zamzterz/2fa.py

## 2fa.py
from satosa.exception import SATOSAAuthenticationError
from satosa.internal_data import InternalResponse
from satosa.micro_services.base import ResponseMicroService
from satosa.response import Response

STATE_KEY = "2fa"


class SecondFactorAuth(ResponseMicroService):
    def process(self, context, internal_response):
        context.state[STATE_KEY] = internal_response.to_dict()
        return Response("""
        <html><body><form action="/2fa/confirm">
        <input type="text" name="code">
        <button type="submit">Submit</button>
        </form>
        </body></html>""")

    def confirm(self, context):
        if context.request["code"] != "1234":
            raise SATOSAAuthenticationError(context.state, "Second factor auth failed")

        saved_state = context.state[STATE_KEY]
        internal_response = InternalResponse.from_dict(saved_state)
        return super().process(context, internal_response)

    def register_endpoints(self):
        return [("^2fa/confirm$", self.confirm)]

## 2fa.yaml
module: 2fa.SecondFactorAuth
name: SecondFactor

## proxy_conf.yaml
BASE: https://localhost:10000
INTERNAL_ATTRIBUTES: "internal_attributes.yaml"
COOKIE_STATE_NAME: "SATOSA_STATE"
STATE_ENCRYPTION_KEY: "asdASD123"
USER_ID_HASH_SALT: "61a89d2db0b9e1e27d490d050b478fe71f352fddd3528a44157f43e339c6c62f2362fb413179937d96172bf84233317"
BACKEND_MODULES:
  - "plugins/saml2_backend.yaml"
FRONTEND_MODULES:
  - "plugins/saml2_frontend.yaml"
CUSTOM_PLUGIN_MODULE_PATHS:
  - "<path to directory containing 2fa.py>"
MICRO_SERVICES:
  - "plugins/2fa.yaml"
	from satosa.exception import SATOSAAuthenticationError
	from satosa.internal_data import InternalResponse
	from satosa.micro_services.base import ResponseMicroService
	from satosa.response import Response

	STATE_KEY = "2fa"


	class SecondFactorAuth(ResponseMicroService):
	def process(self, context, internal_response):
	context.state[STATE_KEY] = internal_response.to_dict()
	return Response("""
	<html><body><form action="/2fa/confirm">
	<input type="text" name="code">
	<button type="submit">Submit</button>
	</form>
	</body></html>""")

	def confirm(self, context):
	if context.request["code"] != "1234":
	raise SATOSAAuthenticationError(context.state, "Second factor auth failed")

	saved_state = context.state[STATE_KEY]
	internal_response = InternalResponse.from_dict(saved_state)
	return super().process(context, internal_response)

	def register_endpoints(self):
	return [("^2fa/confirm$", self.confirm)]
	BASE: https://localhost:10000
	INTERNAL_ATTRIBUTES: "internal_attributes.yaml"
	COOKIE_STATE_NAME: "SATOSA_STATE"
	STATE_ENCRYPTION_KEY: "asdASD123"
	USER_ID_HASH_SALT: "61a89d2db0b9e1e27d490d050b478fe71f352fddd3528a44157f43e339c6c62f2362fb413179937d96172bf84233317"
	BACKEND_MODULES:
	- "plugins/saml2_backend.yaml"
	FRONTEND_MODULES:
	- "plugins/saml2_frontend.yaml"
	CUSTOM_PLUGIN_MODULE_PATHS:
	- "<path to directory containing 2fa.py>"
	MICRO_SERVICES:
	- "plugins/2fa.yaml"