diff --git a/pyproject.toml b/pyproject.toml index 9d131ff..d77300e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -7,7 +7,7 @@ exclude_lines = [ "break", "except KeyboardInterrupt:", "if __name__ == .__main__.:", - "if __package__ is None:", + "if not __package__:", "logger.debug", "pragma: no cover", "print..Invalid input, try again...", diff --git a/tokendito/__main__.py b/tokendito/__main__.py index 99bff00..1c7e7cd 100755 --- a/tokendito/__main__.py +++ b/tokendito/__main__.py @@ -7,7 +7,7 @@ def main(args=None): # needed for console script """Packge entry point.""" - if __package__ is None: + if not __package__: import os.path path = os.path.dirname(os.path.dirname(__file__)) diff --git a/tokendito/aws.py b/tokendito/aws.py index d7ada32..3f2fc83 100644 --- a/tokendito/aws.py +++ b/tokendito/aws.py @@ -72,7 +72,7 @@ def authenticate_to_roles(config, urls): saml_xml = okta.extract_saml_response(saml_response_string) if not saml_xml: state_token = okta.extract_state_token(saml_response_string) - if "Extra Verification" in saml_response_string and state_token: + if state_token: logger.info(f"Step-Up authentication required for {url}.") if okta.step_up_authenticate(config, state_token): return authenticate_to_roles(config, urls) diff --git a/tokendito/http_client.py b/tokendito/http_client.py index 872c5a6..843a22e 100644 --- a/tokendito/http_client.py +++ b/tokendito/http_client.py @@ -81,6 +81,7 @@ def get(self, url, params=None, headers=None, allow_redirects=True): def post(self, url, data=None, json=None, headers=None, params=None, return_json=False): """Perform a POST request.""" + response = None logger.debug(f"POST to {url}") try: response = self.session.post(url, data=data, json=json, params=params, headers=headers) @@ -95,6 +96,11 @@ def post(self, url, data=None, json=None, headers=None, params=None, return_json return response except requests.RequestException as e: logger.error(f"Error during POST request to {url}. Error: {e}") + if response: + logger.debug(f"Response Headers: {response.headers}") + logger.debug(f"Response Text: {response.text}") + else: + logger.debug("No response received") sys.exit(1) except Exception as err: logger.error(f"The post request to {url} failed with {err}") diff --git a/tokendito/okta.py b/tokendito/okta.py index 5eff882..d4167ff 100644 --- a/tokendito/okta.py +++ b/tokendito/okta.py @@ -263,7 +263,6 @@ def send_saml_response(config, saml_response): # Get the 'sid' value from the reponse cookies. sid = response.cookies.get("sid", None) - logger.debug(f"New sid is {sid}") # If 'sid' is present, mask its value for logging purposes. if sid: @@ -564,6 +563,12 @@ def authorize_request(oauth2_config, oauth2_session_data): params=payload, ) + idx = HTTP_client.session.cookies.get("idx", None) + if idx: + user.add_sensitive_value_to_be_masked(idx) + else: + logger.debug("We did not find an 'idx' entry in the cookies.") + authorize_code = get_authorize_code(response, session_token) return authorize_code @@ -699,6 +704,7 @@ def idp_authenticate(config): logger.error("Okta auth failed: unknown type.") sys.exit(1) + # Possible recursion ahead. The exit condition should be the first if statement. if local_authentication_enabled(auth_properties): session_token = local_authenticate(config) # authentication sends us a token diff --git a/tokendito/tokendito.py b/tokendito/tokendito.py index 85cc374..9b9d523 100755 --- a/tokendito/tokendito.py +++ b/tokendito/tokendito.py @@ -7,7 +7,7 @@ def main(args=None): # needed for console script """Packge entry point.""" - if __package__ is None: + if not __package__: import os.path path = os.path.dirname(os.path.dirname(__file__)) diff --git a/tokendito/user.py b/tokendito/user.py index 1098445..b0d957a 100644 --- a/tokendito/user.py +++ b/tokendito/user.py @@ -79,12 +79,7 @@ def cmd_interface(args): # get authentication and authorization cookies from okta okta.access_control(config) - logger.debug( - f""" - about to call discover_tile - we have client cookies: {HTTP_client.session.cookies} - """ - ) + if config.okta["tile"]: tile_label = "" config.okta["tile"] = (config.okta["tile"], tile_label)