bepsoccer · bepsoccer · Jun 28, 2024 · Jun 28, 2024 · Jun 28, 2024
diff --git a/verkadaModule/Public/Connect-Verkada.ps1 b/verkadaModule/Public/Connect-Verkada.ps1
@@ -13,18 +13,22 @@ function Connect-Verkada
 		.EXAMPLE
 		Connect-Verkada '7cd47706-f51b-4419-8675-3b9f0ce7c12d' 'myapiKey-dcwdskjnlnlkj'
 		This will store the org_id 7cd47706-f51b-4419-8675-3b9f0ce7c12d with the public API key myapiKey-dcwdskjnlnlkj.
+
+		.EXAMPLE
+		Connect-Verkada '7cd47706-f51b-4419-8675-3b9f0ce7c12d' -userName "[email protected]" -otp (Get-Otp (Get-Secret -Name myVerkadaOtp -AsPlainText)) -MyPwd (Get-Secret -Name myVerkadaPassword) -x_api_key 'myapiKey-dcwdskjnlnlkj'
+		This will authenticate user [email protected] with a otp token and a secure string variable stored password([secureString]$yourPwd) and upon success store the org_id 7cd47706-f51b-4419-8675-3b9f0ce7c12d and the returned tokens.  This will also store the org_id 7cd47706-f51b-4419-8675-3b9f0ce7c12d with the public API key myapiKey-dcwdskjnlnlkj
 
 		.EXAMPLE
 		Connect-Verkada '7cd47706-f51b-4419-8675-3b9f0ce7c12d' -userName "[email protected]" -Password
-		This will authenticate user [email protected] by prompting for the password(stored as a secure string) and upon success store the org_id 7cd47706-f51b-4419-8675-3b9f0ce7c12d and the returned tokens.
+		This will authenticate user [email protected] by prompting for the password(stored as a secure string) and upon success store the org_id 7cd47706-f51b-4419-8675-3b9f0ce7c12d and the returned tokens.  This will no longer work for OrgAdmins due to the MFA requirement.
 
 		.EXAMPLE
 		Connect-Verkada '7cd47706-f51b-4419-8675-3b9f0ce7c12d' -userName "[email protected]" -otp '123456' -MyPwd $yourPwd(seure string)
-		This will authenticate user [email protected] with a otp token and a secure string variable stored password([secureString]$yourPwd) and upon success store the org_id 7cd47706-f51b-4419-8675-3b9f0ce7c12d and the returned tokens.
+		This will authenticate user [email protected] with a otp token and a secure string variable stored password([secureString]$yourPwd) and upon success store the org_id 7cd47706-f51b-4419-8675-3b9f0ce7c12d and the returned tokens.  This will no longer work for OrgAdmins due to the MFA requirement.
 
 		.EXAMPLE
 		Connect-Verkada '7cd47706-f51b-4419-8675-3b9f0ce7c12d' -x_api_key 'myapiKey-dcwdskjnlnlkj' -userName "[email protected]" -Password
-		This will store the org_id 7cd47706-f51b-4419-8675-3b9f0ce7c12d with the public API key myapiKey-dcwdskjnlnlkj and will authenticate user [email protected] by prompting for the password(stored as a secure string) and storing the returned tokens.
+		This will store the org_id 7cd47706-f51b-4419-8675-3b9f0ce7c12d with the public API key myapiKey-dcwdskjnlnlkj and will authenticate user [email protected] by prompting for the password(stored as a secure string) and storing the returned tokens.  This will no longer work for OrgAdmins due to the MFA requirement.
 	#>
 
 	[CmdletBinding(PositionalBinding = $true,DefaultParameterSetName='apiToken')]

