Merge branch 'master' of https://github.com/mitre/heimdall2

mitre · Oct 29, 2021 · a624fef · a624fef
2 parents ebe0bb5 + 812daef
commit a624fef
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/apps/backend/.env-example b/apps/backend/.env-example
@@ -13,6 +13,7 @@ HEIMDALL_HEADLESS_TESTS=<run integration tests in a headless browser (defaults t
 ADMIN_PASSWORD=<Password for admin user (if nothing is provided, defaults to a randomly generated password)>
 EXTERNAL_URL=<The external URL for your Heimdall deployment, for example https://heimdall.mitre.org>
 REGISTRATION_DISABLED=<If public user registration should be allowed, if not then only the administrator user can create users (defaults to false)>
+ONE_SESSION_PER_USER=<If users are only allowed to be logged in on one browser, (defaults to false)>
 CLASSIFICATION_BANNER_TEXT=<If a sensitivity classification banner should be shown to users, for example FOUO (if nothing is provided, no banner is shown)>
 CLASSIFICATION_BANNER_TEXT_COLOR=<The color of the text on the sensitivity classification banner, if enabled (defaults to white)>
 CLASSIFICATION_BANNER_COLOR=<The color of the sensitivity classification banner, if enabled (defaults to red)>

diff --git a/apps/backend/src/authn/authn.service.ts b/apps/backend/src/authn/authn.service.ts
@@ -138,7 +138,10 @@ export class AuthnService {
     };
     // Users have their own JWT Secret to allow for session invalidation on sign out
     const loginUser = await this.usersService.findById(user.id);
-    if (!loginUser.jwtSecret) {
+    if (
+      !loginUser.jwtSecret ||
+      this.configService.get('ONE_SESSION_PER_USER')?.toLowerCase() === 'true'
+    ) {
       this.usersService.updateUserSecret(loginUser);
     }
     if (payload.forcePasswordChange || user.role === 'admin') {