diff --git a/pkg/provider/authentik/authentik.go b/pkg/provider/authentik/authentik.go index de6d828aa..71032721a 100644 --- a/pkg/provider/authentik/authentik.go +++ b/pkg/provider/authentik/authentik.go @@ -14,6 +14,7 @@ import ( "github.com/versent/saml2aws/v2/pkg/cfg" "github.com/versent/saml2aws/v2/pkg/creds" + "github.com/versent/saml2aws/v2/pkg/prompter" "github.com/versent/saml2aws/v2/pkg/provider" ) @@ -222,6 +223,10 @@ func getLoginJSON(loginDetails *creds.LoginDetails, payload *authentikPayload) ( m["password"] = loginDetails.Password case "ak-stage-authenticator-validate": + if loginDetails.MFAToken == "" { + loginDetails.MFAToken = prompter.RequestSecurityCode("000000") + } + m["code"] = loginDetails.MFAToken default: return []byte(""), errors.New("unknown component: " + component) diff --git a/pkg/provider/authentik/authentik_test.go b/pkg/provider/authentik/authentik_test.go index bcc0e12b7..2c819b27c 100644 --- a/pkg/provider/authentik/authentik_test.go +++ b/pkg/provider/authentik/authentik_test.go @@ -6,8 +6,10 @@ import ( "github.com/h2non/gock" "github.com/stretchr/testify/assert" + "github.com/versent/saml2aws/v2/mocks" "github.com/versent/saml2aws/v2/pkg/cfg" "github.com/versent/saml2aws/v2/pkg/creds" + "github.com/versent/saml2aws/v2/pkg/prompter" ) func Test_getLoginJSON(t *testing.T) { @@ -50,6 +52,31 @@ func Test_getLoginJSON(t *testing.T) { assert.NotNil(err) } +// Test_getLoginJSONPromptsForMFAToken when no MFA token is provided via the CLI, +// the user should be prompted for it. +func Test_getLoginJSONPromptsForMFAToken(t *testing.T) { + assert := assert.New(t) + + pr := &mocks.Prompter{} + prompter.SetPrompter(pr) + pr.Mock.On("RequestSecurityCode", "000000").Return("123456") + + loginDetails := &creds.LoginDetails{ + Username: "user", + Password: "pwd", + URL: "https://127.0.0.1/sso/init", + } + payload := &authentikPayload{ + Component: "ak-stage-authenticator-validate", + Type: "native", + } + b, err := getLoginJSON(loginDetails, payload) + assert.Nil(err) + assert.Equal(string(b), "{\"code\":\"123456\",\"component\":\"ak-stage-authenticator-validate\"}") + assert.Equal("123456", loginDetails.MFAToken) + pr.Mock.AssertCalled(t, "RequestSecurityCode", "000000") +} + func Test_queryNextURL(t *testing.T) { assert := assert.New(t) url, err := queryNextURL("https://127.0.0.1/if/flow/default-authentication-flow/?next=/application/saml/aws/sso/binding/init/")