diff --git a/verkadaModule/Public/Get-Otp.ps1 b/verkadaModule/Public/Get-Otp.ps1
@@ -0,0 +1,112 @@
+<#
+.SYNOPSIS
+  Time-base One-Time Password Algorithm (RFC 6238)
+
+.DESCRIPTION
+  This is an implementation of the RFC 6238 Time-Based One-Time Password Algorithm draft based upon the HMAC-based One-Time Password (HOTP) algorithm (RFC 4226). This is a time based variant of the HOTP algorithm providing short-lived OTP values.
+
+.LINK
+	https://github.com/bepsoccer/verkadaModule/blob/master/docs/function-documentation/Get-Otp.md
+
+.EXAMPLE
+	Get-Otp MySecretTotpKey
+
+.NOTES
+  Version:        1.0
+  Author:         Jon Friesen
+  Creation Date:  May 7, 2015
+  Purpose/Change: Provide an easy way of generating OTPs
+
+#>
+
+function Get-Otp(){
+	[Alias("otp")]
+    param(
+        [Parameter(Mandatory=$true)]$SECRET,
+        $LENGTH = 6,
+        $WINDOW = 30
+    )
+    #$enc = [System.Text.Encoding]::UTF8
+    $hmac = New-Object -TypeName System.Security.Cryptography.HMACSHA1
+    $hmac.key = Convert-HexToByteArray(Convert-Base32ToHex(($SECRET.ToUpper())))
+    $timeBytes = Get-TimeByteArray $WINDOW
+    $randHash = $hmac.ComputeHash($timeBytes)
+
+    $offset = $randhash[($randHash.Length-1)] -band 0xf
+    $fullOTP = ($randhash[$offset] -band 0x7f) * [math]::pow(2, 24)
+    $fullOTP += ($randHash[$offset + 1] -band 0xff) * [math]::pow(2, 16)
+    $fullOTP += ($randHash[$offset + 2] -band 0xff) * [math]::pow(2, 8)
+    $fullOTP += ($randHash[$offset + 3] -band 0xff)
+
+    $modNumber = [math]::pow(10, $LENGTH)
+    $otp = $fullOTP % $modNumber
+    $otp = $otp.ToString("0" * $LENGTH)
+    return $otp
+}
+
+# Get-OTPRemainingSeconds returns how many seconds are left in the current TOTP window. In a script that needs to wait until the next code is generated, use like $RetryDelayInSeconds = Get-OTPRemainingSeconds; Start-Sleep -Seconds $RetryDelayInSeconds
+function Get-OTPRemainingSeconds ([int32]$WINDOW = 30) {
+    $EPOCH = Get-Date -Year 1970 -Month 1 -Day 1 -Hour 0 -Minute 0 -Second 0
+
+    $span = New-TimeSpan -Start $EPOCH -End (Get-Date).ToUniversalTime()
+    $seconds = [math]::floor($span.TotalSeconds)
+    $counter = [math]::floor($seconds / $WINDOW)
+
+    $nextTimeStep = ($counter + 1)*$WINDOW
+    $difference = $nextTimeStep - $seconds
+
+    return $difference
+}
+
+function Get-TimeByteArray($WINDOW) {
+    $span = (New-TimeSpan -Start (Get-Date -Year 1970 -Month 1 -Day 1 -Hour 0 -Minute 0 -Second 0) -End (Get-Date).ToUniversalTime()).TotalSeconds
+    $unixTime = [Convert]::ToInt64([Math]::Floor($span/$WINDOW))
+    $byteArray = [BitConverter]::GetBytes($unixTime)
+    [array]::Reverse($byteArray)
+    return $byteArray
+}
+
+function Convert-HexToByteArray($hexString) {
+    $byteArray = $hexString -replace '^0x', '' -split "(?<=\G\w{2})(?=\w{2})" | %{ [Convert]::ToByte( $_, 16 ) }
+    return $byteArray
+}
+
+function Convert-Base32ToHex($base32) {
+    $base32chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
+    $bits = "";
+    $hex = "";
+
+    for ($i = 0; $i -lt $base32.Length; $i++) {
+        $val = $base32chars.IndexOf($base32.Chars($i));
+        $binary = [Convert]::ToString($val, 2)
+        $staticLen = 5
+        $padder = '0'
+            # Write-Host $binary
+        $bits += Add-LeftPad $binary.ToString()  $staticLen  $padder
+    }
+
+
+    for ($i = 0; $i+4 -le $bits.Length; $i+=4) {
+        $chunk = $bits.Substring($i, 4)
+        # Write-Host $chunk
+        $intChunk = [Convert]::ToInt32($chunk, 2)
+        $hexChunk = Convert-IntToHex($intChunk)
+        # Write-Host $hexChunk
+        $hex = $hex + $hexChunk
+    }
+    return $hex;
+
+}
+
+function Convert-IntToHex([int]$num) {
+    return ('{0:x}' -f $num)
+}
+
+function Add-LeftPad($str, $len, $pad) {
+    if(($len + 1) -ge $str.Length) {
+        while (($len - 1) -ge $str.Length) {
+            $str = ($pad + $str)
+        }
+    }
+    return $str;
+}
diff --git a/verkadaModule/verkadaModule.psd1 b/verkadaModule/verkadaModule.psd1
@@ -3,7 +3,7 @@
 #
 # Generated by: Verkada SE Community
 #
-# Generated on: 03/31/2024
+# Generated on: 6/27/2024
 #
 
