From bba85773519e972d036a933b1f054b6c76050c5f Mon Sep 17 00:00:00 2001
From: Drew Blessing <drew@gitlab.com>
Date: Tue, 26 Jul 2016 16:48:51 -0500
Subject: Add two factor recovery endpoint to internal API

---
 lib/api/internal.rb | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'lib')

diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index d8e9ac406c4..5b54c11ef62 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -101,6 +101,31 @@ module API
           {}
         end
       end
+
+      post '/two_factor_recovery_codes' do
+        status 200
+
+        key = Key.find(params[:key_id])
+        user = key.user
+
+        # Make sure this isn't a deploy key
+        unless key.type.nil?
+          return { success: false, message: 'Deploy keys cannot be used to retrieve recovery codes' }
+        end
+
+        unless user.present?
+          return { success: false, message: 'Could not find a user for the given key' }
+        end
+
+        unless user.two_factor_enabled?
+          return { success: false, message: 'Two-factor authentication is not enabled for this user' }
+        end
+
+        codes = user.generate_otp_backup_codes!
+        user.save!
+
+        { success: true, recovery_codes: codes }
+      end
     end
   end
 end
-- 
cgit v1.2.1