github.com/greenpau/go-authcrunch@v1.1.4/pkg/authn/api_test_user_app_token_passcode.go

github.com/greenpau/go-authcrunch@v1.1.4/pkg/authn/api_test_user_app_token_passcode.go (about)

     1  // Copyright 2024 Paul Greenberg greenpau@outlook.com
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package authn
    16  
    17  import (
    18  	"context"
    19  	"net/http"
    20  	"time"
    21  
    22  	"github.com/greenpau/go-authcrunch/pkg/authn/enums/operator"
    23  	"github.com/greenpau/go-authcrunch/pkg/identity"
    24  	"github.com/greenpau/go-authcrunch/pkg/ids"
    25  	"github.com/greenpau/go-authcrunch/pkg/requests"
    26  	"github.com/greenpau/go-authcrunch/pkg/user"
    27  )
    28  
    29  // TestUserAppTokenPasscode tests app multi factor authenticator passcode.
    30  func (p *Portal) TestUserAppTokenPasscode(
    31  	ctx context.Context,
    32  	w http.ResponseWriter,
    33  	r *http.Request,
    34  	rr *requests.Request,
    35  	parsedUser *user.User,
    36  	resp map[string]interface{},
    37  	usr *user.User,
    38  	backend ids.IdentityStore,
    39  	bodyData map[string]interface{}) error {
    40  
    41  	var tokenPasscode string
    42  
    43  	// Extract data.
    44  	if v, exists := bodyData["id"]; exists {
    45  		switch keyID := v.(type) {
    46  		case string:
    47  			rr.MfaToken.ID = keyID
    48  		default:
    49  			resp["message"] = "Profile API did find key id in the request payload, but it is malformed"
    50  			return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
    51  		}
    52  	} else {
    53  		resp["message"] = "Profile API did not find key id in the request payload"
    54  		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
    55  	}
    56  
    57  	if v, exists := bodyData["passcode"]; exists {
    58  		switch exp := v.(type) {
    59  		case string:
    60  			tokenPasscode = exp
    61  		default:
    62  			resp["message"] = "Profile API did find key passcode in the request payload, but it is malformed"
    63  			return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
    64  		}
    65  	} else {
    66  		resp["message"] = "Profile API did not find key passcode in the request payload"
    67  		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
    68  	}
    69  
    70  	// Validate data.
    71  	if !tokenPasscodeRegexPattern.MatchString(tokenPasscode) {
    72  		resp["message"] = "Profile API found non-compliant token passcode value"
    73  		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
    74  	}
    75  
    76  	// Get MFA Token
    77  	if err := backend.Request(operator.GetMfaToken, rr); err != nil {
    78  		resp["message"] = "Profile API failed to get application authenticator"
    79  		return handleAPIProfileResponse(w, rr, http.StatusInternalServerError, resp)
    80  	}
    81  	appToken := rr.Response.Payload.(*identity.MfaToken)
    82  	respData := make(map[string]interface{})
    83  	if err := appToken.ValidateCodeWithTime(tokenPasscode, time.Now().Add(-time.Second*time.Duration(appToken.Period)).UTC()); err != nil {
    84  		respData["success"] = false
    85  	} else {
    86  		respData["success"] = true
    87  	}
    88  	resp["entry"] = respData
    89  	return handleAPIProfileResponse(w, rr, http.StatusOK, resp)
    90  }