-
Notifications
You must be signed in to change notification settings - Fork 55
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Duo Auth - 18610 - Updated dependencies and SDK to the latest version (…
- Loading branch information
1 parent
7f8dca9
commit d823324
Showing
52 changed files
with
432 additions
and
5,284 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,15 @@ | ||
{ | ||
"spec": "9a9da19b82f3ad4f23ab7a0725695422", | ||
"manifest": "48735bedd2e407af0784bdd90e706896", | ||
"setup": "d0fc4557b513a4944506a2e885cd0a32", | ||
"spec": "ff85d692a483975710c09a54310d6e74", | ||
"manifest": "c0f72d9ea137585ca83d612bfd3c23bb", | ||
"setup": "426658221d9fe1e3eca5dca34163072a", | ||
"schemas": [ | ||
{ | ||
"identifier": "auth/schema.py", | ||
"hash": "fbc5545cf3c14ba63cabf57255f3273d" | ||
"hash": "3730109fc4e5ae4a226cec9d4caaed6c" | ||
}, | ||
{ | ||
"identifier": "connection/schema.py", | ||
"hash": "b4dd28f9a040343bb03350fc8a29d096" | ||
"hash": "3507436916c3cb62d4113a3d5092ac33" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,20 @@ | ||
FROM komand/python-3-37-slim-plugin:3 | ||
FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.3 | ||
|
||
# Add any custom package dependencies here | ||
# NOTE: Add pip packages to requirements.txt | ||
LABEL organization=rapid7 | ||
LABEL sdk=python | ||
|
||
# End package dependencies | ||
|
||
# Add source code | ||
WORKDIR /python/src | ||
|
||
ADD ./plugin.spec.yaml /plugin.spec.yaml | ||
ADD . /python/src | ||
ADD ./requirements.txt /python/src/requirements.txt | ||
|
||
# Install pip dependencies | ||
RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | ||
|
||
# Install plugin | ||
ADD . /python/src | ||
|
||
RUN python setup.py build && python setup.py install | ||
|
||
ENTRYPOINT ["/usr/local/bin/komand_duo_auth"] | ||
# User to run plugin code. The two supported users are: root, nobody | ||
USER nobody | ||
|
||
ENTRYPOINT ["/usr/local/bin/komand_duo_auth"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,6 @@ | ||
# Description | ||
|
||
[Duo](https://duo.com/)'s Trusted Access platform verifies the identity of your users with two-factor authentication and | ||
security health of their devices before they connect to the apps they use. The Duo Auth InsightConnect plugin enables users to create and send push notifications from within automation workflows. | ||
[Duo](https://duo.com/)'s Trusted Access platform verifies the identity of your users with two-factor authentication and security health of their devices before they connect to the apps they use. The Duo Auth InsightConnect plugin enables users to create and send push notifications from within automation workflows | ||
|
||
# Key Features | ||
|
||
|
@@ -13,119 +12,116 @@ security health of their devices before they connect to the apps they use. The D | |
* Requires a Duo secret key | ||
* Requires a Duo hostname | ||
|
||
# Documentation | ||
|
||
## Setup | ||
# Supported Product Versions | ||
|
||
|Name|Type|Default|Required|Description|Enum| | ||
|----|----|-------|--------|-----------|----| | ||
|hostname|string|None|True|Enter the Duo API hostname and secret key|None| | ||
|integration_key|credential_secret_key|None|True|API integration key|None| | ||
|secret_key|credential_secret_key|None|True|API secret key|None| | ||
|
||
## Technical Details | ||
* Duo Client 5.3.0 | ||
|
||
### Actions | ||
|
||
#### Auth | ||
# Documentation | ||
|
||
This action is used to perform second-factor authentication. | ||
## Setup | ||
|
||
##### Options | ||
The connection configuration accepts the following parameters: | ||
|
||
The "Options" field is used to specify additional parameters that may be necessary depending on the authentication factor selected. "Options" accepts the following parameters in JSON format `username`, `passcode`, `pushinfo`, `type`. | ||
|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| | ||
| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | | ||
|hostname|string|None|True|Enter the Duo API hostname and secret key|None|ExampleHostname|None|None| | ||
|integration_key|credential_secret_key|None|True|API integration key|None|{"secretKey": "9de5069c5afe602b2ea0a04b66beb2c0"}|None|None| | ||
