forked from duosecurity/duo_splunk
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaccount.py.5.diff
More file actions
56 lines (52 loc) · 2.05 KB
/
account.py.5.diff
File metadata and controls
56 lines (52 loc) · 2.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
--- account_old_6.py 2013-02-15 14:33:07.000000000 -0500
+++ account.py 2013-02-15 16:02:56.000000000 -0500
@@ -7,6 +7,15 @@
logger = logging.getLogger('splunk.appserver.controllers.account')
+### START DUO SECURITY MODIFICATIONS ####
+### See http://www.duosecurity.com/docs/splunk for more details ###
+import duo_web
+DUO_IKEY = 'YOUR_DUO_IKEY'
+DUO_SKEY = 'YOUR_DUO_SKEY'
+DUO_AKEY = 'YOUR_DUO_AKEY'
+DUO_HOST = 'YOUR_DUO_HOST'
+### END DUO SECURITY MODIFICATIONS ####
+
class AccountController(BaseController):
"""
Handle logging in and logging out
@@ -224,7 +233,7 @@
# Start with a clean and minty fresh session
cherrypy.session.regenerate()
- cherrypy.session['sessionKey'] = sessionKey
+ cherrypy.session['duo_stashed_sessionKey'] = sessionKey
# TODO: get rest of user info
cherrypy.session['user'] = {
'name': username,
@@ -232,6 +241,28 @@
'id': -1
}
+ sigreq = duo_web.sign_request(DUO_IKEY, DUO_SKEY, DUO_AKEY, username)
+ templateArgs['sig_request'] = sigreq
+ templateArgs['duo_host'] = DUO_HOST
+ return self.render_template('account/duoauth.html', templateArgs)
+
+ @expose_page(must_login=False, methods=['POST'], verify_session=False)
+ @lock_session
+ @set_cache_level('never')
+ def duologin(self, sig_response, return_to=None, **kwargs):
+ username = duo_web.verify_response(DUO_IKEY, DUO_SKEY, DUO_AKEY, sig_response)
+ if not username:
+ cherrypy.session.delete()
+ return self.redirect_to_url('/account/login')
+
+ # mark user as logged in
+ sessionKey = cherrypy.session['duo_stashed_sessionKey']
+ cherrypy.session['sessionKey'] = sessionKey
+ ### END DUO SECURITY MODIFICATIONS ####
+
+ ua = cherrypy.request.headers.get('user-agent', 'unknown')
+ ip = cherrypy.request.remote.ip
+
# Log user login
logger.info('user=%s action=login status=success session=%s ' \
'reason=user-initiated useragent="%s" clientip=%s'