From d3fcdb54f26a71b2f896f582a8d665cc734cb4bc Mon Sep 17 00:00:00 2001 From: Fernando Aureliano da Silva Maia Date: Tue, 3 Oct 2023 16:51:36 -0300 Subject: [PATCH] a few more updates for requests in okta.py --- tokendito/okta.py | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/tokendito/okta.py b/tokendito/okta.py index 27627b74..7d919a87 100644 --- a/tokendito/okta.py +++ b/tokendito/okta.py @@ -524,7 +524,7 @@ def mfa_provider_type( mfa_verify = push_approval(headers, mfa_challenge_url, payload) elif mfa_provider in ["OKTA", "GOOGLE"] and factor_type in ["token:software:totp", "sms"]: mfa_verify = totp_approval( - config, selected_mfa_option, headers, mfa_challenge_url, payload, primary_auth + config, selected_mfa_option, headers, mfa_challenge_url, payload, primary_auth, http_client ) else: logger.error( @@ -623,7 +623,7 @@ def mfa_challenge(config, headers, primary_auth, http_client): -def totp_approval(config, selected_mfa_option, headers, mfa_challenge_url, payload, primary_auth): +def totp_approval(config, selected_mfa_option, headers, mfa_challenge_url, payload, primary_auth, http_client): """Handle user mfa options. :param config: Config object @@ -632,6 +632,7 @@ def totp_approval(config, selected_mfa_option, headers, mfa_challenge_url, paylo :param mfa_challenge_url: MFA challenge URL :param payload: payload :param primary_auth: Primary authentication method + :param http_client: Instance of HTTPClient :return: payload data """ @@ -646,8 +647,16 @@ def totp_approval(config, selected_mfa_option, headers, mfa_challenge_url, paylo "stateToken": primary_auth["stateToken"], "passCode": config.okta["mfa_response"], } - # FIXME: This call needs to catch a 403 coming from a bad token - mfa_verify = api_wrapper(mfa_challenge_url, payload, headers) + + # Using the http_client to make the POST request + response = http_client.post(mfa_challenge_url, json=payload, headers=headers) + + try: + mfa_verify = response.json() + except ValueError: + logger.error(f"Failed to parse response from {mfa_challenge_url}") + sys.exit(1) + if "sessionToken" in mfa_verify: user.add_sensitive_value_to_be_masked(mfa_verify["sessionToken"]) logger.debug(f"mfa_verify [{json.dumps(mfa_verify)}]") @@ -655,16 +664,17 @@ def totp_approval(config, selected_mfa_option, headers, mfa_challenge_url, paylo return mfa_verify -def push_approval(headers, mfa_challenge_url, payload): + +def push_approval(http_client, mfa_challenge_url, payload): """Handle push approval from the user. - :param headers: HTTP headers sent to API call + :param http_client: Instance of HTTPClient :param mfa_challenge_url: MFA challenge url :param payload: payload which needs to be sent :return: Session Token if succeeded or terminates if user wait goes 5 min """ - logger.debug(f"Push approval with headers:{headers} challenge_url:{mfa_challenge_url}") + logger.debug(f"Push approval with challenge_url:{mfa_challenge_url}") user.print("Waiting for an approval from the device...") status = "MFA_CHALLENGE" @@ -672,8 +682,13 @@ def push_approval(headers, mfa_challenge_url, payload): response = {} challenge_displayed = False + headers = { + 'content-type': 'application/json', + 'accept': 'application/json' + } + while status == "MFA_CHALLENGE" and result == "WAITING": - response = api_wrapper(mfa_challenge_url, payload, headers) + response = http_client.post(mfa_challenge_url, json=payload, headers=headers).json() if "sessionToken" in response: user.add_sensitive_value_to_be_masked(response["sessionToken"])