|secret_key|credential_secret_key|None|True|API secret key|None|{"secretKey": "9de5069c5afe602b2ea0a04b66beb2c0"}|None|None| | ||
|
||
Example input: | ||
|
||
``` | ||
{ | ||
"type": "Transfer", | ||
"pushinfo": { | ||
"hello": "world", | ||
"host": "suspicious-host" | ||
} | ||
"hostname": "ExampleHostname", | ||
"integration_key": { | ||
"secretKey": "9de5069c5afe602b2ea0a04b66beb2c0" | ||
}, | ||
"secret_key": { | ||
"secretKey": "9de5069c5afe602b2ea0a04b66beb2c0" | ||
} | ||
} | ||
``` | ||
|
||
###### Push | ||
|
||
|Parameter|Required?|Description| | ||
|---------|---------|-----------| | ||
|device|Required|ID of the device. This device must have the "push" capability. You may also specify "auto" to use the first of the user's devices with the "push" capability.| | ||
|type|Optional|This string is displayed in the Duo Mobile app before the word "request". The default is "Login", so the phrase "Login request" appears in the push notification text and on the request details screen. You may want to specify "Transaction", "Transfer", etc.| | ||
|display_username|Optional|String to display in Duo Mobile in place of the user's Duo username.| | ||
|pushinfo|Optional|A set of URL-encoded key/value pairs with additional contextual information associated with this authentication attempt. The Duo Mobile app will display this information to the user. For example: from=login%20portal&domain=example.com. The URL-encoded string's total length must be less than 20,000 bytes.| | ||
|
||
###### Passcode | ||
|
||
|Parameter|Required?|Description| | ||
|---------|---------|-----------| | ||
|passcode|true|Passcode entered by the user.| | ||
## Technical Details | ||
|
||
###### Phone | ||
### Actions | ||
|
||
|Parameter|Required?|Description| | ||
|---------|---------|-----------| | ||
|device|true|ID of the device to call. This device must have the "phone" capability. You may also specify "auto" to use the first of the user's devices with the "phone" capability.| | ||
|
||
###### SMS | ||
#### Auth | ||
|
||
|Parameter|Required?|Description| | ||
|---------|---------|-----------| | ||
|device|true|ID of the device to send passcodes to. This device must have the "sms" capability. You may also specify "auto" to use the first of the user's devices with the "sms" capability.| | ||
This action is used to perform second-factor authentication | ||
|
||
##### Input | ||
|
||
|Name|Type|Default|Required|Description|Enum| | ||
|----|----|-------|--------|-----------|----| | ||
|username|string|None|False|Username is required if user_id is not provided|None| | ||
|user_id|string|None|False|User ID|None| | ||
|factor|string|auto|False|Factor to use for authentication|['auto', 'push', 'passcode', 'sms', 'phone']| | ||
|device|string|auto|False|Device ID to use for auth|None| | ||
|async|bool|None|False|Set to true for an async response|None| | ||
|ipaddr|string|None|False|The IP address of the user to be authenticated, in dotted quad format. This will cause an 'allow' response to be sent if appropriate for requests from a trusted network|None| | ||
|options|object|None|False|Additional options required by the API|None| | ||
|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| | ||
| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | | ||
|async|bool|None|False|Set to true for an async response|None|False|None|None| | ||
|device|string|auto|False|Device ID to use for auth|None|auto|None|None| | ||
|factor|string|auto|False|Factor to use for authentication|["auto", "push", "passcode", "sms", "phone"]|auto|None|None| | ||
|ipaddr|string|None|False|The IP address of the user to be authenticated, in dotted quad format. This will cause an 'allow' response to be sent if appropriate for requests from a trusted network|None|192.168.0.1|None|None| | ||
|options|object|None|False|Additional options required by the API. This field is used to specify additional parameters that may be necessary depending on the authentication factor selected. Accepts the following parameters in JSON format `username`, `passcode`, `pushinfo`, `type`|None|{"type":"Transfer","pushinfo":{"hello":"world","host":"suspicious-host"}}|None|None| | ||
