diff --git a/README.md b/README.md index 359acc3..2951f90 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,7 @@ The following values can either be added to the `config.yaml` file or entered wh - PlexTrac Top Level Domain e.g. https://yourapp.plextrac.com - Username - Password +- Auth token for SSO ## Script Execution Flow - Authenticates user to provided instance of Plextrac diff --git a/utils/auth_handler.py b/utils/auth_handler.py index 2689be5..195b64c 100644 --- a/utils/auth_handler.py +++ b/utils/auth_handler.py @@ -111,50 +111,56 @@ def handle_authentication(self): log.info('---Starting Authorization---') self.handle_instance_url() - - if self.username == None: - self.username = input.prompt_user("Please enter your PlexTrac username") - else: - log.info(f'Using username from config...') - if self.password == None: - self.password = getpass(prompt="Password: ") - else: - log.info(f'Using password from config...') - - authenticate_data = { - "username": self.username, - "password": self.password - } - - response = api._authentication.authenticate.authentication(self.base_url, self.auth_headers, authenticate_data) - - # the following conditional can fail due to: - # - invalid credentials - # - if the instance is setup to requre mfa and use user does not have mfa setup - # - other - # the api response is purposely non-descript to prevent gaining information about the authentication process - if response.json.get('status') != "success": - if input.retry("Could not authenticate with entered credentials."): - self.username = None - self.password = None - self.tenant_id = None - return self.handle_authentication() - - self.tenant_id = response.json.get('tenant_id') - - if response.json.get('mfa_enabled'): - log.info('MFA detected for user') - - mfa_auth_data = { - "code": response.json.get('code'), - "token": input.prompt_user("Please enter your 6 digit MFA code") - } + log.info(f'Available login method:\n1. Username & Password\n2. Auth Token') + method = input.prompt_user("Please choose which method to use for login(1 or 2)") + if method == "1": + if self.username == None: + self.username = input.prompt_user("Please enter your PlexTrac username") + else: + log.info(f'Using username from config...') + if self.password == None: + self.password = getpass(prompt="Password: ") + else: + log.info(f'Using password from config...') - response = api._authentication.authenticate.multi_factor_authentication(self.base_url, self.auth_headers, mfa_auth_data) + authenticate_data = { + "username": self.username, + "password": self.password + } + response = api._authentication.authenticate.authentication(self.base_url, self.auth_headers, authenticate_data) + # the following conditional can fail due to: + # - invalid credentials + # - if the instance is setup to requre mfa and use user does not have mfa setup + # - other + # the api response is purposely non-descript to prevent gaining information about the authentication process if response.json.get('status') != "success": - if input.retry("Invalid MFA Code."): + if input.retry("Could not authenticate with entered credentials."): + self.username = None + self.password = None + self.tenant_id = None return self.handle_authentication() + + self.tenant_id = response.json.get('tenant_id') + + if response.json.get('mfa_enabled'): + log.info('MFA detected for user') + + mfa_auth_data = { + "code": response.json.get('code'), + "token": input.prompt_user("Please enter your 6 digit MFA code") + } + + response = api._authentication.authenticate.multi_factor_authentication(self.base_url, self.auth_headers, mfa_auth_data) + if response.json.get('status') != "success": + if input.retry("Invalid MFA Code."): + return self.handle_authentication() + + self.add_auth_header(response.json.get('token')) + elif method == "2": + auth = input.prompt_user("Insert token") + self.add_auth_header(auth) + else: + log.info(f'Please only choose 1 or 2 for the login method.') - self.add_auth_header(response.json.get('token')) self.time_since_last_auth = time.time() log.success('Authenticated')