Exemplo n.º 1
0
    def auth(self):
        token = self.config.get(Config.DEFAULT_SECTION, 'token', fallback=None)
        if token:
            creds = base64.b64decode(token).decode().rstrip()
            username, password = creds.split(':')
        else:
            username, password = common.get_user_credentials()

        session = requests.Session()
        try:
            if self.ntlmauth:
                form_response = session.get(self.idpurl,
                                            verify=self.sslverification,
                                            auth=HttpNtlmAuth(username,
                                                              password))
            else:
                form_response = session.get(self.idpurl,
                                            verify=self.sslverification)
            formsoup = BeautifulSoup(form_response.text, "html.parser")
            payload_dict = {}
            for inputtag in formsoup.find_all(re.compile('(INPUT|input)')):
                name = inputtag.get('name', '')
                value = inputtag.get('value', '')
                if "user" in name.lower():
                    payload_dict[name] = username
                elif "pass" in name.lower():
                    payload_dict[name] = password
                else:
                    # Simply populate the parameter with the existing value
                    # (picks up hidden fields in the login form)
                    payload_dict[name] = value
            for inputtag in formsoup.find_all(re.compile('(FORM|form)')):
                action = inputtag.get('action')
            # parsedurl = urlparse(idpentryurl)
            # idpauthformsubmiturl = "{scheme}://{netloc}{action}".format(
            #                         scheme=parsedurl.scheme,
            #                         netloc=parsedurl.netloc,
            #                         action=action)
            response = session.post(action, data=payload_dict,
                                    verify=self.sslverification)
            if response.status_code != 200:
                sys.exit(F'There was a problem logging in via ADFS. HTTP '
                         'Status Code: {response.status_code}')

            assertion = common.get_saml_assertion(response)
            arn_to_assume = common.get_arns_from_assertion(assertion, self.args.account)
            sts_creds = common.get_sts_creds(arn_to_assume)
            try:
                common.write_credentials(
                    self.args.profile,
                    sts_creds
                )
            except (NoOptionError, NoSectionError) as e:
                sys.exit(e.message)
        except requests.exceptions.ConnectionError as e:
            sys.exit(F'Could not connect to {self.idpurl}. {e}')
Exemplo n.º 2
0
 def process_success(self, response):
     session_token = json.loads(response.text)['sessionToken']
     session = requests.Session()
     saml = session.get(self.app_url + "?onetimetoken=" + session_token)
     assertion = common.get_saml_assertion(saml)
     arn_dict = common.get_arns_from_assertion(assertion, self.args)
     sts_creds = common.get_sts_creds(arn_dict)
     try:
         common.write_credentials(self.args.profile, sts_creds)
     except (NoOptionError, NoSectionError) as e:
         sys.exit(e.message)
Exemplo n.º 3
0
    def auth(self):
        username, password = common.get_user_credentials()

        session = requests.Session()
        try:
            if self.domain:
                username = '******'.format(self.domain, username)
            if self.ntlmauth:
                form_response = session.get(self.idpurl,
                                            verify=self.sslverification,
                                            auth=HttpNtlmAuth(
                                                username, password))
            else:
                form_response = session.get(self.idpurl,
                                            verify=self.sslverification)
            formsoup = BeautifulSoup(form_response.text, "html.parser")
            payload_dict = {}
            for inputtag in formsoup.find_all(re.compile('(INPUT|input)')):
                name = inputtag.get('name', '')
                value = inputtag.get('value', '')
                if "user" in name.lower():
                    payload_dict[name] = username
                elif "pass" in name.lower():
                    payload_dict[name] = password
                else:
                    # Simply populate the parameter with the existing value
                    # (picks up hidden fields in the login form)
                    payload_dict[name] = value
            for inputtag in formsoup.find_all(re.compile('(FORM|form)')):
                action = inputtag.get('action')
            # parsedurl = urlparse(idpentryurl)
            # idpauthformsubmiturl = "{scheme}://{netloc}{action}".format(
            #                         scheme=parsedurl.scheme,
            #                         netloc=parsedurl.netloc,
            #                         action=action)
            response = session.post(action,
                                    data=payload_dict,
                                    verify=self.sslverification)
            if response.status_code != 200:
                sys.exit('There was a problem logging in via ADFS. HTTP '
                         'Status Code: %s' % (response.status_code))

            assertion = common.get_saml_assertion(response)
            arn_to_assume = common.get_arns_from_assertion(assertion)
            sts_creds = common.get_sts_creds(arn_to_assume)
            common.write_credentials(
                self.config.get(common.DEFAULT_CONFIG_SECTION,
                                'aws_credential_profile'), sts_creds)
        except requests.exceptions.ConnectionError as e:
            sys.exit('Could not connect to %s. %s' % (self.idpurl, e))
Exemplo n.º 4
0
    def auth(self):
        username, password = common.get_user_credentials()

        session = requests.Session()

        try:
            form_response = session.get(
                self.idpurl, verify=self.sslverification)
            formsoup = BeautifulSoup(form_response.text, "html.parser")
            payload_dict = {}
            for inputtag in formsoup.find_all(re.compile('(INPUT|input)')):
                name = inputtag.get('name', '')
                value = inputtag.get('value', '')
                if "user" in name.lower():
                    payload_dict[name] = username
                elif "pass" in name.lower():
                    payload_dict[name] = password
                else:
                    # Simply populate the parameter with the existing value
                    # (picks up hidden fields in the login form)
                    payload_dict[name] = value
            for inputtag in formsoup.find_all(re.compile('(FORM|form)')):
                action = inputtag.get('action')
            # parsedurl = urlparse(idpentryurl)
            # idpauthformsubmiturl = "{scheme}://{netloc}{action}".format(
            #                         scheme=parsedurl.scheme,
            #                         netloc=parsedurl.netloc,
            #                         action=action)
            response = session.post(action, data=payload_dict,
                                    verify=self.sslverification)
            if response.status_code != 200:
                sys.exit('There was a problem logging in via ADFS. HTTP '
                         'Status Code: %s' % (response.status_code))

            assertion = common.get_saml_assertion(response)
            arn_to_assume = common.get_arns_from_assertion(assertion)
            sts_creds = common.get_sts_creds(arn_to_assume)
            try:
                common.write_credentials(
                    self.config.get(
                        common.DEFAULT_CONFIG_SECTION,
                        'aws_credential_profile'
                    ),
                    sts_creds
                    )
            except (NoOptionError, NoSectionError) as e:
                sys.exit(e.message)
        except requests.exceptions.ConnectionError as e:
            sys.exit('Could not connect to %s. %s' % (self.idpurl, e))
Exemplo n.º 5
0
 def process_success(self, response):
     session_token = json.loads(response.text)['sessionToken']
     session = requests.Session()
     saml = session.get(self.app_url + "?onetimetoken=" + session_token)
     assertion = common.get_saml_assertion(saml)
     arn_dict = common.get_arns_from_assertion(assertion)
     sts_creds = common.get_sts_creds(arn_dict)
     try:
         common.write_credentials(
             self.config.get(
                 common.DEFAULT_CONFIG_SECTION,
                 'aws_credential_profile'
             ),
             sts_creds
             )
     except (NoOptionError, NoSectionError) as e:
         sys.exit(e.message)