Name

global.PwdGoogleAuthenticator

Description

No description available

Script

var PwdGoogleAuthenticator = Class.create();
PwdGoogleAuthenticator.prototype = Object.extendsObject(GlideMultifactorAuthenticator, {
  PWD_GOOGLE_AUTH_ID: "6d26f82187400300cfab6dd207cb0b80",  // Google Auth Verification ID
  
  loadContent: function() {
  	var userId = this.getParameter("sysparm_userId").toString();
  	
  	if (!this._isAuthorized(userId))
  		return;
  	
  	var isEnabled = this.isUserEnabledPwdGoogleAuth(userId, true);
  	var ans = this.newItem("isEnabled");
  	ans.setAttribute("isEnabled", isEnabled);
  	
  	this.loadPopupContent();
  },
  
  resetMultifactorCode: function(){
  	var userId = this.getParameter("sysparm_userId").toString();
  	
  	if (!this._isAuthorized(userId))
  		return;
  	
  	this._updateEnrollmentRecord(userId, "0");
  	var isEnabled = this.isUserEnabledPwdGoogleAuth(userId, true);
  	var ans = this.newItem("isEnabled");
  	ans.setAttribute("isEnabled", isEnabled);
  	
  	this.resetCode();
  },
  
  validateEnrollmentResponse: function(){
  	var userId = this.getParameter("sysparm_userId").toString();
  	
  	if (!this._isAuthorized(userId))
  		return;
  	
  	var previouslyEnabled = this._isUserEnabledMFA(userId);
  	
  	var response = this.getParameter("sysparm_response").toString();
  	var valid = SNC.MultifactorAuthUtil.isResponseValid(response);
  	var result = this.newItem("result");
  	result.setAttribute("validated", valid);
  	if(valid) {
  		// Update pwd_enrollment as a flag of pwd google auth being enabled for the user
  		this._updateEnrollmentRecord(userId, '1');
  	}
  	
  	//calling validateResponse will enable the mfa flag if it was previously disabled
  	//for password reset we disable it again after validating the resposne
  	if(!previouslyEnabled){
  		var userGr = new GlideRecord("sys_user");
  		userGr.get(userId);
  		userGr.setValue("enable_multifactor_authn", false);
  		userGr.update();
  	}
  },
  
  disableGoogleAuth: function(){
  	var userId = this.getParameter("sysparm_userId").toString();
  	
  	if (!this._isAuthorized(userId))
  		return;
  	
  	// Disable google auth for pwd reset
  	this._updateEnrollmentRecord(userId, "2");
  	
  	// Clear all settings if user is not enabled for platform login MFA
  	if (!this._isUserEnabledMFA(userId))
  		this.disableMFA();

  	this.newItem("isEnabled").setAttribute("isEnabled", false);
  },
  
  enableGoogleAuth: function() {
  	var userId = this.getParameter("sysparm_userId").toString();
  	
  	if (!this._isAuthorized(userId))
  		return;
  	
  	// Enable google auth for pwd reset
  	this._updateEnrollmentRecord(userId, "0");
  	
  	this.loadContent();
  },
  
  isUserEnabledPwdGoogleAuth: function(userId, defaultVal) {
  	var gr = new GlideRecord('pwd_enrollment');
  	gr.addQuery('user', userId);
  	gr.addQuery('verification', this.PWD_GOOGLE_AUTH_ID);
  	gr.query();
  	if (gr.next()) {
  		return gr.getValue("status") != "2";  // NOT Inactive
  	}
  	
  	return defaultVal;
  },

  _updateEnrollmentRecord: function(userId, status) {
  	var gr = new GlideRecord('pwd_enrollment');
  	gr.addQuery('user', userId);
  	gr.addQuery('verification', this.PWD_GOOGLE_AUTH_ID);
  	gr.query();
  	if (gr.next())
  		new SNC.PwdEnrollmentManager().updateEnrollment(userId, this.PWD_GOOGLE_AUTH_ID, status);
  	else
  		new SNC.PwdEnrollmentManager().createEnrollment(userId, this.PWD_GOOGLE_AUTH_ID, status);
  		
  	new global.PwdEnrollSnapshotUtil().createOrUpdateEnrollmentSnapshot(this.PWD_GOOGLE_AUTH_ID, userId, status);
  },
  
  // If the user is enabled MFA for the platform login
  _isUserEnabledMFA: function(userId) {
  	var userGr = new GlideRecord("sys_user");
  	userGr.get(userId);
  	return userGr.getValue("enable_multifactor_authn") == "1";
  },
  
  _isAuthorized: function(userId) {
  	if (userId == gs.getUserID())
  		return true;
  	
  	this.setError("unauthorized");
  	return false;
  },
  
  type: 'PwdGoogleAuthenticator'
});

Sys ID

a0e81f820b000300572a6f3ef6673a12

Offical Documentation

Official Docs: