search

passbolt / lab-passbolt-py

Python library for Passbolt API
https://passbolt.com
MIT No Attribution
8 stars 7 forks source link

Multi factor authentication is not supported #4

Open gjherbiet opened 1 year ago

gjherbiet commented 1 year ago

Using Passbolt 4.3.0, I have the following error when Multi factor authentication is turned on ("TOTP authenticator : Enabled"):

Traceback (most recent call last):
  File "/Users/gjherbiet/Development/Restena/ansible-passbolt/example.py", line 8, in <module>
    p = PassboltAPI(dict_config=dict_config)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/ansible/8.4.0/libexec/lib/python3.11/site-packages/passbolt/__init__.py", line 47, in __init__
    self.login()
  File "/opt/homebrew/Cellar/ansible/8.4.0/libexec/lib/python3.11/site-packages/passbolt/__init__.py", line 160, in login
    self.get_cookie()
  File "/opt/homebrew/Cellar/ansible/8.4.0/libexec/lib/python3.11/site-packages/passbolt/__init__.py", line 142, in get_cookie
    user_id = json.loads(response.text)
              ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/python@3.11/3.11.5/Frameworks/Python.framework/Versions/3.11/lib/python3.11/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/python@3.11/3.11.5/Frameworks/Python.framework/Versions/3.11/lib/python3.11/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/python@3.11/3.11.5/Frameworks/Python.framework/Versions/3.11/lib/python3.11/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

Further analysis revealed that in login, self.stage2(str(self.nonce)) returns True at line 177 but further in call to get_cookie() :

Probably because the actual user is not found/properly authenticated due to 2FA being enabled.

Turning Multi factor authentication off on the web UI solves the issue.

AnatomicJC commented 1 year ago

Hi @gjherbiet

Yes, TOTP is currently not implemented as you noticed :cry:

I have no ETA for now about this implementation. Patches are welcome :slightly_smiling_face: