Skip to content
This repository has been archived by the owner on May 18, 2021. It is now read-only.

Commit

Permalink
Fix session ID handling
Browse files Browse the repository at this point in the history
  • Loading branch information
Evan Culver committed Jul 22, 2020
1 parent 3ab9dff commit 05089ad
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 4 deletions.
9 changes: 6 additions & 3 deletions lib/duo.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,12 @@ type DuoClient struct {
Callback string
Device string
StateToken string
FactorID string
}

type StatusResp struct {
Response struct {
SessionID string `json:"sid"`
U2FSignRequest []struct {
Version string `json:"version"`
Challenge string `json:"challenge"`
Expand All @@ -57,12 +59,13 @@ type PromptResp struct {
Stat string `json:"stat"`
}

func NewDuoClient(host, signature, callback string) *DuoClient {
func NewDuoClient(host, signature, callback, factorID string) *DuoClient {
return &DuoClient{
Host: host,
Signature: signature,
Device: "phone1",
Callback: callback,
FactorID: factorID,
}
}

Expand Down Expand Up @@ -460,7 +463,7 @@ func (d *DuoClient) DoStatus(txid, sid string) (auth string, status StatusResp,

if status.Response.Result == "SUCCESS" {
if status.Response.ResultURL != "" {
auth, err = d.DoRedirect(status.Response.ResultURL, sid)
auth, err = d.DoRedirect(status.Response.ResultURL, status.Response.SessionID)
} else {
auth = status.Response.Cookie
}
Expand Down Expand Up @@ -514,7 +517,7 @@ func (d *DuoClient) DoCallback(auth string) (err error) {

client := &http.Client{}

callbackData := "stateToken=" + d.StateToken + "&sig_response=" + sigResp
callbackData := "id=" + d.FactorID + "&stateToken=" + d.StateToken + "&sig_response=" + sigResp
req, err = http.NewRequest("POST", d.Callback, bytes.NewReader([]byte(callbackData)))
if err != nil {
return
Expand Down
3 changes: 2 additions & 1 deletion lib/okta.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@ func (o *OktaClient) AuthenticateProfile3(profileARN string, duration time.Durat
// Clear DT cookie before starting AuthN flow again. Bug #279.
o.CookieJar.SetCookies(o.BaseURL, []*http.Cookie{
{
Name: "DT",
Name: "DT",
MaxAge: -1,
},
})
Expand Down Expand Up @@ -412,6 +412,7 @@ func (o *OktaClient) postChallenge(payload []byte, oktaFactorProvider string, ok
Callback: f.Embedded.Verification.Links.Complete.Href,
Device: o.MFAConfig.DuoDevice,
StateToken: o.UserAuth.StateToken,
FactorID: f.Id,
}

log.Debugf("Host:%s\nSignature:%s\nStateToken:%s\n",
Expand Down

1 comment on commit 05089ad

@eugene-dounar
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@eculver thanks for fixing that, you saved my day!

Please sign in to comment.