Exemplo n.º 1
0
    def do_authorize(self):
        ticket_id = self.mfa_password

        ticket_type_section = self._determine_section(ticket_id)
        if not ticket_type_section:
            return AAResponse.deny("Ticket ID doesn't match any patterns; ticket_id={}".format(ticket_id))

        table = self.plugin_configuration.get(ticket_type_section, "table", required=True).strip()
        templ = self.plugin_configuration.get(ticket_type_section, "query", required=True).strip()

        self.logger.debug("ServiceNow query template: {}".format(templ))
        query = Template(templ).substitute(Filter(self.connection), ticket_id=ticket_id, username=self.mfa_identity)
        self.logger.debug("ServiceNow query: {}".format(query))

        try:
            resource = ServiceNowClient.from_config(self.plugin_configuration).get_resource("/table/{}".format(table))
            response = resource.get(query=query, stream=True)
            result = response.first_or_none()
        except HTTPError as e:
            self.logger.debug(self.ERROR_MESSAGE_TEMPLATE.format(error=str(e), details=""))
            return AAResponse.deny(reason=self.DENY_REASON_TEMPLATE.format(ticket_id=ticket_id))
        except ResponseError as e:
            self.logger.debug(self.ERROR_MESSAGE_TEMPLATE.format(error=e.message, details=e.detail))
            return AAResponse.deny(reason=self.DENY_REASON_TEMPLATE.format(ticket_id=ticket_id))
        except Exception as e:
            self.logger.debug("Unknow error occured. Cannot verify ServiceNow request: {}".format(str(e)))
            return AAResponse.deny(reason=self.DENY_REASON_TEMPLATE.format(ticket_id=ticket_id))

        if result:
            self._update_service_now_ticket(resource, ticket_id)
            return AAResponse.accept(reason="Verified ServiceNow request: {}".format(ticket_id))
        else:
            return AAResponse.deny(
                reason="Ticket verification failed. No ServiceNow request matched by the provided query")
Exemplo n.º 2
0
    def _get_verdict(self, response):
        response_id = self._extract_info(response, "errorId")
        response_msg = self._extract_info(response, "errorMsg")

        if response_id == 200:
            logger.info("Authentication successful")
            return AAResponse.accept(reason="Authentication successful")

        logger.info("Authentication failure; id=%i, msg=%s", response_id, response_msg)
        return AAResponse.deny(reason=self._get_reason(response))
Exemplo n.º 3
0
    def do_authorize(self):
        target_hosts = self._resolve_ip(self.connection.target_server)

        if self._hosts_for_groups_match(
                target_hosts, self.connection.
                gateway_groups) or self._groups_for_hosts_match(
                    target_hosts, self.connection.gateway_groups):
            return AAResponse.accept()
        else:
            return AAResponse.deny()
Exemplo n.º 4
0
 def _log_bypass_and_create_aa_response(self):
     msg = "User configured as bypass user on Duo."
     logger.info(msg)
     return AAResponse.accept(reason=msg)
def test_bypass_auth_without_bypass_code_otp(client, duo_bypass_user, interactive):
    otp = interactive.askforinput("Please enter OTP whatever you like")
    result = client.otp_authenticate(duo_bypass_user, otp)
    assert result == AAResponse.accept(reason="User configured as bypass user on Duo.")
def test_bypass_auth_without_bypass_code_push(client, duo_bypass_user, interactive):
    result = client.push_authenticate(duo_bypass_user)
    assert result == AAResponse.accept(reason="User configured as bypass user on Duo.")
 def do_authenticate(self):
     return AAResponse.accept().with_cookie(
         {"push_details": self.create_push_details()})
 def do_authorize(self):
     return AAResponse.accept('the reason to accept')
 def do_authenticate(self):
     return AAResponse.accept('the reason to accept')