rublon-ssh/PAM/ssh/include/rublon/method/OTP.hpp

#pragma once

#include <tl/expected.hpp>

#include <rublon/authentication_step_interface.hpp>
#include <rublon/pam.hpp>
#include <rublon/pam_action.hpp>

namespace rublon {
class Confirmation {};
}; // namespace rublon

namespace rublon::method {

template < typename PamInfo_t = LinuxPam >
class OTP : public rublon::AuthenticationStep< OTP< PamInfo_t > > {
  public:
    const char * uri  = "/api/transaction/confirmCode";
    const char * name = "One Time Password";

    std::string _systemToken;
    std::string _tid;
    const PamInfo_t & _pamInfo;

    OTP(std::string systemToken, std::string tid, const PamInfo_t & pam) : _systemToken{systemToken}, _tid{tid}, _pamInfo{pam} {}

    template < typename Hander_t >
    tl::expected< Confirmation, PamAction > handle(const CoreHandlerInterface< Hander_t > & coreHandler) const {
        log(Debug, "OTP fired");

        const auto passcode =
          _pamInfo.scan([](const char * userInput) { return std::string{userInput}; }, "Mobile TOTP from Rublon Authenticator:");

        char _buffer[1024];
        std::pmr::monotonic_buffer_resource mr{_buffer, 1024};

        RapidJSONPMRAlloc alloc{&mr};
        Document body{rapidjson::kObjectType, &alloc};

        body.AddMember("systemToken", Value{_systemToken.c_str(), alloc}, alloc);
        body.AddMember("tid", Value{_tid.c_str(), alloc}, alloc);
        body.AddMember("vericode", Value{passcode.value().c_str(), alloc}, alloc); /// TODO proper username

        auto coreResponse = coreHandler.request(uri, body);

        if(coreResponse.has_value()) {
            log(LogLevel::Info, "[TMP] has response, processing", __PRETTY_FUNCTION__);
            const auto & rublonResponse = coreResponse.value()["result"];
            std::string tid             = rublonResponse["tid"].GetString();
            return tl::unexpected{PamAction::accept};
        } else {
            // mostly connectio errors
            switch(coreResponse.error().errorClass) {
                case CoreHandlerError::ErrorClass::BadSigature:
                    log(LogLevel::Error, "ErrorClass::BadSigature");
                    return tl::unexpected{PamAction::decline};
                case CoreHandlerError::ErrorClass::CoreException: /// TODO exception handling
                    log(LogLevel::Error, "ErrorClass::CoreException");
                    return tl::unexpected{PamAction::decline}; /// TODO accept?
                case CoreHandlerError::ErrorClass::ConnectionError:
                    log(LogLevel::Error, "ErrorClass::ConnectionError");
                    return tl::unexpected{PamAction::decline}; /// TODO decline?
                case CoreHandlerError::ErrorClass::BrokenData:
                    log(LogLevel::Error, "ErrorClass::BrokenData");
                    return tl::unexpected{PamAction::decline};
            }
        }

        return tl::unexpected{PamAction::accept};
    }
};

} // namespace rublon::method