def auth(self): token = self.config.get(Config.DEFAULT_SECTION, 'token', fallback=None) if token: creds = base64.b64decode(token).decode().rstrip() username, password = creds.split(':') else: username, password = common.get_user_credentials() session = requests.Session() try: if self.ntlmauth: form_response = session.get(self.idpurl, verify=self.sslverification, auth=HttpNtlmAuth(username, password)) else: form_response = session.get(self.idpurl, verify=self.sslverification) formsoup = BeautifulSoup(form_response.text, "html.parser") payload_dict = {} for inputtag in formsoup.find_all(re.compile('(INPUT|input)')): name = inputtag.get('name', '') value = inputtag.get('value', '') if "user" in name.lower(): payload_dict[name] = username elif "pass" in name.lower(): payload_dict[name] = password else: # Simply populate the parameter with the existing value # (picks up hidden fields in the login form) payload_dict[name] = value for inputtag in formsoup.find_all(re.compile('(FORM|form)')): action = inputtag.get('action') # parsedurl = urlparse(idpentryurl) # idpauthformsubmiturl = "{scheme}://{netloc}{action}".format( # scheme=parsedurl.scheme, # netloc=parsedurl.netloc, # action=action) response = session.post(action, data=payload_dict, verify=self.sslverification) if response.status_code != 200: sys.exit(F'There was a problem logging in via ADFS. HTTP ' 'Status Code: {response.status_code}') assertion = common.get_saml_assertion(response) arn_to_assume = common.get_arns_from_assertion(assertion, self.args.account) sts_creds = common.get_sts_creds(arn_to_assume) try: common.write_credentials( self.args.profile, sts_creds ) except (NoOptionError, NoSectionError) as e: sys.exit(e.message) except requests.exceptions.ConnectionError as e: sys.exit(F'Could not connect to {self.idpurl}. {e}')
def auth(self): session = requests.Session() username, password = common.get_user_credentials() payload_dict = { "username": username, "password": password } response = session.post( self.auth_url, headers=self.headers_dict, data=json.dumps(payload_dict) ) if response.status_code != 200: e = json.loads(response.text) sys.exit("Primary authentication failed: %s. Error code: %s" % (e['errorSummary'], e['errorCode'])) auth_response = json.loads(response.text) if auth_response['status'] == 'MFA_REQUIRED': print("Please choose a second factor:\n") for i in range(0, len(auth_response['_embedded']['factors'])): print("[%s] - %s" % (i, auth_response['_embedded']['factors'][i]['factorType'])) try: factor_input = raw_input except NameError: factor_input = input choice = int(factor_input("Chose a second factor: ")) if choice > (len(auth_response['_embedded']['factors']) - 1): sys.exit('Sorry, that is not a valid role choice.') chosen_factor = auth_response['_embedded']['factors'][choice] if (chosen_factor['factorType'] == 'sms' or chosen_factor['factorType'] == 'token:software:totp'): response = self.second_factor( chosen_factor, auth_response['stateToken']) else: sys.exit("Unsupported second factor.") if json.loads(response.text)['status'] == 'SUCCESS': self.process_success(response) else: print("Authentication failed with status: %s" % (json.loads(response.text)['status'],)) elif auth_response['status'] == 'SUCCESS': self.process_success(response) else: print("Unable to login: %s" % (auth_response['status'],))
def auth(self): username, password = common.get_user_credentials() session = requests.Session() try: if self.domain: username = '******'.format(self.domain, username) if self.ntlmauth: form_response = session.get(self.idpurl, verify=self.sslverification, auth=HttpNtlmAuth( username, password)) else: form_response = session.get(self.idpurl, verify=self.sslverification) formsoup = BeautifulSoup(form_response.text, "html.parser") payload_dict = {} for inputtag in formsoup.find_all(re.compile('(INPUT|input)')): name = inputtag.get('name', '') value = inputtag.get('value', '') if "user" in name.lower(): payload_dict[name] = username elif "pass" in name.lower(): payload_dict[name] = password