Merge branch 'develop' (early part)

vlaci · Apr 19, 2020 · edff8be · edff8be
2 parents 8d21eae + 5c04f35
commit edff8be
Show file tree

Hide file tree

Showing 8 changed files with 32 additions and 8 deletions.
diff --git a/Makefile b/Makefile
@@ -112,7 +112,7 @@ VERSION = $(shell .venv/bin/python -c 'import openconnect_sso; print(f"v{opencon
 .PHONY: changelog
 changelog:  ## Shows the project's changelog
 	trap "rm -f .reno_err" EXIT
-	{ reno report $(if $(ONLY_CURRENT),
+	{ reno report $(if $(ONLY_CURRENT),\
 		--earliest-version=$$(git describe --abbrev=0 --tags)
 	) 2> .reno_err || cat .reno_err
 	} | pandoc --from rst --to $(FORMAT) $(if $(OUTPUT_FILE),-o $(OUTPUT_FILE))

diff --git a/openconnect_sso/app.py b/openconnect_sso/app.py
@@ -83,7 +83,9 @@ async def _run(args):
             logger.error("No profile selected")
             return 18
     elif args.server:
-        selected_profile = config.HostProfile(args.server, args.usergroup)
+        selected_profile = config.HostProfile(
+            args.server, args.usergroup, args.authgroup
+        )
     else:
         raise ValueError(
             "Cannot determine server address. Invalid arguments specified."

diff --git a/openconnect_sso/authenticator.py b/openconnect_sso/authenticator.py
@@ -60,6 +60,7 @@ def _detect_authentication_target_url(self):
 
     def _start_authentication(self):
         request = _create_auth_init_request(self.host, self.host.vpn_url)
+        logger.debug("Sending auth init request", content=request)
         response = self.session.post(self.host.vpn_url, request)
         logger.debug("Auth init response received", content=response.content)
         return parse_response(response)
@@ -73,6 +74,7 @@ def _complete_authentication(self, auth_request_response, sso_token):
         request = _create_auth_finish_request(
             self.host, auth_request_response, sso_token
         )
+        logger.debug("Sending auth finish request", content=request)
         response = self.session.post(self.host.vpn_url, request)
         logger.debug("Auth finish response received", content=response.content)
         return parse_response(response)
@@ -144,7 +146,7 @@ def parse_auth_request_response(xml):
     try:
         resp = AuthRequestResponse(
             auth_id=xml.auth.get("id"),
-            auth_title=xml.auth.title,
+            auth_title=getattr(xml.auth, "title", ""),
             auth_message=xml.auth.message,
             auth_error=getattr(xml.auth, "error", ""),
             opaque=xml.opaque,

diff --git a/openconnect_sso/cli.py b/openconnect_sso/cli.py
@@ -40,14 +40,25 @@ def create_argparser():
         "https://vpn.server.com, https.vpn.server.com.usergroup",
     )
 
-    server_settings.add_argument(
+    auth_settings = parser.add_argument_group(
+        "Authentication",
+        "Used for the same purpose as in OpenConnect. Refer to OpenConnect's documentation for further information",
+    )
+
+    auth_settings.add_argument(
+        "--authgroup",
+        help="Set to the required authentication login selection",
+        default="",
+    )
+
+    auth_settings.add_argument(
         "-g",
         "--usergroup",
         help="Override usergroup setting from --server argument",
         default="",
     )
 
-    parser.add_argument(
+    auth_settings.add_argument(
         "--authenticate",
         help="Authenticate only, and output the information needed to make the connection. Output formatting choices: {%(choices)s}",
         choices=["shell", "json"],

diff --git a/openconnect_sso/config.py b/openconnect_sso/config.py
@@ -62,7 +62,7 @@ def as_dict(self):
 class HostProfile(ConfigNode):
     address = attr.ib(converter=str)
     user_group = attr.ib(converter=str)
-    name = attr.ib(converter=str, default="UNNAMED")
+    name = attr.ib(converter=str)  # authgroup
 
     @property
     def vpn_url(self):

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "openconnect-sso"
-version = "0.4.0"
+version = "0.5.0a1"
 description = "Wrapper script for OpenConnect supporting Azure AD (SAMLv2) authentication to Cisco SSL-VPNs"
 license = "GPL-3.0-only"
 authors = ["László Vaskó <[email protected]>"]

diff --git a/releasenotes/notes/authgroup-fe3578e6be5e4855.yaml b/releasenotes/notes/authgroup-fe3578e6be5e4855.yaml
@@ -0,0 +1,9 @@
+---
+features:
+  - |
+    Adding ``--authgroup`` argument from OpenConnect
+
+    Some VPN endpoints require users to post a valid authgroup (in OpenConnect
+    lingua) as part of the ``group-access`` xml node. Up until now it was only
+    possilbe to override the authgroup from the configuration or from an
+    AnyConnect XML profile.
diff --git a/tests/test_hostprofile.py b/tests/test_hostprofile.py
@@ -16,4 +16,4 @@
     ),
 )
 def test_vpn_url(server, group, expected_url):
-    assert HostProfile(server, group).vpn_url == expected_url
+    assert HostProfile(server, group, "name").vpn_url == expected_url