mirror of
https://github.com/GSA/notifications-api.git
synced 2025-12-24 01:11:38 -05:00
00b0227007
with sms and email auth the api handles verifying logins in the `/<user_id>/verify/code` endpoint, when it checks the code is valid etc. The admin app has already done this for webauthn logins, but we still need an API endpoint so that we can set up the user's db entry to have a new logged in timestamp, a new session id (this is important for logging out other browser sessions), etc. Also, we need to be able to make sure that the user's max login count isn't exceeded. If it's exceeded, we shouldn't let them log in even with a valid webauthn check. This endpoint is a POST where the admin passes in a json dict with key "succesful" being True or False. True sets up the db stuff as mentioned. False just increments the failed login count.
68 lines
2.0 KiB
Python
68 lines
2.0 KiB
Python
post_verify_code_schema = {
|
|
'$schema': 'http://json-schema.org/draft-04/schema#',
|
|
'description': 'POST schema for verifying a 2fa code',
|
|
'type': 'object',
|
|
'properties': {
|
|
'code': {'type': 'string'},
|
|
'code_type': {'type': 'string'},
|
|
},
|
|
'required': ['code', 'code_type'],
|
|
'additionalProperties': False
|
|
}
|
|
|
|
|
|
post_verify_webauthn_schema = {
|
|
'$schema': 'http://json-schema.org/draft-04/schema#',
|
|
'description': 'POST schema for verifying a webauthn login attempt',
|
|
'type': 'object',
|
|
'properties': {
|
|
'successful': {'type': 'boolean'}
|
|
},
|
|
'required': ['successful'],
|
|
'additionalProperties': False
|
|
}
|
|
|
|
|
|
post_send_user_email_code_schema = {
|
|
'$schema': 'http://json-schema.org/draft-04/schema#',
|
|
'description': (
|
|
'POST schema for generating a 2fa email - "to" is required for legacy purposes. '
|
|
'"next" is an optional url to redirect to on sign in'
|
|
),
|
|
'type': 'object',
|
|
'properties': {
|
|
# doesn't need 'to' as we'll just grab user.email_address. but lets keep it
|
|
# as allowed to keep admin code cleaner, but only as null to prevent confusion
|
|
'to': {'type': 'null'},
|
|
'email_auth_link_host': {'type': ['string', 'null']},
|
|
'next': {'type': ['string', 'null']},
|
|
},
|
|
'required': [],
|
|
'additionalProperties': False
|
|
}
|
|
|
|
|
|
post_send_user_sms_code_schema = {
|
|
'$schema': 'http://json-schema.org/draft-04/schema#',
|
|
'description': 'POST schema for generating a 2fa sms',
|
|
'type': 'object',
|
|
'properties': {
|
|
'to': {'type': ['string', 'null']},
|
|
},
|
|
'required': [],
|
|
'additionalProperties': False
|
|
}
|
|
|
|
|
|
post_set_permissions_schema = {
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"description": "POST schema for setting user permissions",
|
|
"type": "object",
|
|
"properties": {
|
|
"permissions": {"type": "array", "items": {"type": "object"}},
|
|
"folder_permissions": {"type": "array", "items": {"type": "string"}}
|
|
},
|
|
"required": ["permissions"],
|
|
"additionalProperties": False
|
|
}
|