Name
global.PwdVerifyGoogleAuthProcessor
Description
A verification processor extension that will check the validity of a Google Authenticator (OTP) code
Script
var PwdVerifyGoogleAuthProcessor = Class.create();
PwdVerifyGoogleAuthProcessor.prototype = {
category: 'password_reset.extension.verification_form_processor', // DO NOT REMOVE THIS LINE!
/**********
* Initialization stuff here...
**********/
initialize: function() {
},
/**********
* Process the verification form request, and return whether the user was successfully verified
*
* @param params.resetRequestId The sys-id of the current password-reset request (table: pwd_reset_request)
* @param params.userId The sys-id of the user trying to be verified (table: sys_user)
* @param params.verificationId The sys-id of the verification to be processed (table: pwd_verification)
* @param request The form request object. fields in the form can be accessed using: request.getParameter('<element-id>')
* @return boolean telling whether the user is successfully verified
**********/
processForm: function(params, request) {
return this.verify(params.resetRequestId, params.userId, params.verificationId, request);
},
/*********
* verify - returns true/false whether the user is verified for this verification method.
*
* This will compare the OTP code provided by the user to the one generated using their secret key on the server, and return true
* if there is a match (within a certain clock skew)
*
* Params:
* @enrolled_user_id
* @verification
* @request - the request object that was submitted by the user in the verification form
*********/
verify: function(reset_request_id, enrolled_user_id, verification, request) {
// If request is password reset request or a context
var requestExists = new SNC.PwdTrackingManager().requestExists(reset_request_id);
var requestId = reset_request_id;
var contextId = reset_request_id;
if (!requestExists)
requestId = '';
// If we already validated the code (e.g. in step 1 of the reset process) then return that result since we validate
// everything at the end, and the code could have expired causing a false negative
var reqVerGr = new GlideRecord('pwd_map_request_to_verification');
reqVerGr.addQuery('verification', verification);
reqVerGr.addQuery('context_id', contextId);
reqVerGr.query();
var recordExists = reqVerGr.next();
if (recordExists && reqVerGr.getValue('status') == 'verified')
return true;
var isValid = SNC.PwdMultifactorAuthUtilWrapper.isResponseValid(request.getParameter("sysparm_otp_code").trim(), enrolled_user_id);
var status = isValid ? 'verified' : 'not_verified';
var passwordResetUtil = new global.PasswordResetUtil();
passwordResetUtil.updateVerificationResult(enrolled_user_id, verification, contextId, status, requestId);
return isValid;
},
type: 'PwdVerifyGoogleAuthProcessor'
};
Sys ID
1e3f425287180300cfab6dd207cb0b5d