Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2FA is not enforced when requesting API - Python client #4456

Open
1 task done
thiagomdiniz opened this issue Aug 14, 2024 · 0 comments
Open
1 task done

2FA is not enforced when requesting API - Python client #4456

thiagomdiniz opened this issue Aug 14, 2024 · 0 comments
Assignees
@ymarcon @kazoompa
Labels
bug

Comments

@thiagomdiniz
Copy link

thiagomdiniz commented Aug 14, 2024
edited
Loading

This issue is unique

  • I have used the search tool and did not find an issue describing my bug.

Version information

5.4.2

Expected behavior

When an Agate user with access to Mica makes a request to the Mica API (using Python client), and the 2FA configuration is enabled (Authenticator app or code sent by email), when using the --otp parameter it is expected to receive the 2FA code by email and then type it into the command line so that the API validates access.

Actual behavior

When executing the API call, the user only receives the email with the 2FA code if the --otp parameter is not passed. If the user pass the --otp parameter, the prompt requests the 2FA code without sending the email.
And when the email is sent, it is sent 3 times:

image

Agate logs:

2024-08-14T20:58:38.114Z  INFO 20 --- [p1899272141-183] o.o.a.web.rest.ticket.TicketsResource    : Successful login for user 'user' from application 'mica'
2024-08-14T20:58:38.187Z  INFO 20 --- [p1899272141-183] o.o.a.web.rest.ticket.TicketsResource    : Successful login for user 'user' from application 'mica'
2024-08-14T20:58:38.232Z  INFO 20 --- [p1899272141-183] o.o.a.web.rest.ticket.TicketsResource    : Successful login for user 'user' from application 'mica'

Mica logs:

2024-08-14 20:59:16.827  WARN 19 --- [        task-45] o.o.m.s.realm.MicaAuthorizingRealm       : Invalidating authorization cache
2024-08-14 20:59:16.841  INFO 19 --- [tp902186677-129] o.o.mica.core.service.AgateRestService   : Connecting to Agate: http://agate:8081
2024-08-14 20:59:16.901  WARN 19 --- [        task-46] o.o.m.s.realm.MicaAuthorizingRealm       : Invalidating authorization cache
2024-08-14 20:59:16.950  WARN 19 --- [        task-39] o.o.m.s.realm.MicaAuthorizingRealm       : Invalidating authorization cache

And when using the --otp parameter, any code entered is accepted and the request is processed.
For example, I randomly typed 23 and the request was processed:

$ mica rest --mica http://mica:8082 -u user -p password -a application/json --json --otp /data-access-requests
Enter 6-digits code: 23
[
  {
    "actions": [
      "VIEW",
      "EDIT",
      "DELETE",
      "EDIT_STATUS"
    ],
    "applicant": "user",
    "archived": false,
...

Thanks in advance!

Reproduction steps

As described in the Actual behavior...

$ mica rest --mica http://mica:8082 -u user -p password -a application/json --json /data-access-requests

$ mica rest --mica http://mica:8082 -u user -p password -a application/json --json --otp /data-access-requests

Operating System (OS)

Linux

Browser

Google Chrome

Contact info
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ymarcon ymarcon

@kazoompa kazoompa

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ymarcon @kazoompa @meek0 @thiagomdiniz