Merge pull request #1 from godaddy/cache-changes

Change Okta Session Cache Location

Pipfile

@@ -11,6 +11,7 @@ pytest-cov = "*"
 readme-renderer = "*"
 docutils = "*"
 "flake8" = "*"
+responses = "*"
 
 [packages]
 aws-okta-processor = {path = "."}

README.rst

@@ -141,10 +141,10 @@ understand how this caching works to avoid confusion when attempting to switch b
 Okta
 ^^^^
 
-When aws-okta-processor attempts authentication it will check the system's temporary directory 
+When aws-okta-processor attempts authentication it will check ``~/.aws-okta-processor/cache/``
 for a file named ``<user>-<organization>-session.json`` based on the ``user`` and ``organization`` 
 option values passed. If the file is not found or the session contents are stale then 
-aws-okta-processor will create a new session and write it to the system's temporary directory. 
+aws-okta-processor will create a new session and write it to ``~/.aws-okta-processor/cache/``.
 If the file exists and the session is not stale then the existing session gets refreshed.
 
 ^^^

setup.py

@@ -38,7 +38,8 @@
 TEST_REQUIREMENTS = [
     'pytest-cov',
     'pytest-mock',
-    'pytest>=2.8.0'
+    'pytest>=2.8.0',
+    'responses'
 ]
 
 

src/aws_okta_processor/__init__.py

@@ -1 +1 @@
-__version__ = '1.0.0'
+__version__ = '1.1.0'

src/aws_okta_processor/core/okta.py

@@ -4,7 +4,6 @@
 import json
 import requests
 import dateutil
-import tempfile
 import getpass
 import aws_okta_processor.core.prompt as prompt
 
@@ -52,7 +51,7 @@ def __init__(
         self.factor = factor
         self.session = requests.Session()
         self.organization = organization
-        self.temp_file_path = self.get_temp_file_path()
+        self.cache_file_path = self.get_cache_file_path()
         self.okta_session_id = None
 
         okta_session = self.get_okta_session()
@@ -73,29 +72,37 @@ def __init__(
 
             self.get_okta_session_id()
 
-    def get_temp_file_path(self):
-        temp_directory = tempfile.gettempdir()
+    def get_cache_file_path(self):
+        home_directory = os.path.expanduser('~')
+        cache_directory = os.path.join(
+            home_directory,
+            '.aws-okta-processor',
+            'cache'
+        )
+
+        if not os.path.isdir(cache_directory):
+            os.makedirs(cache_directory)
 
-        temp_file_name = "{}-{}-session.json".format(
+        cache_file_name = "{}-{}-session.json".format(
             self.user_name,
             self.organization
         )
 
-        temp_file_path = os.path.join(temp_directory, temp_file_name)
+        cache_file_path = os.path.join(cache_directory, cache_file_name)
 
-        return temp_file_path
+        return cache_file_path
 
     def set_okta_session(self, okta_session=None):
-        with open(self.temp_file_path, "w") as file:
+        with open(self.cache_file_path, "w") as file:
             json.dump(okta_session, file)
 
-        os.chmod(self.temp_file_path, 0o600)
+        os.chmod(self.cache_file_path, 0o600)
 
     def get_okta_session(self):
         session = {}
 
-        if os.path.isfile(self.temp_file_path):
-            with open(self.temp_file_path) as file:
+        if os.path.isfile(self.cache_file_path):
+            with open(self.cache_file_path) as file:
                 session = json.load(file)
 
         return session
@@ -177,7 +184,7 @@ def verify_factor(self, factor=None, state_token=None):
         if "sessionToken" in response_json:
             return response_json["sessionToken"]
 
