Skip to content
This repository has been archived by the owner on May 18, 2021. It is now read-only.

Fix session ID handling #293

Merged
merged 1 commit into from
Jul 22, 2020
Merged

Fix session ID handling #293

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions lib/duo.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,12 @@ type DuoClient struct {
Callback string
Device string
StateToken string
FactorID string
}

type StatusResp struct {
Response struct {
SessionID string `json:"sid"`
U2FSignRequest []struct {
Version string `json:"version"`
Challenge string `json:"challenge"`
Expand All @@ -57,12 +59,13 @@ type PromptResp struct {
Stat string `json:"stat"`
}

func NewDuoClient(host, signature, callback string) *DuoClient {
func NewDuoClient(host, signature, callback, factorID string) *DuoClient {
return &DuoClient{
Host: host,
Signature: signature,
Device: "phone1",
Callback: callback,
FactorID: factorID,
}
}

Expand Down Expand Up @@ -460,7 +463,7 @@ func (d *DuoClient) DoStatus(txid, sid string) (auth string, status StatusResp,

if status.Response.Result == "SUCCESS" {
if status.Response.ResultURL != "" {
auth, err = d.DoRedirect(status.Response.ResultURL, sid)
auth, err = d.DoRedirect(status.Response.ResultURL, status.Response.SessionID)
} else {
auth = status.Response.Cookie
}
Expand Down Expand Up @@ -514,7 +517,7 @@ func (d *DuoClient) DoCallback(auth string) (err error) {

client := &http.Client{}

callbackData := "stateToken=" + d.StateToken + "&sig_response=" + sigResp
callbackData := "id=" + d.FactorID + "&stateToken=" + d.StateToken + "&sig_response=" + sigResp
req, err = http.NewRequest("POST", d.Callback, bytes.NewReader([]byte(callbackData)))
if err != nil {
return
Expand Down
3 changes: 2 additions & 1 deletion lib/okta.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@ func (o *OktaClient) AuthenticateProfile3(profileARN string, duration time.Durat
// Clear DT cookie before starting AuthN flow again. Bug #279.
o.CookieJar.SetCookies(o.BaseURL, []*http.Cookie{
{
Name: "DT",
Name: "DT",
MaxAge: -1,
},
})
Expand Down Expand Up @@ -412,6 +412,7 @@ func (o *OktaClient) postChallenge(payload []byte, oktaFactorProvider string, ok
Callback: f.Embedded.Verification.Links.Complete.Href,
Device: o.MFAConfig.DuoDevice,
StateToken: o.UserAuth.StateToken,
FactorID: f.Id,
}

log.Debugf("Host:%s\nSignature:%s\nStateToken:%s\n",
Expand Down