Project import generated by Copybara.
GitOrigin-RevId: 63746295f1a5ab5a619056791995793d65529e62
diff --git a/src/ajax/addpersontocompany.php b/src/ajax/addpersontocompany.php
new file mode 100644
index 0000000..fb5d3c3
--- /dev/null
+++ b/src/ajax/addpersontocompany.php
@@ -0,0 +1,19 @@
+<?php
+require_once(__DIR__."/../core.php");
+security::checkType(security::ADMIN, security::METHOD_NOTFOUND);
+
+if (!security::checkParams("POST", [
+ ["person", security::PARAM_NEMPTY],
+ ["company", security::PARAM_NEMPTY]
+])) {
+ api::error();
+}
+
+$person = (int)$_POST["person"];
+$company = (int)$_POST["company"];
+
+if (people::addToCompany($person, $company)) {
+ echo "OK\n";
+} else {
+ api::error();
+}
diff --git a/src/ajax/addsecuritykey.php b/src/ajax/addsecuritykey.php
new file mode 100644
index 0000000..9a98fd0
--- /dev/null
+++ b/src/ajax/addsecuritykey.php
@@ -0,0 +1,16 @@
+<?php
+require_once(__DIR__."/../core.php");
+security::checkType(security::WORKER, security::METHOD_NOTFOUND);
+secondFactor::checkAvailability();
+
+if ($_SERVER['REQUEST_METHOD'] !== "POST") {
+ api::error('This method should be called with POST.');
+}
+
+try {
+ $result = secondFactor::createRegistrationChallenge();
+} catch (Throwable $e) {
+ api::error('An unexpected error occurred: ' . $e->getMessage());
+}
+
+api::write($result);
diff --git a/src/ajax/addsecuritykey2.php b/src/ajax/addsecuritykey2.php
new file mode 100644
index 0000000..7818a11
--- /dev/null
+++ b/src/ajax/addsecuritykey2.php
@@ -0,0 +1,22 @@
+<?php
+require_once(__DIR__."/../core.php");
+security::checkType(security::WORKER, security::METHOD_NOTFOUND);
+secondFactor::checkAvailability();
+
+if ($_SERVER['REQUEST_METHOD'] !== "POST") {
+ api::error('This method should be called with POST.');
+}
+
+$input = api::inputJson();
+if ($input === false || !isset($input["clientDataJSON"]) || !isset($input["attestationObject"]) || !isset($input["name"])) api::error();
+$clientDataJSON = (string)$input["clientDataJSON"];
+$attestationObject = (string)$input["attestationObject"];
+$name = (string)$input["name"];
+
+try {
+ $result = secondFactor::completeRegistrationChallenge($clientDataJSON, $attestationObject, $name);
+} catch (Throwable $e) {
+ api::error('An unexpected error occurred: ' . $e->getMessage());
+}
+
+api::write($result);
diff --git a/src/ajax/completewebauthnauthentication.php b/src/ajax/completewebauthnauthentication.php
new file mode 100644
index 0000000..8996d42
--- /dev/null
+++ b/src/ajax/completewebauthnauthentication.php
@@ -0,0 +1,21 @@
+<?php
+require_once(__DIR__."/../core.php");
+
+if (!secondFactor::isAvailable() || security::userType() !== security::UNKNOWN || !isset($_SESSION["firstfactorid"]) || !secondFactor::isEnabled($_SESSION["firstfactorid"]) || !secondFactor::hasSecurityKeys($_SESSION["firstfactorid"]) || $_SERVER['REQUEST_METHOD'] !== "POST") {
+ api::error();
+}
+
+$input = api::inputJson();
+if ($input === false || !isset($input["id"]) || !isset($input["clientDataJSON"]) || !isset($input["authenticatorData"]) || !isset($input["signature"])) api::error();
+$id = (string)$input["id"];
+$clientDataJSON = (string)$input["clientDataJSON"];
+$authenticatorData = (string)$input["authenticatorData"];
+$signature = (string)$input["signature"];
+
+try {
+ $result = secondFactor::completeValidationChallenge($id, $clientDataJSON, $authenticatorData, $signature);
+} catch (Throwable $e) {
+ api::error($conf['debug'] ? $e->getMessage() : null);
+}
+
+api::write($result);
diff --git a/src/ajax/startwebauthnauthentication.php b/src/ajax/startwebauthnauthentication.php
new file mode 100644
index 0000000..7dd504e
--- /dev/null
+++ b/src/ajax/startwebauthnauthentication.php
@@ -0,0 +1,16 @@
+<?php
+require_once(__DIR__."/../core.php");
+
+if (!secondFactor::isAvailable() || security::userType() !== security::UNKNOWN || !isset($_SESSION["firstfactorid"]) || !secondFactor::isEnabled($_SESSION["firstfactorid"]) || !secondFactor::hasSecurityKeys($_SESSION["firstfactorid"]) || $_SERVER['REQUEST_METHOD'] !== "POST") {
+ api::error();
+}
+
+try {
+ $result = secondFactor::createValidationChallenge();
+} catch (Throwable $e) {
+ api::error($conf['debug'] ? $e->getMessage() : null);
+}
+
+if (isset($result->publicKey)) $result->publicKey->rpId = ($conf["secondFactor"]["origin"] ?? null);
+
+api::write($result);
diff --git a/src/ajax/verifysecuritycode.php b/src/ajax/verifysecuritycode.php
new file mode 100644
index 0000000..9e5899e
--- /dev/null
+++ b/src/ajax/verifysecuritycode.php
@@ -0,0 +1,17 @@
+<?php
+require_once(__DIR__."/../core.php");
+
+if (!secondFactor::isAvailable() || security::userType() !== security::UNKNOWN || !isset($_SESSION["firstfactorid"]) || !secondFactor::isEnabled($_SESSION["firstfactorid"])) {
+ api::error();
+}
+
+$input = api::inputJson();
+if ($input === false || !isset($input["code"])) api::error();
+
+$code = (string)$input["code"];
+
+if (secondFactor::completeCodeChallenge($code)) {
+ api::write(["status" => "ok"]);
+} else {
+ api::write(["status" => "wrongCode"]);
+}