diff options
| author | spencermaxfield <36614511+spencermaxfield@users.noreply.github.com> | 2018-12-03 15:51:27 -0500 |
|---|---|---|
| committer | Xander Desai <xdesai@duosecurity.com> | 2018-12-03 15:51:27 -0500 |
| commit | 6e18d49664e93676b989903eff6e7c6ca164976b (patch) | |
| tree | a92f6eaf7ade88789443e17a5013a2dbd5538cee | |
| parent | 16e2f31766351f8146a1d1fc85ab141db0ee1d3f (diff) | |
| download | openvpn-duo-plugin-6e18d49664e93676b989903eff6e7c6ca164976b.tar.gz openvpn-duo-plugin-6e18d49664e93676b989903eff6e7c6ca164976b.zip | |
Pass ipaddr to preauth so duo_openvpn can make use of Authorized Netw… (#25)
* Pass ipaddr to preauth so duo_openvpn can make use of Authorized Networks
| -rwxr-xr-x | duo_openvpn.py | 7 | ||||
| -rw-r--r-- | test_duo_openvpn.py | 23 |
2 files changed, 25 insertions, 5 deletions
diff --git a/duo_openvpn.py b/duo_openvpn.py index eb3a55c..a82839a 100755 --- a/duo_openvpn.py +++ b/duo_openvpn.py @@ -302,11 +302,12 @@ def failure(control): sys.exit(1) -def preauth(client, control, username): +def preauth(client, control, username, ipaddr): log('pre-authentication for %s' % username) response = client.json_api_call('POST', '/rest/v1/preauth', { - 'user': username, + 'user': username, + 'ipaddr': ipaddr }) result = response.get('result') @@ -389,7 +390,7 @@ def main(Client=Client, environ=os.environ): ) try: - default_factor = preauth(client, control, username) + default_factor = preauth(client, control, username, ipaddr) except Exception, e: log(str(e)) failure(control) diff --git a/test_duo_openvpn.py b/test_duo_openvpn.py index 86420d5..df13d10 100644 --- a/test_duo_openvpn.py +++ b/test_duo_openvpn.py @@ -46,7 +46,10 @@ class TestIntegration(unittest.TestCase): PROXY_HOST = 'expected proxy host' PROXY_PORT = 'expected proxy port' EXPECTED_USER_AGENT = 'duo_openvpn/' + duo_openvpn.__version__ - EXPECTED_PREAUTH_PARAMS = 'user=expected+username' + EXPECTED_PREAUTH_PARAMS = ( + 'ipaddr=expected_ipaddr' + '&user=expected+username' + ) EXPECTED_AUTH_PATH = '/rest/v1/auth' EXPECTED_PREAUTH_PATH = '/rest/v1/preauth' EXPECTED_AUTH_PARAMS = ( @@ -330,7 +333,23 @@ class TestIntegration(unittest.TestCase): def test_auth_no_ipaddr(self): environ = self.normal_environ() environ.pop('ipaddr') - self.expect_preauth('auth') + self.expect_request( + method='POST', + path=self.EXPECTED_PREAUTH_PATH, + params='ipaddr=0.0.0.0' + '&user=expected+username', + response=MockResponse( + status=200, + body=json.dumps({ + 'stat': 'OK', + 'response': { + 'result': 'auth', + 'status': 'expected status', + 'factors': {'default': 'push1'}, + }, + }), + ), + ) self.expect_request( method='POST', path=self.EXPECTED_AUTH_PATH, |