Co 2636 better handling of deleting privacy idea authenticators (#586)

* continue delete and provide flash message when Privacy Idea token not found in database * remove debugging statements * check pointers with isset() before using, and fix typos * remove unnecessary result check --------- Co-authored-by: Shayna Atkinson <[email protected]>
Internet2 · Mar 1, 2024 · 39f988d · 39f988d
1 parent e9b5f9b
commit 39f988d
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 8 deletions.
diff --git a/app/AvailablePlugin/PrivacyIdeaAuthenticator/Controller/TotpTokensController.php b/app/AvailablePlugin/PrivacyIdeaAuthenticator/Controller/TotpTokensController.php
@@ -161,8 +161,13 @@ function checkDeleteDependencies($curdata) {
       throw new InvalidArgumentException(_txt('er.notprov.id', array(_txt('pl.privacyideaauthenticator.fd.serial'))));
     }
 
-    $this->PrivacyIdea->deleteToken($this->viewVars['vv_authenticator']['PrivacyIdeaAuthenticator'],
-                                    $curdata['TotpToken']['serial']);
+    $return_response = $this->PrivacyIdea->deleteToken($this->viewVars['vv_authenticator']['PrivacyIdeaAuthenticator'],
+	    $curdata['TotpToken']['serial']);
+
+    // error code 601 indicates the token was not found in the Privacy Idea database. We want to continue on and delete it in Registry, however.
+    if(isset($return_response->result->error->code) && $return_response->result->error->code == 601) {
+      $this->Flash->set(_txt('pl.privacyideaauthenticator.token.deletednoprivacyidea'), array('key' => 'information'));
+    }
 
     return true;
   }

diff --git a/app/AvailablePlugin/PrivacyIdeaAuthenticator/Lib/lang.php b/app/AvailablePlugin/PrivacyIdeaAuthenticator/Lib/lang.php
@@ -65,6 +65,7 @@
   'pl.privacyideaauthenticator.fd.validation_server' => 'Validation API Server',
   'pl.privacyideaauthenticator.status'               => '%1$s token(s) registered, %2$s confirmed',
   'pl.privacyideaauthenticator.token.confirmed'      => 'Token Confirmed',
+  'pl.privacyideaauthenticator.token.deletednoprivacyidea' => 'Token deleted in Registry, but was not found in the Privacy Idea database',
   'pl.privacyideaauthenticator.totp.step1'           => 'First, scan the QR Code to add this token to Google Authenticator',
   'pl.privacyideaauthenticator.totp.step2'           => 'Then, enter the current code from the Google Authenticator app to confirm'
 );
diff --git a/app/AvailablePlugin/PrivacyIdeaAuthenticator/Model/PrivacyIdea.php b/app/AvailablePlugin/PrivacyIdeaAuthenticator/Model/PrivacyIdea.php
@@ -206,7 +206,7 @@ public function createToken($privacyIdeaAuthenticator, $coPersonId) {
    * @since  COmanage Registry v4.0.0
    * @param  PrivacyIdeaAuthenticator $privacyIdeaAuthenticator PrivacyIdeaAuthenticator
    * @param  string                   $serial                   privacyIDEA Serial
-   * @return boolean                                            true on success
+   * @return stdClass Object                   			JSON decoded response from HTTP call                       
    * @throws InvalidArgumentException
    */
 
@@ -218,13 +218,16 @@ public function deleteToken($privacyIdeaAuthenticator, $serial) {
     $response = $Http->delete("/token/" . $serial, array(), $this->requestCfg);
 
     $jresponse = json_decode($response);
-    
+
     // Success = HTTP 204, failure = HTTP 400, or look at result->status
-    if(!$jresponse->result->status) {
-      throw new InvalidArgumentException($jresponse->result->error->message);
+    if(!isset($jresponse->result->status) || !$jresponse->result->status) {
+      // error code 601 indicates Token was not found in Privacy Idea database, so we want to continue deleting but return that information
+      if(isset($jresponse->result->error->code) && $jresponse->result->error->code != 601) {
+        throw new InvalidArgumentException($jresponse->result->error->message);
+      }
     }
-    
-    return true;
+
+    return $jresponse;
   }
 
   /**