Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def duo_mfa_verify(duo_info, txid):
"""Verify MFA challenge completion.
After the user has received the MFA challenge, query the Duo API
until the challenge is completed.
:param duo_info: dict of parameters for Duo.
:param mfa_option: the user's selected second factor.
:return txid: Duo transaction ID used to track this auth attempt.
"""
url = "https://{}/frame/status".format(duo_info["host"])
challenged_mfa = helpers.prepare_payload(txid=txid, sid=duo_info["sid"])
challenge_result = None
while True:
logging.debug("Waiting for MFA challenge response")
mfa_result = duo_api_post(url, payload=challenged_mfa)
verify_mfa = get_mfa_response(mfa_result)
challenge_result, challenge_reason = parse_challenge(
verify_mfa, challenge_result)
if challenge_result is None:
continue
elif challenge_result == "success":
logging.debug("Successful MFA challenge received")
break
elif challenge_result == "failure":
logging.critical("MFA challenge has failed:"
factor_options = get_duo_devices(duo_auth_response)
mfa_index = helpers.select_preferred_mfa_index(
factor_options, factor_key="factor", subfactor_key="device")
mfa_option = factor_options[mfa_index]
logging.debug("Selected MFA is [{}]".format(mfa_option))
passcode = set_passcode(mfa_option)
txid = duo_mfa_challenge(duo_info, mfa_option, passcode)
verify_mfa = duo_mfa_verify(duo_info, txid)
# Make factor callback to Duo
sig_response = duo_factor_callback(duo_info, verify_mfa)
# Prepare for Okta callback
payload = helpers.prepare_payload(id=duo_info["factor_id"],
sig_response=sig_response,
stateToken=duo_info["state_token"])
headers = {}
headers["content-type"] = "application/json"
headers["accept"] = "application/json"
return payload, headers, duo_info["okta_callback_url"]
"""
logging.debug("Handle user MFA options")
logging.debug("User MFA options selected: [{}]".format(
selected_mfa_option['factorType']))
if selected_mfa_option['factorType'] == 'push':
return push_approval(headers, mfa_challenge_url, payload)
if settings.mfa_response is None:
logging.debug("Getting verification code from user.")
print('Type verification code and press Enter')
settings.mfa_response = helpers.get_input()
# time to verify the mfa method
payload = helpers.prepare_payload(
stateToken=primary_auth['stateToken'], passCode=settings.mfa_response)
mfa_verify = okta_verify_api_method(mfa_challenge_url, payload, headers)
logging.debug("mfa_verify [{}]".format(json.dumps(mfa_verify)))
return mfa_verify