@cubist-labs/cubesigner-sdk 0.3.1 → 0.3.8

package/src/mfa.ts

@@ -4,6 +4,7 @@ import {
   ApiAddFidoChallenge,
   ApiMfaFidoChallenge,
   MfaRequestInfo,
+  MfaVote,
   PublicKeyCredential,
   TotpInfo,
 } from "./schema_types";
@@ -159,10 +160,12 @@ export class MfaFidoChallenge {
   /**
    * Answers this challenge by using the `CredentialsContainer` API to get a credential
    * based on the the public key credential request options from this challenge.
+   *
+   * @param {MfaVote} vote Approve or reject the MFA request. Defaults to "approve".
    */
-  async createCredentialAndAnswer(): Promise<MfaRequestInfo> {
+  async createCredentialAndAnswer(vote?: MfaVote): Promise<MfaRequestInfo> {
     const cred = await navigator.credentials.get({ publicKey: this.options });
-    return await this.answer(cred);
+    return await this.answer(cred, vote);
   }
 
   /**
@@ -175,8 +178,9 @@ export class MfaFidoChallenge {
    *
    * @param {any} cred Credential created by calling the `CredentialContainer`'s `get` method
    *                   based on the public key credential request options from this challenge.
+   * @param {MfaVote} vote Approve or reject. Defaults to "approve".
    */
-  async answer(cred: any): Promise<MfaRequestInfo> {
+  async answer(cred: any, vote: MfaVote = "approve"): Promise<MfaRequestInfo> {
     const answer = <PublicKeyCredential>{
       id: cred.id,
       response: {
@@ -185,6 +189,6 @@ export class MfaFidoChallenge {
         signature: encodeToBase64Url(cred.response.signature),
       },
     };
-    return await this.#api.mfaApproveFidoComplete(this.mfaId, this.challengeId, answer);
+    return await this.#api.mfaVoteFidoComplete(this.mfaId, vote, this.challengeId, answer);
   }
 }

package/src/response.ts

@@ -1,4 +1,4 @@
-import { CubeSignerClient, SignerSession } from ".";
+import { CubeSignerClient, MfaVote, SignerSession } from ".";
 import { MfaReceipt } from "./mfa";
 import { AcceptedResponse, NewSessionResponse } from "./schema_types";
 
@@ -90,13 +90,39 @@ export class CubeSignerResponse<U> {
    * @return {CubeSignerResponse<U>} The result of signing with the approval
    */
   async approveTotp(session: SignerSession, code: string): Promise<CubeSignerResponse<U>> {
+    return await this.#mfaVoteTotp(session, code, "approve");
+  }
+
+  /**
+   * Reject the MFA request using a given session and a TOTP code.
+   *
+   * @param {SignerSession} session Signer session to use
+   * @param {string} code 6-digit TOTP code
+   */
+  async rejectTotp(session: SignerSession, code: string) {
+    await this.#mfaVoteTotp(session, code, "reject");
+  }
+
+  /**
+   * Approve or reject an MFA request using a given session and a TOTP code.
+   *
+   * @param {SignerSession} session Signer session to use
+   * @param {string} code 6-digit TOTP code
+   * @param {MfaVote} vote Approve or reject
+   * @return {CubeSignerResponse<U>} The result of signing with the approval
+   */
+  async #mfaVoteTotp(
+    session: SignerSession,
+    code: string,
+    vote: MfaVote,
+  ): Promise<CubeSignerResponse<U>> {
     if (!this.requiresMfa()) {
       return this;
     }
 
     const mfaId = this.mfaId();
     const mfaOrgId = this.#mfaRequired!.org_id;
-    const mfaApproval = await session.mfaApproveTotp(mfaId, code);
+    const mfaApproval = await session.mfaVoteTotp(mfaId, code, vote);
     const mfaConf = mfaApproval.receipt?.confirmation;
 
     if (!mfaConf) {
@@ -107,12 +133,32 @@ export class CubeSignerResponse<U> {
   }
 
   /**
-   * Approve the MFA request using a given `CubeSignerClient` instance (i.e., its session).
+   * Approve the MFA request using a given {@link CubeSignerClient} instance (i.e., its session).
    *
    * @param {CubeSignerClient} cs CubeSigner whose session to use
    * @return {CubeSignerResponse<U>} The result of signing with the approval
    */
   async approve(cs: CubeSignerClient): Promise<CubeSignerResponse<U>> {
+    return await this.#mfaVoteCs(cs, "approve");
+  }
+
+  /**
+   * Reject the MFA request using a given {@link CubeSignerClient} instance (i.e., its session).
+   *
+   * @param {CubeSignerClient} cs CubeSigner client whose session to use
+   */
+  async reject(cs: CubeSignerClient) {
+    await this.#mfaVoteCs(cs, "reject");
+  }
+
+  /**
+   * Approve or reject an MFA request using a given {@link CubeSignerClient} instance (i.e., its session).
+   *
+   * @param {CubeSignerClient} cs CubeSigner whose session to use
+   * @param {MfaVote} mfaVote Approve or reject
+   * @return {CubeSignerResponse<U>} The result of signing with the approval
+   */
+  async #mfaVoteCs(cs: CubeSignerClient, mfaVote: MfaVote): Promise<CubeSignerResponse<U>> {
     if (!this.requiresMfa()) {
       return this;
     }
@@ -120,7 +166,7 @@ export class CubeSignerResponse<U> {
     const mfaId = this.#mfaRequired!.id;
     const mfaOrgId = this.#mfaRequired!.org_id;
 
-    const mfaApproval = await cs.mfaApprove(mfaId);
+    const mfaApproval = await cs.mfaVoteCs(mfaId, mfaVote);
     const mfaConf = mfaApproval.receipt?.confirmation;
 
     if (!mfaConf) {

package/src/role.ts

@@ -278,6 +278,15 @@ export class Role {
     await this.#csc.roleUserAdd(this.id, userId);
   }
 
+  /**
+   * Remove an existing user from an existing role.
+   *
+   * @param {string} userId The user-id of the user to remove from the role.
+   */
+  async removeUser(userId: string) {
+    await this.#csc.roleUserRemove(this.id, userId);
+  }
+
   /**
    * The list of keys in the role.
    * @example [