|user_id|string|None|False|Permanent, unique identifier for the user as generated by Duo upon user creation. Exactly one of user_id or username must be specified|None|DUYHV6TJBC3O4RITS1WC|None|None| | ||
|username|string|None|False|Unique identifier for the user that is commonly specified by your application during user creation. This value may also represent a username alias assigned to a user. Exactly one of user_id or username must be specified|None|[email protected]|None|None| | ||
|
||
Example input: | ||
|
||
##### Output | ||
``` | ||
{ | ||
"async": false, | ||
"device": "auto", | ||
"factor": "auto", | ||
"ipaddr": "192.168.0.1", | ||
"options": { | ||
"pushinfo": { | ||
"hello": "world", | ||
"host": "suspicious-host" | ||
}, | ||
"type": "Transfer" | ||
}, | ||
"user_id": "DUYHV6TJBC3O4RITS1WC", | ||
"username": "[email protected]" | ||
} | ||
``` | ||
|
||
|Name|Type|Required|Description| | ||
|----|----|--------|-----------| | ||
|status|string|False|Status| | ||
|status_msg|string|False|Status message| | ||
|trusted_device_token|string|False|Trusted device token| | ||
|result|string|False|Either allow or deny| | ||
|txid|string|False|TX ID| | ||
##### Output | ||
|
||
|Name|Type|Required|Description|Example| | ||
| :--- | :--- | :--- | :--- | :--- | | ||
|result|string|False|Either "allow" or "deny". If "allow" was returned, your application should grant access to the user. If "deny", it should not|allow| | ||
|status|string|False|String detailing the progress or outcome of the authentication attempt|allow| | ||
|status_msg|string|False|The message describing the status of the authentication attempt. If the authentication attempt was denied, it may identify a reason|Success. Logging you in...| | ||
|trusted_device_token|string|False|A string containing a token for that trusted device|REkxS00Ld4ddEVTRZOUlYMEldJ05HwUldRRThJR1VTNE0=|35|835c28ca9b042e05e| | ||
|txid|string|False|A transaction ID|45f7c92b-f45f-4862-8545-e0f58e78075a| | ||
|
||
Example output: | ||
|
||
``` | ||
{ | ||
"log": "Connect: Connecting..\n", | ||
"status": "ok", | ||
"meta": {}, | ||
"output": { | ||
"result": "allow", | ||
"status": "allow", | ||
"status_msg": "Success. Logging you in..." | ||
} | ||
"result": "allow", | ||
"status": "allow", | ||
"status_msg": "Success. Logging you in...", | ||
"trusted_device_token": "REkxS00Ld4ddEVTRZOUlYMEldJ05HwUldRRThJR1VTNE0=|35|835c28ca9b042e05e", | ||
"txid": "45f7c92b-f45f-4862-8545-e0f58e78075a" | ||
} | ||
``` | ||
|
||
### Triggers | ||
|
||
*This plugin does not contain any triggers.* | ||
### Tasks | ||
|
||
*This plugin does not contain any tasks.* | ||
|
||
This plugin does not contain any triggers. | ||
|
||
### Custom Output Types | ||
|
||
_This plugin does not contain any custom output types._ | ||
### Custom Types | ||
|
||
*This plugin does not contain any custom output types.* | ||
|
||
## Troubleshooting | ||
|
||
This plugin does not contain any troubleshooting information. | ||
*This plugin does not contain a troubleshooting.* | ||
|
||
# Version History | ||
|
||
* 1.0.4 - Updated dependencies and SDK to the latest version | ||
* 1.0.3 - Upgraded `duo_client` in requirements.txt to version `4.0.0` | Upgraded `duo_client` in vendor folder to version `4.0.0` | Use input and output constants | Change docker image from `komand/python-3-plugin:2` to `komand/python-3-37-slim-plugin:3` to reduce plugin image size | ||
* 1.0.2 - New spec and help.md format for the Extension Library | ||
* 1.0.1 - Support `type` parameter as `push_type` in the `options` input of the Auth action | ||
|
@@ -135,7 +131,9 @@ This plugin does not contain any troubleshooting information. | |
|
||
# Links | ||
|
||
* [Duo](https://duo.com/) | ||
|
||
## References | ||
|
||
* [Duo](https://duo.com/) | ||
* [Duo Auth API V2](https://duo.com/docs/authapi) | ||
* [Duo Auth API V2](https://duo.com/docs/authapi) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,4 @@ | ||
# GENERATED BY KOMAND SDK - DO NOT EDIT | ||
# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT | ||
|
||
from .auth.action import Auth | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
# GENERATED BY KOMAND SDK - DO NOT EDIT | ||
# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT | ||
from .action import Auth |
Oops, something went wrong.