Merge pull request #211 from cevoaustralia/support-db-challenge-type

Add DP challenge support.
cevoaustralia · Jan 28, 2021 · f5c71e7 · f5c71e7
2 parents d473d67 + 783d0ce
commit f5c71e7
Show file tree

Hide file tree

Showing 6 changed files with 149 additions and 198 deletions.
diff --git a/README.rst b/README.rst
@@ -119,7 +119,7 @@ Usage
                            [--bg-response BG_RESPONSE]
                            [--saml-assertion SAML_ASSERTION] [--no-cache]
                            [--print-creds] [--resolve-aliases]
-                           [--save-failure-html] [-a | -r ROLE_ARN] [-k]
+                           [--save-failure-html] [--save-saml-flow] [-a | -r ROLE_ARN] [-k]
                            [-l {debug,info,warn}] [-V]
 
     Acquire temporary AWS credentials via Google SSO
@@ -151,6 +151,7 @@ Usage
       --resolve-aliases     Resolve AWS account aliases.
       --save-failure-html   Write HTML failure responses to file for
                             troubleshooting.
+      --save-saml-flow      Write all GET and PUT requests and HTML responses to/from Google to files for troubleshooting.
       -a, --ask-role        Set true to always pick the role
       -r ROLE_ARN, --role-arn ROLE_ARN
                             The ARN of the role to assume ($AWS_ROLE_ARN)
@@ -260,19 +261,19 @@ by this tool are:
 +==================+=====================================+
 | No second factor | (none)                              |
 +------------------+-------------------------------------+
-| TOTP (eg Google  | ``.../signin/challenge/totp/2?...`` |
+| TOTP (eg Google  | ``.../signin/challenge/totp/...`` |
 |  Authenticator   |                                     |
 |  or Authy)       |                                     |
 +------------------+-------------------------------------+
-| SMS (or voice    | ``.../signin/challenge/ipp/2?...``  |
+| SMS (or voice    | ``.../signin/challenge/ipp/...``  |
 |  call)           |                                     |
 +------------------+-------------------------------------+
 | SMS (or voice    | ``.../signin/challenge/iap/...``    |
 |  call) with      |                                     |
 |  number          |                                     |
 |  submission      |                                     |
 +------------------+-------------------------------------+
-| Google Prompt    | ``.../signin/challenge/az/2?...``   |
+| Google Prompt    | ``.../signin/challenge/az/...``   |
 |  (phone app)     |                                     |
 +------------------+-------------------------------------+
 | Security key     | ``.../signin/challenge/sk/...``     |

diff --git a/aws_google_auth/__init__.py b/aws_google_auth/__init__.py
@@ -41,6 +41,7 @@ def parse_args(args):
     parser.add_argument('--print-creds', action='store_true', help='Print Credentials.')
     parser.add_argument('--resolve-aliases', action='store_true', help='Resolve AWS account aliases.')
     parser.add_argument('--save-failure-html', action='store_true', help='Write HTML failure responses to file for troubleshooting.')
+    parser.add_argument('--save-saml-flow', action='store_true', help='Write all GET and PUT requests and HTML responses to/from Google to files for troubleshooting.')
 
     role_group = parser.add_mutually_exclusive_group()
     role_group.add_argument('-a', '--ask-role', action='store_true', help='Set true to always pick the role')
@@ -238,7 +239,7 @@ def process_auth(args, config):
         # Validate Options
         config.raise_if_invalid()
 
-        google_client = google.Google(config, args.save_failure_html)
+        google_client = google.Google(config, save_failure=args.save_failure_html, save_flow=args.save_saml_flow)
         google_client.do_login()
         saml_xml = google_client.parse_saml()
         logging.debug('%s: saml assertion is: %s', __name__, saml_xml)

diff --git a/aws_google_auth/_version.py b/aws_google_auth/_version.py
@@ -1 +1 @@
-__version__ = "0.0.36"
+__version__ = "0.0.37"