ENG-3584: Missing mfa enrollment endpoint in nepal (#18)

* ENG-3297: Aims missing endpoints in nepal * ENG-3124: Adding missing field to nepal library * ENG-3124: Mising mfa enrollment
alertlogic · May 15, 2020 · fb4c461 · fb4c461
1 parent e6913c8
commit fb4c461
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 1 deletion.
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@al/core",
-  "version": "1.0.15",
+  "version": "1.0.16",
   "description": "Nepal Core",
   "main": "./dist/index.cjs.js",
   "types": "./dist/index.d.ts",

diff --git a/src/aims-client/aims-client.ts b/src/aims-client/aims-client.ts
@@ -21,6 +21,7 @@ import {
     AIMSTopology,
     AIMSUser,
     AIMSUserDetails,
+    AIMSEnrollURI,
 } from './types';
 
 export class AIMSClientInstance {
@@ -545,6 +546,34 @@ export class AIMSClientInstance {
     return mfa;
   }
 
+  /**
+   * Enroll an MFA device for a user (when no AIMS token available).
+   * POST
+   * /aims/v1/user/mfa/enroll
+   *  "https://api.cloudinsight.alertlogic.com/aims/v1/user/mfa/enroll" \
+   * -H "Content-Type: application/json" \
+   * -d @- << EOF
+   * {
+   *    "mfa_uri": "otpauth://totp/Alert%20Logic:admin@company.com?secret=GFZSA5CINFJSA4ZTNNZDG5BAKM2EMMZ7&issuer=Alert%20Logic&algorithm=SHA1"
+   *    "mfa_codes": ["123456", "456789"],
+   *    "password" : "password",
+   *    "email" : "[email protected]"
+   * }
+   * EOF
+   */
+  async enrollMFAWithoutAIMSToken(uri:AIMSEnrollURI, codes:string[], email:string, password:string ) {
+    return this.client.post({
+      service_name: this.serviceName,
+      path: '/user/mfa/enroll',
+      data: {
+        mfa_uri: uri.toString(),
+        email: email,
+        password: password,
+        mfa_codes: codes
+      }
+    });
+  }
+
   /**
    * Remove a user's MFA device
    * DELETE

diff --git a/src/aims-client/types/types.ts b/src/aims-client/types/types.ts
@@ -57,6 +57,24 @@ export interface AIMSUserDetails {
     notifications_only?:boolean;
 }
 
+export class AIMSEnrollURI
+{
+    type:string = 'totp';
+    issuer:string = "Alert Logic";
+    algorithm:string = "SHA1";
+    email:string;
+    secret:string;
+
+    constructor( email:string, secret:string ) {
+        this.email = email;
+        this.secret = secret;
+    }
+
+    public toString():string {
+        return `otpauth://${this.type}/Alert%20Logic:${this.email}?secret=${encodeURIComponent(this.secret)}&issuer=${encodeURIComponent(this.issuer)}&algorithm=${this.algorithm}`;
+    }
+}
+
 export interface AIMSRole {
     id: string;
     account_id: string;