From e42f40980abd3c901a3244aed0a66dcab42bae30 Mon Sep 17 00:00:00 2001 From: Ben Jansen Date: Thu, 8 Feb 2024 11:13:01 -0800 Subject: [PATCH 1/3] Add sessionToken to dict where step-up code expects it Sometimes, Okta requires a step-up authentication when accessing the AWS Okta application. The Duo Universal prompt support worked in the case where step-up was not required, but returned a session data structure that the step-up handling code did not expect. I've changed the Duo Universal Prompt auth to return sessionToken where get_saml_response() expects to find it for use in step-up authentication. --- gimme_aws_creds/duo_universal.py | 3 ++- tests/test_duo_universal_client.py | 11 +++++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/gimme_aws_creds/duo_universal.py b/gimme_aws_creds/duo_universal.py index e3a3c6b..eebbba0 100644 --- a/gimme_aws_creds/duo_universal.py +++ b/gimme_aws_creds/duo_universal.py @@ -68,7 +68,8 @@ def do_auth(self): "username": okta_profile_login, "session": self.session.cookies['sid'], "device_token": self.session.cookies['DT'] - } + }, + 'sessionToken': self.session.cookies['sid'] }, } diff --git a/tests/test_duo_universal_client.py b/tests/test_duo_universal_client.py index ac08c06..56b282d 100644 --- a/tests/test_duo_universal_client.py +++ b/tests/test_duo_universal_client.py @@ -4,9 +4,9 @@ import requests import responses -from tests import read_fixture from gimme_aws_creds.duo_universal import OktaDuoUniversal +from tests import read_fixture from tests.user_interface_mock import MockUserInterface @@ -135,7 +135,8 @@ def test_universal_push(self): 'username': self.OKTA_LOGIN, 'session': self.OKTA_SID_VALUE, 'device_token': self.OKTA_DT_VALUE - } + }, + 'sessionToken': 'oktasidvalue', }, } @@ -157,7 +158,8 @@ def test_universal_phone_call(self): 'username': self.OKTA_LOGIN, 'session': self.OKTA_SID_VALUE, 'device_token': self.OKTA_DT_VALUE - } + }, + 'sessionToken': 'oktasidvalue', }, } @@ -180,7 +182,8 @@ def test_universal_passcode(self): 'username': self.OKTA_LOGIN, 'session': self.OKTA_SID_VALUE, 'device_token': self.OKTA_DT_VALUE - } + }, + 'sessionToken': 'oktasidvalue', }, } From d4314e6793f937903a05a893437ff7021af49379 Mon Sep 17 00:00:00 2001 From: Eric Pierce Date: Mon, 12 Feb 2024 07:34:01 -0800 Subject: [PATCH 2/3] Bump version number --- gimme_aws_creds/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gimme_aws_creds/__init__.py b/gimme_aws_creds/__init__.py index 112c5e4..5d1c099 100644 --- a/gimme_aws_creds/__init__.py +++ b/gimme_aws_creds/__init__.py @@ -1,2 +1,2 @@ __all__ = ['config', 'aws', 'main', 'ui', 'common', 'default', 'duo', 'errors', 'okta_classic', 'okta_identity_engine', 'registered_authenticators', 'u2f', 'webauthn'] -version = '2.7.2' +version = '2.8.0' From b2e1b724caa16a05124b93696a58ff4da53d725f Mon Sep 17 00:00:00 2001 From: Eric Pierce Date: Mon, 12 Feb 2024 12:04:11 -0800 Subject: [PATCH 3/3] update package setup file to work with pyproject.toml --- pyproject.toml | 2 +- setup.py | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 223b5c0..49199cb 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,3 +1,3 @@ [build-system] requires = ["setuptools", "setuptools-rust", "gimme_aws_creds"] -build-backend = "setuptools.build_meta" +build-backend = "setuptools.build_meta" \ No newline at end of file diff --git a/setup.py b/setup.py index c281b96..10961e7 100644 --- a/setup.py +++ b/setup.py @@ -1,13 +1,11 @@ from setuptools import setup, find_packages -import gimme_aws_creds - with open('requirements.txt') as f: requirements = f.read().splitlines() setup( - name='gimme aws creds', - version=gimme_aws_creds.version, + name='gimme-aws-creds', + version='2.8.0', install_requires=requirements, author='Eric Pierce', author_email='eric.pierce@nike.com',