else: # Simply populate the parameter with the existing value # (picks up hidden fields in the login form) payload_dict[name] = value for inputtag in formsoup.find_all(re.compile('(FORM|form)')): action = inputtag.get('action') # parsedurl = urlparse(idpentryurl) # idpauthformsubmiturl = "{scheme}://{netloc}{action}".format( # scheme=parsedurl.scheme, # netloc=parsedurl.netloc, # action=action) response = session.post(action, data=payload_dict, verify=self.sslverification) if response.status_code != 200: sys.exit('There was a problem logging in via ADFS. HTTP ' 'Status Code: %s' % (response.status_code)) assertion = common.get_saml_assertion(response) arn_to_assume = common.get_arns_from_assertion(assertion) sts_creds = common.get_sts_creds(arn_to_assume) common.write_credentials( self.config.get(common.DEFAULT_CONFIG_SECTION, 'aws_credential_profile'), sts_creds) except requests.exceptions.ConnectionError as e: sys.exit('Could not connect to %s. %s' % (self.idpurl, e))
def auth(self): username, password = common.get_user_credentials() session = requests.Session() try: form_response = session.get( self.idpurl, verify=self.sslverification) formsoup = BeautifulSoup(form_response.text, "html.parser") payload_dict = {} for inputtag in formsoup.find_all(re.compile('(INPUT|input)')): name = inputtag.get('name', '') value = inputtag.get('value', '') if "user" in name.lower(): payload_dict[name] = username elif "pass" in name.lower(): payload_dict[name] = password else: # Simply populate the parameter with the existing value # (picks up hidden fields in the login form) payload_dict[name] = value for inputtag in formsoup.find_all(re.compile('(FORM|form)')): action = inputtag.get('action') # parsedurl = urlparse(idpentryurl) # idpauthformsubmiturl = "{scheme}://{netloc}{action}".format( # scheme=parsedurl.scheme, # netloc=parsedurl.netloc, # action=action) response = session.post(action, data=payload_dict, verify=self.sslverification) if response.status_code != 200: sys.exit('There was a problem logging in via ADFS. HTTP ' 'Status Code: %s' % (response.status_code)) assertion = common.get_saml_assertion(response) arn_to_assume = common.get_arns_from_assertion(assertion) sts_creds = common.get_sts_creds(arn_to_assume) try: common.write_credentials( self.config.get( common.DEFAULT_CONFIG_SECTION, 'aws_credential_profile' ), sts_creds ) except (NoOptionError, NoSectionError) as e: sys.exit(e.message) except requests.exceptions.ConnectionError as e: sys.exit('Could not connect to %s. %s' % (self.idpurl, e))
def auth(self): session = requests.Session() username, password = common.get_user_credentials() payload_dict = {"username": username, "password": password} response = session.post(self.auth_url, headers=self.headers_dict, data=json.dumps(payload_dict)) if response.status_code != 200: e = json.loads(response.text) sys.exit( F"Primary authentication failed: {e['errorSummary']}. Error code: {e['errorCode']}" ) auth_response = json.loads(response.text) if auth_response['status'] == 'MFA_REQUIRED': print("Please choose a second factor:\n") for i in range(0, len(auth_response['_embedded']['factors'])): print( F"[{i}] - {auth_response['_embedded']['factors'][i]['factorType']}" ) try: factor_input = input except NameError: factor_input = input choice = int(factor_input("Chose a second factor: ")) if choice > (len(auth_response['_embedded']['factors']) - 1): sys.exit('Sorry, that is not a valid role choice.') chosen_factor = auth_response['_embedded']['factors'][choice] if (chosen_factor['factorType'] == 'sms' or chosen_factor['factorType'] == 'token:software:totp'): response = self.second_factor(chosen_factor, auth_response['stateToken']) else: sys.exit("Unsupported second factor.") if json.loads(response.text)['status'] == 'SUCCESS': self.process_success(response) else: print( F"Authentication failed with status: {json.loads(response.text)['status']}" ) elif auth_response['status'] == 'SUCCESS': self.process_success(response) else: print(F"Unable to login: {auth_response['status']}")