wlan-cloud-ucentralsec/src/RESTAPI/RESTAPI_submfa_handler.cpp

//
// Created by stephane bourque on 2021-12-01.
//

#include "RESTAPI_submfa_handler.h"
#include "StorageService.h"
#include "SMSSender.h"

namespace OpenWifi {

    void RESTAPI_submfa_handler::DoGet() {
        SecurityObjects::UserInfo   User;

        if (StorageService()->GetUserById(UserInfo_.userinfo.Id,User)) {
            Poco::JSON::Object              Answer;
            SecurityObjects::SubMfaConfig   MFC;

            MFC.id = User.Id;
            if(User.userTypeProprietaryInfo.mfa.enabled) {
                if(User.userTypeProprietaryInfo.mfa.method == "sms") {
                    MFC.sms = User.userTypeProprietaryInfo.mobiles[0].number;
                } else if(User.userTypeProprietaryInfo.mfa.method == "email") {
                    MFC.email = User.email;
                }
            } else {
                MFC.type = "disabled";
            }
            MFC.to_json(Answer);
            return ReturnObject(Answer);
        }
        NotFound();
    }

    void RESTAPI_submfa_handler::DoPut() {

        std::cout << "DoPut..." << std::endl;

        auto Body = ParseStream();
        SecurityObjects::SubMfaConfig   MFC;

        if(!MFC.from_json(Body)) {
            return BadRequest(RESTAPI::Errors::InvalidJSONDocument);
        }

        if(MFC.type=="disabled") {
            SecurityObjects::UserInfo   User;
            StorageService()->GetUserById(UserInfo_.userinfo.Id,User);
            User.userTypeProprietaryInfo.mfa.enabled = false;
            StorageService()->UpdateUserInfo(UserInfo_.userinfo.email,UserInfo_.userinfo.Id,User);

            Poco::JSON::Object  Answer;
            MFC.to_json(Answer);
            return ReturnObject(Answer);
        } else if (MFC.type=="email") {
            SecurityObjects::UserInfo   User;

            StorageService()->GetUserById(UserInfo_.userinfo.Id,User);
            User.userTypeProprietaryInfo.mfa.enabled = true;
            User.userTypeProprietaryInfo.mfa.method = "email";
            StorageService()->UpdateUserInfo(UserInfo_.userinfo.email,UserInfo_.userinfo.Id,User);

            Poco::JSON::Object  Answer;
            MFC.to_json(Answer);
            return ReturnObject(Answer);
        } else if (MFC.type=="sms") {
            if(GetBoolParameter("startValidation",false)) {
                if(MFC.sms.empty()) {
                    return BadRequest("Missing phone number");
                }

                if(SMSSender()->StartValidation(MFC.sms, UserInfo_.userinfo.email)) {
                    return OK();
                } else {
                    return InternalError("SMS could not be sent. Verify the number or try again later.");
                }
            } else if(GetBoolParameter("completeValidation",false)) {
                auto ChallengeCode = GetParameter("challengeCode","");
                if(ChallengeCode.empty()) {
                    return BadRequest("Missing 'challengeCode'");
                }
                if(MFC.sms.empty()) {
                    return BadRequest("Missing phone number");
                }
                if(SMSSender()->CompleteValidation(MFC.sms, ChallengeCode, UserInfo_.userinfo.email)) {
                    SecurityObjects::UserInfo   User;

                    StorageService()->GetUserById(UserInfo_.userinfo.Id,User);
                    User.userTypeProprietaryInfo.mfa.method = "sms";
                    SecurityObjects::MobilePhoneNumber  PhoneNumber;
                    PhoneNumber.number = MFC.sms;
                    PhoneNumber.primary = true;
                    PhoneNumber.verified = true;
                    User.userTypeProprietaryInfo.mfa.enabled = true;
                    User.userTypeProprietaryInfo.mobiles.clear();
                    User.userTypeProprietaryInfo.mobiles.push_back(PhoneNumber);
                    StorageService()->UpdateUserInfo(UserInfo_.userinfo.email,UserInfo_.userinfo.Id,User);

                    Poco::JSON::Object  Answer;
                    MFC.to_json(Answer);
                    return ReturnObject(Answer);
                } else {
                    return InternalError("SMS could not be sent. Verify the number or try again later.");
                }
            }
        }
        return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
    }

}