def do_authorize(self):
ticket_id = self.mfa_password
ticket_type_section = self._determine_section(ticket_id)
if not ticket_type_section:
return AAResponse.deny("Ticket ID doesn't match any patterns; ticket_id={}".format(ticket_id))
table = self.plugin_configuration.get(ticket_type_section, "table", required=True).strip()
templ = self.plugin_configuration.get(ticket_type_section, "query", required=True).strip()
self.logger.debug("ServiceNow query template: {}".format(templ))
query = Template(templ).substitute(Filter(self.connection), ticket_id=ticket_id, username=self.mfa_identity)
self.logger.debug("ServiceNow query: {}".format(query))
try:
resource = ServiceNowClient.from_config(self.plugin_configuration).get_resource("/table/{}".format(table))
response = resource.get(query=query, stream=True)
result = response.first_or_none()
except HTTPError as e:
self.logger.debug(self.ERROR_MESSAGE_TEMPLATE.format(error=str(e), details=""))
return AAResponse.deny(reason=self.DENY_REASON_TEMPLATE.format(ticket_id=ticket_id))
except ResponseError as e:
self.logger.debug(self.ERROR_MESSAGE_TEMPLATE.format(error=e.message, details=e.detail))
return AAResponse.deny(reason=self.DENY_REASON_TEMPLATE.format(ticket_id=ticket_id))
except Exception as e:
self.logger.debug("Unknow error occured. Cannot verify ServiceNow request: {}".format(str(e)))
return AAResponse.deny(reason=self.DENY_REASON_TEMPLATE.format(ticket_id=ticket_id))
if result:
self._update_service_now_ticket(resource, ticket_id)
return AAResponse.accept(reason="Verified ServiceNow request: {}".format(ticket_id))
else:
return AAResponse.deny(
reason="Ticket verification failed. No ServiceNow request matched by the provided query")
def _get_verdict(self, response):
response_id = self._extract_info(response, "errorId")
response_msg = self._extract_info(response, "errorMsg")
if response_id == 200:
logger.info("Authentication successful")
return AAResponse.accept(reason="Authentication successful")
logger.info("Authentication failure; id=%i, msg=%s", response_id, response_msg)
return AAResponse.deny(reason=self._get_reason(response))
def do_authorize(self):
target_hosts = self._resolve_ip(self.connection.target_server)
if self._hosts_for_groups_match(
target_hosts, self.connection.
gateway_groups) or self._groups_for_hosts_match(
target_hosts, self.connection.gateway_groups):
return AAResponse.accept()
else:
return AAResponse.deny()
def _log_bypass_and_create_aa_response(self):
msg = "User configured as bypass user on Duo."
logger.info(msg)
return AAResponse.accept(reason=msg)
def test_bypass_auth_without_bypass_code_otp(client, duo_bypass_user, interactive):
otp = interactive.askforinput("Please enter OTP whatever you like")
result = client.otp_authenticate(duo_bypass_user, otp)
assert result == AAResponse.accept(reason="User configured as bypass user on Duo.")
def test_bypass_auth_without_bypass_code_push(client, duo_bypass_user, interactive):
result = client.push_authenticate(duo_bypass_user)
assert result == AAResponse.accept(reason="User configured as bypass user on Duo.")
def do_authenticate(self):
return AAResponse.accept().with_cookie(
{"push_details": self.create_push_details()})
def do_authorize(self):
return AAResponse.accept('the reason to accept')
def do_authenticate(self):
return AAResponse.accept('the reason to accept')