "0" + force_tfa: "0" name: Full name authsource: mailcow password: "" @@ -3487,6 +3494,9 @@ paths: force_pw_update: description: force user to change password on next login type: boolean + force_tfa: + description: force 2FA enrollment at login + type: boolean name: description: Full name of the mailbox user type: string @@ -4881,6 +4891,7 @@ paths: - active: "1" attributes: force_pw_update: "0" + force_tfa: "0" mailbox_format: "maildir:" quarantine_notification: never sogo_access: "1" @@ -5805,6 +5816,7 @@ paths: - active: "1" attributes: force_pw_update: "0" + force_tfa: "0" mailbox_format: "maildir:" quarantine_notification: never sogo_access: "1" diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php index adb330ea8..b6d683e1b 100644 --- a/data/web/inc/functions.mailbox.inc.php +++ b/data/web/inc/functions.mailbox.inc.php @@ -3828,6 +3828,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $attr["rl_frame"] = (!empty($_data['rl_frame'])) ? $_data['rl_frame'] : $is_now['rl_frame']; $attr["rl_value"] = (!empty($_data['rl_value'])) ? $_data['rl_value'] : $is_now['rl_value']; $attr["force_pw_update"] = isset($_data['force_pw_update']) ? intval($_data['force_pw_update']) : $is_now['force_pw_update']; + $attr["force_tfa"] = isset($_data['force_tfa']) ? intval($_data['force_tfa']) : $is_now['force_tfa']; $attr["sogo_access"] = isset($_data['sogo_access']) ? intval($_data['sogo_access']) : $is_now['sogo_access']; $attr["active"] = isset($_data['active']) ? intval($_data['active']) : $is_now['active']; $attr["tls_enforce_in"] = isset($_data['tls_enforce_in']) ? intval($_data['tls_enforce_in']) : $is_now['tls_enforce_in']; diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js index e8edb9940..0a0192798 100644 --- a/data/web/js/site/mailbox.js +++ b/data/web/js/site/mailbox.js @@ -424,6 +424,11 @@ $(document).ready(function() { } else { $('#force_pw_update').prop('checked', false); } + if (template.force_tfa == 1){ + $('#force_tfa').prop('checked', true); + } else { + $('#force_tfa').prop('checked', false); + } if (template.sogo_access == 1){ $('#sogo_access').prop('checked', true); } else { @@ -1242,6 +1247,7 @@ jQuery(function($){ item.attributes.eas_access = '' + (item.attributes.eas_access == 1 ? '1' : '0') + ''; item.attributes.dav_access = '' + (item.attributes.dav_access == 1 ? '1' : '0') + ''; item.attributes.sogo_access = '' + (item.attributes.sogo_access == 1 ? '1' : '0') + ''; + item.attributes.force_tfa = '' + (item.attributes.force_tfa == 1 ? '1' : '0') + ''; if (item.attributes.quarantine_notification === 'never') { item.attributes.quarantine_notification = lang.never; } else if (item.attributes.quarantine_notification === 'hourly') { @@ -1385,6 +1391,11 @@ jQuery(function($){ return 1==data?'':''; } }, + { + title: lang.force_tfa, + data: 'attributes.force_tfa', + defaultContent: '' + }, { title: lang_edit.ratelimit, data: 'attributes.ratelimit', diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json index e786bcbe5..d2412fbf7 100644 --- a/data/web/lang/lang.en-gb.json +++ b/data/web/lang/lang.en-gb.json @@ -929,6 +929,7 @@ "filters": "Filters", "fname": "Full name", "force_pw_update": "Force password update at next login", + "force_tfa": "TFA", "gal": "Global Address List", "goto_ham": "Learn as ham", "goto_spam": "Learn as spam", diff --git a/data/web/templates/edit/mailbox-templates.twig b/data/web/templates/edit/mailbox-templates.twig index ddc139586..8384fa053 100644 --- a/data/web/templates/edit/mailbox-templates.twig +++ b/data/web/templates/edit/mailbox-templates.twig @@ -8,6 +8,7 @@ + @@ -165,6 +166,14 @@ +
+
+
+ + {{ lang.tfa.force_tfa_info }} +
+
+
{% if not skip_sogo %}