-        if factor.factor == "push":
+        if "factorResult" in response_json and factor.factor == "push":
             if response_json["factorResult"] == "WAITING":
                 factor.link = response_json["_links"]["next"]["href"]
                 time.sleep(1)

tests/APPLICATIONS_RESPONSE

@@ -0,0 +1,38 @@
+[
+  {
+    "id": "00ub0oNGTSWTBKOLGLNR",
+    "label": "AWS",
+    "linkUrl": "https://organization.okta.com/home/amazon_aws/0oa3omz2i9XRNSRIHBZO/270",
+    "logoUrl": "https://organization.okta.com/img/logos/amazon-aws.png",
+    "appName": "amazon_aws",
+    "appInstanceId": "0oa3omz2i9XRNSRIHBZO",
+    "appAssignmentId": "0ua3omz7weMMMQJERBKY",
+    "credentialsSetup": false,
+    "hidden": false,
+    "sortOrder": 0
+  },
+  {
+    "id": "00ub0oNGTSWTBKOLGLNR",
+    "label": "AWS GOV",
+    "linkUrl": "https://organization.okta.com/home/amazon_aws/0oa3omz2i9XRNSRIHBZO/272",
+    "logoUrl": "https://organization.okta.com/img/logos/amazon-aws.png",
+    "appName": "amazon_aws",
+    "appInstanceId": "0oa3omz2i9XRNSRIHBZO",
+    "appAssignmentId": "0ua3omz7weMMMQJERBKY",
+    "credentialsSetup": false,
+    "hidden": false,
+    "sortOrder": 0
+  },
+  {
+    "id": "00ub0oNGTSWTBKOLGLNR",
+    "label": "Google Apps Calendar",
+    "linkUrl": "https://organization.okta.com/home/google/0oa3omz2i9XRNSRIHBZO/54",
+    "logoUrl": "https://organization.okta.com/img/logos/google-calendar.png",
+    "appName": "google",
+    "appInstanceId": "0oa3omz2i9XRNSRIHBZO",
+    "appAssignmentId": "0ua3omz7weMMMQJERBKY",
+    "credentialsSetup": false,
+    "hidden": false,
+    "sortOrder": 1
+  }
+]

tests/AUTH_MFA_RESPONSE

@@ -0,0 +1 @@
+{"status":"MFA_REQUIRED", "stateToken": "state_token", "_embedded": {"factors": [{"factorType": "push", "_links": {"verify": {"href": "https://organization.okta.com/api/v1/authn/factors/id/verify"}}}]}}

tests/AUTH_TOKEN_RESPONSE

@@ -0,0 +1 @@
+{"expiresAt":"2019-04-09T20:17:42.000Z","status":"SUCCESS","sessionToken":"single_use_token","_embedded":{"user":{"id":"foo","profile":{"login":"[email protected]","firstName":"foo","lastName":"bar","locale":"en","timeZone":"America/Los_Angeles"}}}}

tests/MFA_WAITING_RESPONSE

@@ -0,0 +1 @@
+{"stateToken": "state_token", "factorResult": "WAITING", "_links": {"next": {"href": "https://organization.okta.com/api/v1/authn/factors/id/lifecycle/activate/poll"}}}

tests/SESSION_RESPONSE

@@ -0,0 +1 @@
+{"id": "session_token", "userId": "bar", "login": "[email protected]", "createdAt": "2019-04-08T18:37:43.000Z", "expiresAt": "2019-04-09T06:37:43.000Z", "status": "ACTIVE", "lastPasswordVerification": "2019-04-08T18:37:43.000Z", "lastFactorVerification": null, "amr": ["pwd"], "idp": {"id": "foo", "type": "bar"}, "mfaActive": false, "_links": {"self": {"href": "https://organization.okta.com/api/v1/sessions/me", "hints": {"allow": ["GET", "DELETE"]}}, "refresh": {"href": "https://organization.okta.com/api/v1/sessions/me/lifecycle/refresh", "hints": {"allow": ["POST"]}}, "user": {"name": "Foo", "href": "https://organization.okta.com/api/v1/users/me", "hints": {"allow": ["GET"]}}}}