From 2c38f2bd8cb8308e12dad196de62b137087f835a Mon Sep 17 00:00:00 2001 From: bbiggerr Date: Thu, 23 Jun 2022 13:02:41 -0400 Subject: [PATCH 1/5] Add Security Questions endpoints --- openapi.yaml | 144 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 144 insertions(+) diff --git a/openapi.yaml b/openapi.yaml index 11cfdc03e..cb61f7871 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -17256,6 +17256,93 @@ paths: - lang: CLI source: > linode-cli profile device-revoke 123 + /profile/security-questions: + x-linode-cli-command: security-questions + get: + x-linode-grant: read_only + tags: + - Profile + summary: Security Questions List + description: > + Returns a collection of security questions and their responses, if any, for your User Profile. + operationId: getSecurityQuestions + x-linode-cli-action: list + security: + - personalAccessToken: [] + - oauth: + - account:read_only + responses: + '200': + description: Returns a list of security questions. + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityQuestionsGet' + default: + $ref: '#/components/responses/ErrorResponse' + x-code-samples: + - lang: Shell + source: > + curl -H "Content-Type: application/json" \ + -H "Authorization: Bearer $TOKEN" \ + https://api.linode.com/v4/profile/security-questions + - lang: CLI + source: > + linode-cli security-questions list + post: + tags: + - Profile + summary: Security Questions Answer + description: | + Adds security question responses for your User Profile. + + Requires exactly three unique questions. + + Previous responses are overwritten if answered or reset to `null` if unanswered. + operationId: postSecurityQuestions + x-linode-cli-action: answer + x-linode-cli-skip: true + security: + - personalAccessToken: [] + - oauth: + - account:read_write + requestBody: + description: Answer Security Questions + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityQuestionsPost' + responses: + '200': + description: Security Questions answered successfully. + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityQuestionsPost' + default: + $ref: '#/components/responses/ErrorResponse' + x-code-samples: + - lang: Shell + source: > + curl -H "Content-Type: application/json" \ + -H "Authorization: Bearer $TOKEN" \ + -X POST -d '{ + "security_questions": [ + { + "question_id": 1, + "response": "Gotham City" + }, + { + "question_id": 2, + "response": "Gotham City" + }, + { + "question_id": 11, + "response": "Gotham City" + } + ] + }' \ + https://api.linode.com/v4/profile/security-questions /profile/sshkeys: x-linode-cli-command: sshkeys get: @@ -25992,6 +26079,63 @@ components: The last IP Address to successfully authenticate with this TrustedDevice. example: 12.34.56.78 readOnly: true + SecurityQuestion: + type: object + description: Single security question and response object. + properties: + id: + type: integer + readOnly: true + description: The ID representing the security question. + example: 1 + question: + type: string + readOnly: true + description: The security question. + example: "In what city were you born?" + question_id: + type: integer + description: The ID representing the security question. + example: 1 + response: + type: string + minLength: 3 + maxLength: 17 + description: | + The security question response. + example: "Gotham City" + SecurityQuestionsGet: + type: object + description: Security questions and responses object for GET operation. + properties: + security_questions: + type: array + items: + type: object + description: Single security question and response object for GET operation. + properties: + id: + $ref: '#/components/schemas/SecurityQuestion/properties/id' + question: + $ref: '#/components/schemas/SecurityQuestion/properties/question' + response: + $ref: '#/components/schemas/SecurityQuestion/properties/response' + SecurityQuestionsPost: + type: object + description: Security questions and responses object for POST operation. + properties: + security_questions: + type: array + items: + type: object + description: Single security question and response object for POST operation. + properties: + question_id: + $ref: '#/components/schemas/SecurityQuestion/properties/question_id' + response: + $ref: '#/components/schemas/SecurityQuestion/properties/response' + security_question: + $ref: '#/components/schemas/SecurityQuestion/properties/question' ServiceTransfer: type: object description: > From 806992dbe7152deadcdd0170c93cca99fce73f38 Mon Sep 17 00:00:00 2001 From: bbiggerr Date: Fri, 24 Jun 2022 10:49:58 -0400 Subject: [PATCH 2/5] Add TFA security questions requirements --- openapi.yaml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/openapi.yaml