def otp_authenticate(self, username, otp):
if otp == '1234':
# The code may return an AAResponse (dict) which will be passed through to SPS
return AAResponse.need_info('Are you sure?', 'confirm')
else:
# Contact the service at self.server_url and actually check the OTP
# Returning True means returning ACCEPT as verdict
return True
def test_otp_ask_for_new_otp_if_already_used(client, duo_user, interactive):
otp = interactive.askforinput("Please enter the previous OTP")
result = client.otp_authenticate(duo_user, otp)
assert result == AAResponse.need_info(
**{
"key": "otp",
"question": "This passcode has already been used. Please generate a new passcode and try again. ",
"disable_echo": False,
}
)
def _check_auth_result(self, auth_result):
msg = "This passcode has already been used. Please generate a new passcode and try again."
if auth_result["status_msg"] == msg and not self._second_try:
return AAResponse.need_info(
**{
"key": "otp",
"question": msg + " ",
"disable_echo": self._disable_echo
})
if auth_result["result"] != "allow":
raise MFAAuthenticationFailure(auth_result["status_msg"])
return True
def _select_device(self):
if not self._selection:
self.logger.info("Device selection disabled, rejecting connection")
return AAResponse.deny(reason="Device selection disabled")
devices = self._get_devices()
if not devices:
self.logger.info("No devices to select from, rejecting connection")
return AAResponse.deny(reason="No devices to select from")
message = ""
self._device_index_map = {}
for position, device in enumerate(devices, start=1):
message += "{}) {}\n".format(position, device["nickname"])
self._device_index_map[position] = device["deviceId"]
message += "Please select a device: "
self.logger.debug("Prompting user to select a device; device_ids=%s", self._device_index_map)
return AAResponse.need_info(message, "selected_device")