jkunz
e9eb9b4172
Enforce geofenced location evidence for passport challenges and extend admin alerting so mobile devices can review, dismiss, and act on real org and security events.
67 lines
1.6 KiB
TypeScript
67 lines
1.6 KiB
TypeScript
import * as plugins from '../plugins.js';
|
|
|
|
import type { PassportManager } from './classes.passportmanager.js';
|
|
|
|
@plugins.smartdata.Manager()
|
|
export class PassportChallenge extends plugins.smartdata.SmartDataDbDoc<
|
|
PassportChallenge,
|
|
plugins.idpInterfaces.data.IPassportChallenge,
|
|
PassportManager
|
|
> {
|
|
public static hashToken(tokenArg: string) {
|
|
return plugins.smarthash.sha256FromStringSync(tokenArg);
|
|
}
|
|
|
|
@plugins.smartdata.unI()
|
|
public id: string;
|
|
|
|
@plugins.smartdata.svDb()
|
|
public data: plugins.idpInterfaces.data.IPassportChallenge['data'] = {
|
|
userId: '',
|
|
deviceId: null,
|
|
type: 'device_enrollment',
|
|
status: 'pending',
|
|
tokenHash: null,
|
|
challenge: '',
|
|
metadata: {
|
|
originHost: undefined,
|
|
audience: undefined,
|
|
notificationTitle: undefined,
|
|
deviceLabel: undefined,
|
|
requireLocation: false,
|
|
requireNfc: false,
|
|
locationPolicy: undefined,
|
|
requestedCapabilities: undefined,
|
|
},
|
|
evidence: undefined,
|
|
notification: undefined,
|
|
createdAt: 0,
|
|
expiresAt: 0,
|
|
completedAt: null,
|
|
};
|
|
|
|
public isExpired(nowArg = Date.now()) {
|
|
return this.data.expiresAt < nowArg;
|
|
}
|
|
|
|
public async markApproved(
|
|
evidenceArg?: plugins.idpInterfaces.data.IPassportChallenge['data']['evidence']
|
|
) {
|
|
this.data.status = 'approved';
|
|
this.data.completedAt = Date.now();
|
|
this.data.evidence = evidenceArg;
|
|
await this.save();
|
|
}
|
|
|
|
public async markExpired() {
|
|
this.data.status = 'expired';
|
|
await this.save();
|
|
}
|
|
|
|
public async markRejected() {
|
|
this.data.status = 'rejected';
|
|
this.data.completedAt = Date.now();
|
|
await this.save();
|
|
}
|
|
}
|