 @{
@@ -81,7 +81,7 @@ FunctionsToExport = 'Add-VerkadaAccessBadgeToUser', 'Add-VerkadaAccessGroup',
                'Enable-VerkadaAccessUserCard', 
                'Enable-VerkadaAccessUserLicensePlate', 
                'Export-VerkadaAccessUserProfilePicture', 'Find-VerkadaCommandUser', 
-               'Find-VerkadaUserId', 'Get-VerkadaAccessCredential', 
+               'Find-VerkadaUserId', 'Get-Otp', 'Get-VerkadaAccessCredential', 
                'Get-VerkadaAccessDoorConfigReport', 'Get-VerkadaAccessDoors', 
                'Get-VerkadaAccessDoorSchedules', 'Get-VerkadaAccessGroup', 
                'Get-VerkadaAccessLevels', 'Get-VerkadaAccessSite', 
@@ -134,15 +134,16 @@ AliasesToExport = 'a-VrkdaAcGrp', 'Add-VrkdaAcGrp', 'a-VrkdaAcUsrCrd',
                'Add-VrkdaWrkEmp', 'd-VrkdaAcUsrCrd', 'Disable-VrkdaAcUsrCrd', 
                'd-VrkdaAcUsrLPR', 'Disable-VrkdaAcUsrLPR', 'e-VrkdaAcUsrCrd', 
                'Enable-VrkdaAcUsrCrd', 'e-VrkdaAcUsrLPR', 'Enable-VrkdaAcUsrLPR', 
-               'ep-VrkdaAcUsrPrflPic', 'Export-VrkdaAcUsrPrflPic', 'Get-VrkdaAcGrp', 
-               'gt-VrkdaAcGrp', 'Get-VrkdaAcUsr', 'gt-VrkdaAcUsr', 'g-VrkdAlrmDevs', 
-               'Get-VrkdAlrmDevs', 'Get-VerkadaCameraSite', 'Get-VrkdaCmdUsr', 
-               'gt-VrkdaCmdUsr', 'Get-VerkadaLPoI', 'Get-VrkdaWrkEmp', 
-               'gt-VrkdaWrkEmp', 'rd-VrkdaAcGrps', 'Read-VrkdaAcGrps', 
-               'rd-VrkdaCamArchv', 'Read-VrkdaCamArchv', 'rd-VrkdaGstSte', 
-               'Read-VrkdaGstSte', 'rd-VrkdaWrkEmp', 'Read-VrkdaWrkEmp', 
-               'Remove-VrkdaAcGrp', 'rm-VrkdaAcGrp', 'Remove-VrkdaAcUsrBtUnlk', 
-               'rm-VrkdaAcUsrBtUnlk', 'Remove-VrkdaAcUsrCrd', 'rm-VrkdaAcUsrCrd', 
+               'ep-VrkdaAcUsrPrflPic', 'Export-VrkdaAcUsrPrflPic', 'otp', 
+               'Get-VrkdaAcGrp', 'gt-VrkdaAcGrp', 'Get-VrkdaAcUsr', 'gt-VrkdaAcUsr', 
+               'g-VrkdAlrmDevs', 'Get-VrkdAlrmDevs', 'Get-VerkadaCameraSite', 
+               'Get-VrkdaCmdUsr', 'gt-VrkdaCmdUsr', 'Get-VerkadaLPoI', 
+               'Get-VrkdaWrkEmp', 'gt-VrkdaWrkEmp', 'rd-VrkdaAcGrps', 
+               'Read-VrkdaAcGrps', 'rd-VrkdaCamArchv', 'Read-VrkdaCamArchv', 
+               'rd-VrkdaGstSte', 'Read-VrkdaGstSte', 'rd-VrkdaWrkEmp', 
+               'Read-VrkdaWrkEmp', 'Remove-VrkdaAcGrp', 'rm-VrkdaAcGrp', 
+               'Remove-VrkdaAcUsrBtUnlk', 'rm-VrkdaAcUsrBtUnlk', 
+               'Remove-VrkdaAcUsrCrd', 'rm-VrkdaAcUsrCrd', 
                'Remove-VrkdaAcUsrEntryCo', 'rm-VrkdaAcUsrEntryCo', 
                'Remove-VrkdaAcUsrFrGrp', 'rm-VrkdaAcUsrFrGrp', 
                'Remove-VrkdaAcUsrLPR', 'rm-VrkdaAcUsrLPR',