b/openapi.yaml index cb61f7871..10b4d3e08 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -16730,12 +16730,12 @@ paths: tags: - Profile summary: Two Factor Secret Create - description: > - Generates a Two Factor secret for your User. TFA will - not be enabled until you have successfully confirmed the code you - were given with [tfa-enable-confirm](/docs/api/profile/#two-factor-secret-create) (see below). - Once enabled, logins from untrusted computers will be required to provide + description: | + Generates a Two Factor secret for your User. To enable TFA for your User, enter the secret obtained from this command with the **Two Factor Authentication Confirm/Enable** ([POST /profile/tfa-enable-confirm](/docs/api/profile/#two-factor-authentication-confirmenable)) command. + Once enabled, logins from untrusted computers are required to provide a TFA code before they are successful. + + **Note**: Before you can enable TFA, security questions must be answered for your User by accessing the **Security Questions Answer** ([POST /profile/security-questions](/docs/api/profile/#security-questions-answer)) command. operationId: tfaEnable x-linode-cli-action: tfa-enable security: @@ -17294,11 +17294,13 @@ paths: - Profile summary: Security Questions Answer description: | - Adds security question responses for your User Profile. + Adds security question responses for your User. Requires exactly three unique questions. Previous responses are overwritten if answered or reset to `null` if unanswered. + + **Note**: Security questions must be answered for your User prior to accessing the **Two Factor Secret Create** ([POST /profile/tfa-enable](/docs/api/profile/#two-factor-secret-create)) command. operationId: postSecurityQuestions x-linode-cli-action: answer x-linode-cli-skip: true From 41ebfd6696a069c5720a718bb98d20ac39648798 Mon Sep 17 00:00:00 2001 From: bbiggerr Date: Fri, 24 Jun 2022 13:08:04 -0400 Subject: [PATCH 3/5] Fix security questions list cli output --- openapi.yaml | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/openapi.yaml b/openapi.yaml index 10b4d3e08..f2a38d04e 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -17260,6 +17260,8 @@ paths: x-linode-cli-command: security-questions get: x-linode-grant: read_only + servers: + - url: https://api.linode.com/v4 tags: - Profile summary: Security Questions List @@ -17276,6 +17278,16 @@ paths: description: Returns a list of security questions. content: application/json: + x-linode-cli-nested-list: security_questions + x-linode-cli-use-schema: + type: object + properties: + security_questions.id: + x-linode-cli-display: 1 + security_questions.question: + x-linode-cli-display: 2 + security_questions.response: + x-linode-cli-display: 3 schema: $ref: '#/components/schemas/SecurityQuestionsGet' default: @@ -17332,15 +17344,15 @@ paths: "security_questions": [ { "question_id": 1, - "response": "Gotham City" + "response": "secret answer 1" }, { "question_id": 2, - "response": "Gotham City" + "response": "secret answer 2" }, { "question_id": 11, - "response": "Gotham City" + "response": "secret answer 3" } ] }' \ From e6937bd53763ee65c57a15edc2d421c29949958a Mon Sep 17 00:00:00 2001 From: bbiggerr Date: Fri, 24 Jun 2022 13:46:16 -0400 Subject: [PATCH 4/5] Remove question_id from SecurityQuestion --- openapi.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/openapi.yaml b/openapi.yaml index f2a38d04e..81251138e 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -26107,10 +26107,6 @@ components: readOnly: true description: The security question. example: "In what city were you born?" - question_id: - type: integer - description: The ID representing the security question. - example: 1 response: type: string minLength: 3 @@ -26145,7 +26141,7 @@ components: description: Single security question and response object for POST operation. properties: question_id: - $ref: '#/components/schemas/SecurityQuestion/properties/question_id' + $ref: '#/components/schemas/SecurityQuestion/properties/id' response: $ref: '#/components/schemas/SecurityQuestion/properties/response' security_question: From c6b253bcb285ffc7fb6a9d4f068d079124d2b352 Mon Sep 17 00:00:00 2001 From: bbiggerr Date: Fri, 24 Jun 2022 14:05:28 -0400 Subject: [PATCH 5/5] Remove readOnly for SecurityQuestion.id --- openapi.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/openapi.yaml b/openapi.yaml index 81251138e..116b01b7e 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -26099,7 +26099,6 @@ components: properties: id: type: integer - readOnly: true description: The ID representing the security question. example: 1 question: