@objectstack/service-settings 11.0.0 → 11.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +82 -0
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +82 -0
- package/dist/index.js.map +1 -1
- package/package.json +5 -5
package/dist/index.js
CHANGED
|
@@ -1305,6 +1305,17 @@ var manifest = {
|
|
|
1305
1305
|
description: "Block reusing this many previous passwords on change/reset. 0 disables the check.",
|
|
1306
1306
|
visible: "${data.email_password_enabled !== false}"
|
|
1307
1307
|
},
|
|
1308
|
+
{
|
|
1309
|
+
type: "number",
|
|
1310
|
+
key: "password_expiry_days",
|
|
1311
|
+
label: "Password expiry (days)",
|
|
1312
|
+
required: false,
|
|
1313
|
+
default: 0,
|
|
1314
|
+
min: 0,
|
|
1315
|
+
max: 3650,
|
|
1316
|
+
description: "Force a password change after this many days. 0 disables expiry. While expired, the user is blocked from data until they change their password.",
|
|
1317
|
+
visible: "${data.email_password_enabled !== false}"
|
|
1318
|
+
},
|
|
1308
1319
|
{
|
|
1309
1320
|
type: "group",
|
|
1310
1321
|
id: "anti_abuse",
|
|
@@ -1354,6 +1365,33 @@ var manifest = {
|
|
|
1354
1365
|
max: 3600,
|
|
1355
1366
|
description: "Sliding window over which the request cap above is counted."
|
|
1356
1367
|
},
|
|
1368
|
+
{
|
|
1369
|
+
type: "group",
|
|
1370
|
+
id: "multi_factor",
|
|
1371
|
+
label: "Multi-factor",
|
|
1372
|
+
required: false,
|
|
1373
|
+
description: "Require members to protect their account with an authenticator app (TOTP)."
|
|
1374
|
+
},
|
|
1375
|
+
{
|
|
1376
|
+
type: "toggle",
|
|
1377
|
+
key: "mfa_required",
|
|
1378
|
+
label: "Require multi-factor authentication",
|
|
1379
|
+
required: false,
|
|
1380
|
+
default: false,
|
|
1381
|
+
description: "Users without an authenticator enrolled are blocked from data once their grace period ends. Enabling this also turns on the two-factor feature so users can enroll.",
|
|
1382
|
+
visible: "${data.email_password_enabled !== false}"
|
|
1383
|
+
},
|
|
1384
|
+
{
|
|
1385
|
+
type: "number",
|
|
1386
|
+
key: "mfa_grace_period_days",
|
|
1387
|
+
label: "MFA grace period (days)",
|
|
1388
|
+
required: false,
|
|
1389
|
+
default: 7,
|
|
1390
|
+
min: 0,
|
|
1391
|
+
max: 90,
|
|
1392
|
+
description: "How long users may defer enrollment before the hard block. 0 blocks immediately.",
|
|
1393
|
+
visible: "${data.mfa_required === true}"
|
|
1394
|
+
},
|
|
1357
1395
|
{
|
|
1358
1396
|
type: "group",
|
|
1359
1397
|
id: "sessions",
|
|
@@ -1381,6 +1419,50 @@ var manifest = {
|
|
|
1381
1419
|
max: 90,
|
|
1382
1420
|
description: "An active session is extended when it is older than this."
|
|
1383
1421
|
},
|
|
1422
|
+
{
|
|
1423
|
+
type: "number",
|
|
1424
|
+
key: "session_idle_timeout_minutes",
|
|
1425
|
+
label: "Idle timeout (minutes)",
|
|
1426
|
+
required: false,
|
|
1427
|
+
default: 0,
|
|
1428
|
+
min: 0,
|
|
1429
|
+
max: 10080,
|
|
1430
|
+
description: "Sign a user out after this many minutes of inactivity. 0 disables."
|
|
1431
|
+
},
|
|
1432
|
+
{
|
|
1433
|
+
type: "number",
|
|
1434
|
+
key: "session_absolute_max_hours",
|
|
1435
|
+
label: "Absolute session lifetime (hours)",
|
|
1436
|
+
required: false,
|
|
1437
|
+
default: 0,
|
|
1438
|
+
min: 0,
|
|
1439
|
+
max: 8760,
|
|
1440
|
+
description: "Force re-authentication this many hours after sign-in, regardless of activity. 0 disables."
|
|
1441
|
+
},
|
|
1442
|
+
{
|
|
1443
|
+
type: "number",
|
|
1444
|
+
key: "max_concurrent_sessions_per_user",
|
|
1445
|
+
label: "Max concurrent sessions per user",
|
|
1446
|
+
required: false,
|
|
1447
|
+
default: 0,
|
|
1448
|
+
min: 0,
|
|
1449
|
+
max: 100,
|
|
1450
|
+
description: "Cap simultaneous signed-in sessions per user; the oldest are signed out past the cap. 0 = unlimited."
|
|
1451
|
+
},
|
|
1452
|
+
{
|
|
1453
|
+
type: "group",
|
|
1454
|
+
id: "network",
|
|
1455
|
+
label: "Network",
|
|
1456
|
+
required: false,
|
|
1457
|
+
description: "Restrict where users can authenticate from."
|
|
1458
|
+
},
|
|
1459
|
+
{
|
|
1460
|
+
type: "textarea",
|
|
1461
|
+
key: "allowed_ip_ranges",
|
|
1462
|
+
label: "Allowed IP ranges",
|
|
1463
|
+
required: false,
|
|
1464
|
+
description: "CIDR ranges or exact IPs (one per line, or comma-separated), e.g. 203.0.113.0/24. When set, sign-in from outside these ranges is rejected. Empty = no restriction. Requires a trusted proxy to set X-Forwarded-For."
|
|
1465
|
+
},
|
|
1384
1466
|
{
|
|
1385
1467
|
type: "group",
|
|
1386
1468
|
id: "social",
|