Public/2FA/Enable-DSUser2FA.ps1
function Enable-DSUser2FA { [CmdletBinding()] param ( [guid]$UserId #[?] 2fa method ) begin { Write-Verbose '[Enable-DSUser2FA] Beginning...' if ([string]::IsNullOrWhiteSpace($Global:DSSessionToken)) { throw 'Session does not seem authenticated, call New-DSSession.' } } process { # 1. Check if user exists $UserInfo = ($res = Get-DSUsers -candidUserId $UserId).isSuccess ? $res.Body.data : $(throw 'User could not be found.') # 2. Check if authenticator 2fa enabled on server $RequestParams = @{ Uri = "$Script:DSBaseURI/api/configuration/two-factor" Method = 'Get' } $2FAConfig = ($res = Invoke-DS @RequestParams).isSuccess ? $res.Body.data : $(throw 'Fail') # 3. Check if authenticator 2fa is avaiable (Only one supported at the moment) if ($2FAConfig.twoFactorAuthenticationAvailable -notcontains '1') { throw 'Can only enable authenticator type 2FA for the moment.' } $2FAUserInfo = @{ accountName = $UserInfo.userSecurity.name authenticationType = 1 isPreConfigured = $true; } | ConvertTo-Json $Safe2FAInfo = Protect-ResourceToHexString ($2FAUserInfo.ToString()) # 4. Save 2FA user info $RequestParams = @{ Uri = "$Script:DSBaseURI/api/security/twofactor/save" Method = 'Put' Body = (ConvertTo-Json @{ SafeTwoFactorInfoString = $Safe2FAInfo UserSecurityEntityID = $UserInfo.userSecurity.id }) } $res = Invoke-DS @RequestParams return $res } end { $res.isSuccess ? (Write-Verbose '[Enable-DSUser2FA] Completed successfully!') : (Write-Verbose '[Enable-DSUser2FA] Ended with errors...') } } |