Merge branch 'internal_recovery_api' into 'master'

Add internal API to recovery 2FA

## What does this MR do?

Add an internal API to make SSH 2FA recovery possible. Related to gitlab-org/gitlab-shell!74

See merge request !5510

1 files changed, 25 insertions, 0 deletions

diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index d8e9ac406c4..5b54c11ef62 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -101,6 +101,31 @@ module API
           {}
         end
       end
+
+      post '/two_factor_recovery_codes' do
+        status 200
+
+        key = Key.find(params[:key_id])
+        user = key.user
+
+        # Make sure this isn't a deploy key
+        unless key.type.nil?
+          return { success: false, message: 'Deploy keys cannot be used to retrieve recovery codes' }
+        end
+
+        unless user.present?
+          return { success: false, message: 'Could not find a user for the given key' }
+        end
+
+        unless user.two_factor_enabled?
+          return { success: false, message: 'Two-factor authentication is not enabled for this user' }
+        end
+
+        codes = user.generate_otp_backup_codes!
+        user.save!
+
+        { success: true, recovery_codes: codes }
+      end
     end
   end
 end