From 54234eab19dc921cfb2a587f6aab7f58b2e77c91 Mon Sep 17 00:00:00 2001 From: slycoder Date: Tue, 5 Jun 2018 12:16:19 -0700 Subject: [PATCH 1/3] [WIP] OTP push support --- onelogin_aws_cli/__init__.py | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/onelogin_aws_cli/__init__.py b/onelogin_aws_cli/__init__.py index fa4ed189..df84c78b 100644 --- a/onelogin_aws_cli/__init__.py +++ b/onelogin_aws_cli/__init__.py @@ -17,6 +17,9 @@ from onelogin_aws_cli.credentials import MFACredentials, UserCredentials from onelogin_aws_cli.userquery import user_role_prompt +import time + + CONFIG_FILENAME = ".onelogin-aws.config" DEFAULT_CONFIG_PATH = os.path.join(os.path.expanduser("~"), CONFIG_FILENAME) @@ -71,14 +74,29 @@ def get_saml_assertion(self): if not self.mfa.ready(): self.mfa.select_device(saml_resp.mfa.devices) if not self.mfa.has_otp: - self.mfa.prompt_token() - - saml_resp = self.ol_client.get_saml_assertion_verifying( - self.config['aws_app_id'], - self.mfa.device.id, - saml_resp.mfa.state_token, - self.mfa.otp - ) + if self.mfa.device.type == 'OneLogin Protect': + print("Send OTP now using OneLogin Protect or respond " + "to push notification or enter below") + while True: + saml_verif = self.ol_client.get_saml_assertion_verifying( + self.config['aws_app_id'], + self.mfa.device.id, + saml_resp.mfa.state_token, + ) + if saml_verif and saml_verif.type != 'pending': + print("OTP verification received") + break + print("OTP verification still pending. Retrying in 3 seconds...") + time.sleep(3) + saml_resp = saml_verif + else: + self.mfa.prompt_token() + saml_resp = self.ol_client.get_saml_assertion_verifying( + self.config['aws_app_id'], + self.mfa.device.id, + saml_resp.mfa.state_token, + self.mfa.otp, + ) self.saml = saml_resp From 79f0824ebcfdd8633041a55dc0712bb1dbba9608 Mon Sep 17 00:00:00 2001 From: slycoder Date: Tue, 5 Jun 2018 12:20:52 -0700 Subject: [PATCH 2/3] Flake --- onelogin_aws_cli/__init__.py | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/onelogin_aws_cli/__init__.py b/onelogin_aws_cli/__init__.py index df84c78b..5457c370 100644 --- a/onelogin_aws_cli/__init__.py +++ b/onelogin_aws_cli/__init__.py @@ -78,25 +78,28 @@ def get_saml_assertion(self): print("Send OTP now using OneLogin Protect or respond " "to push notification or enter below") while True: - saml_verif = self.ol_client.get_saml_assertion_verifying( - self.config['aws_app_id'], - self.mfa.device.id, - saml_resp.mfa.state_token, - ) + saml_verif = self.ol_client.\ + get_saml_assertion_verifying( + self.config['aws_app_id'], + self.mfa.device.id, + saml_resp.mfa.state_token, + ) if saml_verif and saml_verif.type != 'pending': print("OTP verification received") break - print("OTP verification still pending. Retrying in 3 seconds...") + print("OTP verification still pending. " + "Retrying in 3 seconds...") time.sleep(3) saml_resp = saml_verif else: self.mfa.prompt_token() - saml_resp = self.ol_client.get_saml_assertion_verifying( - self.config['aws_app_id'], - self.mfa.device.id, - saml_resp.mfa.state_token, - self.mfa.otp, - ) + saml_resp = self.ol_client.\ + get_saml_assertion_verifying( + self.config['aws_app_id'], + self.mfa.device.id, + saml_resp.mfa.state_token, + self.mfa.otp, + ) self.saml = saml_resp From c05aea3f1d951f6f16706ef75b21078b13fc9623 Mon Sep 17 00:00:00 2001 From: slycoder Date: Tue, 5 Jun 2018 12:26:00 -0700 Subject: [PATCH 3/3] Fix it for realz --- onelogin_aws_cli/__init__.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/onelogin_aws_cli/__init__.py b/onelogin_aws_cli/__init__.py index 5457c370..bdc0830b 100644 --- a/onelogin_aws_cli/__init__.py +++ b/onelogin_aws_cli/__init__.py @@ -94,12 +94,12 @@ def get_saml_assertion(self): else: self.mfa.prompt_token() saml_resp = self.ol_client.\ - get_saml_assertion_verifying( - self.config['aws_app_id'], - self.mfa.device.id, - saml_resp.mfa.state_token, - self.mfa.otp, - ) + get_saml_assertion_verifying( + self.config['aws_app_id'], + self.mfa.device.id, + saml_resp.mfa.state_token, + self.mfa.otp, + ) self.saml = saml_resp