From 39017fa3340629b93833a85a98da3c97f64ab8c5 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 5 May 2023 09:22:01 +0200
Subject: [PATCH] tfa: add functions to unlock totp and tfa

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
 proxmox-tfa/src/api/mod.rs | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/proxmox-tfa/src/api/mod.rs b/proxmox-tfa/src/api/mod.rs
index 0ad57b52..f9d7894c 100644
--- a/proxmox-tfa/src/api/mod.rs
+++ b/proxmox-tfa/src/api/mod.rs
@@ -143,7 +143,30 @@ fn check_webauthn<'a, 'config: 'a, 'origin: 'a>(
 }
 
 impl TfaConfig {
-    // Get a u2f registration challenge.
+    /// Unlock a user's 2nd factor authentication (including TOTP).
+    pub fn unlock_tfa(&mut self, userid: &str) -> Result<(), Error> {
+        match self.users.get_mut(userid) {
+            Some(user) => {
+                user.totp_locked = false;
+                user.tfa_locked_until = None;
+                Ok(())
+            }
+            None => bail!("no such challenge"),
+        }
+    }
+
+    /// Unlock a user's TOTP challenges.
+    pub fn unlock_totp(&mut self, userid: &str) -> Result<(), Error> {
+        match self.users.get_mut(userid) {
+            Some(user) => {
+                user.totp_locked = false;
+                Ok(())
+            }
+            None => bail!("no such challenge"),
+        }
+    }
+
+    /// Get a u2f registration challenge.
     pub fn u2f_registration_challenge<A: ?Sized + OpenUserChallengeData>(
         &mut self,
         access: &A,