Merge pull request #43 from Adnuntius/jp_2fa_fixes

/authenticate/2fa no longer returns the access token on failure
Adnuntius · Jan 18, 2022 · b163441 · b163441
2 parents 1bfab92 + 1875304
commit b163441
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 10 deletions.
diff --git a/adnuntius/__init__.py b/adnuntius/__init__.py
@@ -1 +1 @@
-__version__ = "1.10.1"
+__version__ = "1.10.2"
diff --git a/adnuntius/api.py b/adnuntius/api.py
@@ -364,7 +364,7 @@ def __do_two_factor_auth(self):
  code = self.api.two_factor_code_provider()
  else:
  self.authorisation = None
- raise RuntimeError("Two Factor authentication failed: api.two_factor_code_provider not defined")
+ raise RuntimeError("2FA setup failure: api.two_factor_code_provider not defined")
 
  data = {'code': code}
  endpoint = "/authenticate/2fa"
@@ -373,16 +373,21 @@ def __do_two_factor_auth(self):
  headers.update(self.api.headers)
  headers.update(self.authorisation)
 
- r = self.handle_err(self.session.post(self.baseUrl + endpoint, data=json.dumps(data),
+ try:
+ r = self.handle_err(self.session.post(self.baseUrl + endpoint, data=json.dumps(data),
  params=self.api.defaultAuthArgs, headers=headers))
- response = r.json()
- if 'access_token' not in response:
+ except RuntimeError as e:
+ # for a failed 2fa, we need to clear the 2FA authorisation field
+ # the api will retry the entire auth process again for the next call
  self.authorisation = None
- raise RuntimeError("API authentication failed in POST " + r.url)
+ raise e
 
- if 'scope' in response and response['scope'] == 'TWO_FACTOR_AUTH':
+ response = r.json()
+ # a normal Authentication failure will already have been raised above, this catches
+ # a unexpected situation where there is no access token
+ if 'access_token' not in response:
  self.authorisation = None
- raise RuntimeError("Two Factor authentication failed in POST " + r.url)
+ raise RuntimeError("Unexpected 2FA authentication failure in POST " + r.url)
 
  self.authorisation = {'Authorization': 'Bearer ' + response['access_token']}
  self.auth_time = time.time()
@@ -405,10 +410,13 @@ def __do_password_auth(self):
 
  r = self.handle_err(self.session.post(self.baseUrl + endpoint, data=json.dumps(data),
  params=self.api.defaultAuthArgs, headers=headers))
+
  response = r.json()
+ # a normal Authentication failure will already have been raised above, this catches
+ # a unexpected situation where there is no access token
  if 'access_token' not in response:
  self.authorisation = None
- raise RuntimeError("API authentication failed in POST " + r.url)
+ raise RuntimeError("Unexpected API authentication failed in POST " + r.url)
 
  self.authorisation = {'Authorization': 'Bearer ' + response['access_token']}
 

diff --git a/setup.py b/setup.py
@@ -5,7 +5,7 @@
 README = (HERE / "README.md").read_text()
 setup(
  name="adnuntius",
- version="1.10.1",
+ version="1.10.2",
  description="Interface and tools for using the Adnuntius API",
  long_description="Interface and tools for using the Adnuntius API",
  url="https://github.com/Adnuntius/api-tools",