Create/Delete "Authy User" as needed when adding/removing an authy ke…

…y type.
mydnshost · Mar 10, 2019 · 9c3e8cf · 9c3e8cf
1 parent 84506a5
commit 9c3e8cf
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 8 deletions.
diff --git a/classes/twofactorkey.php b/classes/twofactorkey.php
@@ -28,6 +28,8 @@ public function __construct($db) {
 	}
 
 	public function setKey($value) {
+		global $config;
+
 		$type = $this->getType();
 
 		if ($value === TRUE) {
@@ -53,7 +55,11 @@ public function setKey($value) {
 
 		switch ($type) {
 			case "yubikeyotp":
-				if (self::canUseYubikey()) {
+				if (self::canUseYubikey() && $value) {
+					if (is_array($value)) {
+						if (!isset($value['secret'])) { throw new Exception('Missing "secret" in value array.'); }
+						$value = $value['secret'];
+					}
 					$response = $this->yubikey_getData($value);
 					if ($response['response']->success()) {
 						$value = $response['request']->getYubikeyId();
@@ -66,6 +72,44 @@ public function setKey($value) {
 
 				break;
 
+			case "authy":
+				if (self::canUseAuthy() && $value) {
+					if (is_array($value)) {
+						if (isset($value['authyid'])) {
+							$value = $value['authyid'];
+						} else {
+							if (!isset($value['email'])) { throw new Exception('Missing "email" in value array.'); }
+							if (!isset($value['countrycode'])) { throw new Exception('Missing "countrycode" in value array.'); }
+							if (!isset($value['phone'])) { throw new Exception('Missing "phone" in value array.'); }
+
+							// Create user.
+							$authy_api = new Authy\AuthyApi($config['twofactor']['authy']['apikey']);
+							$authy_user = $authy_api->registerUser($value['email'], $value['phone'], $value['countrycode']);
+
+							if ($authy_user->ok()) {
+								$value = $authy_user->id();
+
+							} else {
+								$errorData = [];
+								foreach ($authy_user->errors() as $field => $message) {
+									$errorData[] = $field . ': ' . $message;
+								}
+
+								throw new Exception('Error creating authy user. ' . implode('/', $errorData));
+							}
+						}
+
+					} else {
+						throw new Exception('Value must be an array to create data from.');
+					}
+
+
+				} else {
+					throw new Exception('Unknown key type: ' . $type);
+				}
+
+				break;
+
 			default:
 				break;
 		}
@@ -374,4 +418,13 @@ private function verify_authypush($message) {
 
 		return FALSE;
 	}
+
+	public function postDelete() {
+		global $config;
+
+		if ($this->getType() == 'authy' && self::canUseAuthy()) {
+			$authy_api = new Authy\AuthyApi($config['twofactor']['authy']['apikey']);
+			$authy_api->deleteUser($this->getKey());
+		}
+	}
 }
diff --git a/web/1.0/methods/useradmin.php b/web/1.0/methods/useradmin.php
@@ -514,10 +514,11 @@ protected function create2FAKey($user) {
 			try {
 				$key->setKey(TRUE);
 			} catch (TwoFactorKeyAutoValueException $e) {
-				if (isset($data['data']['secret'])) {
-					$key->setKey($data['data']['secret']);
-				} else {
-					$this->getContextKey('response')->sendError('Missing "secret" for create.');
+				try {
+					$data['data']['email'] = $user->getEmail();
+					$key->setKey($data['data']);
+				} catch (Exception $e) {
+					$this->getContextKey('response')->sendError($e->getMessage());
 				}
 			}
 
@@ -537,7 +538,7 @@ protected function update2FAKey($user, $key, $isCreate = false) {
 					$key->validate();
 				} catch (ValidationFailed $ex) {
 					if ($isCreate) {
-						$this->getContextKey('response')->sendError('Error creating key.', $ex->getMessage());
+						$this->getContextKey('response')->sendError('Error creating key: ', $ex->getMessage());
 					} else {
 						$this->getContextKey('response')->sendError('Error updating key: ' . $key->getKey(), $ex->getMessage());
 					}
@@ -558,9 +559,14 @@ protected function update2FAKey($user, $key, $isCreate = false) {
 
 				if (!$k['updated']) {
 					if ($isCreate) {
-						$this->getContextKey('response')->sendError('Error creating key.', $ex->getMessage());
+						$reason = $user->getLastError()[2];
+						if (preg_match('#.*Duplicate entry.*twofactorkeys_apikey_user.*#', $reason)) {
+							$this->getContextKey('response')->sendError('Error creating key', 'Identical key already exists...');
+						} else {
+							$this->getContextKey('response')->sendError('Error creating key.');
+						}
 					} else {
-						$this->getContextKey('response')->sendError('Error updating key: ' . $key->getKey(), $ex->getMessage());
+						$this->getContextKey('response')->sendError('Error updating key.');
 					}
 				} else {
 					$this->getContextKey('response')->data($k);