<?php

namespace api\classes;

use api\classes\API;

require_once 'API.php';

class API_mfa extends API
{
    public function disableMFA()
    {
        # Users cannot, by default disable MFA of other users
        if ($this->getUserUuid() != $this->data['user_uuid']) {
            $this->checkPermissions('admin-access-admins-mfa', 'RW');
        }

        $query = "UPDATE vc_users SET user_two_factor_enabled = 0, user_two_factor_secret = NULL WHERE user_uuid = ?";
        $stmt = $this->prepareStatement($query);
        $stmt->bind_param("s", $this->data['user_uuid']);
        $this->executeStatement($stmt);

        $this->apiOutput(200, ['success' => 'mfa is disabled']);
    }

    public function enableMFA()
    {
        # Users cannot, create MFA of other users
        if ($this->getUserUuid() != $this->data['user_uuid']) {
            $this->apiOutput(401, ['error' => 'you are not allowed to enable mfa for others']);
        }

        $query = "UPDATE vc_users SET user_two_factor_enabled = 1, user_two_factor_secret = ? WHERE user_uuid = ?";
        $stmt = $this->prepareStatement($query);
        $stmt->bind_param("ss", $this->data['user_two_factor_secret'], $this->data['user_uuid']);
        $this->executeStatement($stmt);

        $this->apiOutput(200, ['success' => 'mfa is enabled']);
    }
}