def do_authorize(self):
ticket_id = self.mfa_password
ticket_type_section = self._determine_section(ticket_id)
if not ticket_type_section:
return AAResponse.deny("Ticket ID doesn't match any patterns; ticket_id={}".format(ticket_id))
table = self.plugin_configuration.get(ticket_type_section, "table", required=True).strip()
templ = self.plugin_configuration.get(ticket_type_section, "query", required=True).strip()
self.logger.debug("ServiceNow query template: {}".format(templ))
query = Template(templ).substitute(Filter(self.connection), ticket_id=ticket_id, username=self.mfa_identity)
self.logger.debug("ServiceNow query: {}".format(query))
try:
resource = ServiceNowClient.from_config(self.plugin_configuration).get_resource("/table/{}".format(table))
response = resource.get(query=query, stream=True)
result = response.first_or_none()
except HTTPError as e:
self.logger.debug(self.ERROR_MESSAGE_TEMPLATE.format(error=str(e), details=""))
return AAResponse.deny(reason=self.DENY_REASON_TEMPLATE.format(ticket_id=ticket_id))
except ResponseError as e:
self.logger.debug(self.ERROR_MESSAGE_TEMPLATE.format(error=e.message, details=e.detail))
return AAResponse.deny(reason=self.DENY_REASON_TEMPLATE.format(ticket_id=ticket_id))
except Exception as e:
self.logger.debug("Unknow error occured. Cannot verify ServiceNow request: {}".format(str(e)))
return AAResponse.deny(reason=self.DENY_REASON_TEMPLATE.format(ticket_id=ticket_id))
if result:
self._update_service_now_ticket(resource, ticket_id)
return AAResponse.accept(reason="Verified ServiceNow request: {}".format(ticket_id))
else:
return AAResponse.deny(
reason="Ticket verification failed. No ServiceNow request matched by the provided query")
def _get_verdict(self, response):
response_id = self._extract_info(response, "errorId")
response_msg = self._extract_info(response, "errorMsg")
if response_id == 200:
logger.info("Authentication successful")
return AAResponse.accept(reason="Authentication successful")
logger.info("Authentication failure; id=%i, msg=%s", response_id, response_msg)
return AAResponse.deny(reason=self._get_reason(response))
def do_authorize(self):
target_hosts = self._resolve_ip(self.connection.target_server)
if self._hosts_for_groups_match(
target_hosts, self.connection.
gateway_groups) or self._groups_for_hosts_match(
target_hosts, self.connection.gateway_groups):
return AAResponse.accept()
else:
return AAResponse.deny()
def _select_device(self):
if not self._selection:
self.logger.info("Device selection disabled, rejecting connection")
return AAResponse.deny(reason="Device selection disabled")
devices = self._get_devices()
if not devices:
self.logger.info("No devices to select from, rejecting connection")
return AAResponse.deny(reason="No devices to select from")
message = ""
self._device_index_map = {}
for position, device in enumerate(devices, start=1):
message += "{}) {}\n".format(position, device["nickname"])
self._device_index_map[position] = device["deviceId"]
message += "Please select a device: "
self.logger.debug("Prompting user to select a device; device_ids=%s", self._device_index_map)
return AAResponse.need_info(message, "selected_device")
def do_authenticate(self):
reason = None
self._client = self._client or Client.from_config(
self.plugin_configuration, self._get_device_id(), self._push_display_text
)
try:
return self._dispatch()
except InvalidDeviceSelection as e:
self.logger.info("Invalid device selected: %s", e)
reason = "Invalid device selected."
except ResponseError as e:
self.logger.error("Invalid response: %s", e, exc_info=self._stacktrace)
reason = "Invalid response from PingID API."
except Exception as e:
self.logger.error("Unexpected error: %s: %s", type(e), e, exc_info=self._stacktrace)
return AAResponse.deny(reason=reason)