Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1,067 changes: 955 additions & 112 deletions README.md

Large diffs are not rendered by default.

527 changes: 490 additions & 37 deletions examples/sdk_examples/action_report/action_report.py

Large diffs are not rendered by default.

521 changes: 488 additions & 33 deletions examples/sdk_examples/aging_report/aging_report.py

Large diffs are not rendered by default.

537 changes: 484 additions & 53 deletions examples/sdk_examples/audit_alert/list_alerts.py

Large diffs are not rendered by default.

536 changes: 484 additions & 52 deletions examples/sdk_examples/audit_alert/view_alert.py

Large diffs are not rendered by default.

538 changes: 485 additions & 53 deletions examples/sdk_examples/audit_report/audit_log.py

Large diffs are not rendered by default.

538 changes: 485 additions & 53 deletions examples/sdk_examples/audit_report/audit_summary.py

Large diffs are not rendered by default.

87 changes: 72 additions & 15 deletions examples/sdk_examples/auth/login.py
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,14 @@
pyperclip = None

logger = utils.get_logger()
logger.setLevel(logging.WARNING)
logger.setLevel(logging.INFO)
if not logger.handlers:
_handler = logging.StreamHandler()
_handler.setLevel(logging.INFO)
_handler.setFormatter(
logging.Formatter("%(asctime)s - %(levelname)s - %(name)s - %(message)s")
)
logger.addHandler(_handler)


class FidoCliInteraction(fido2.client.UserInteraction, IKeeperUserInteraction):
Expand Down Expand Up @@ -71,6 +78,11 @@ def __init__(self) -> None:
def endpoint(self) -> Optional[endpoint.KeeperEndpoint]:
return self._endpoint

@property
def logged_in_with_persistent(self) -> bool:
"""True if login succeeded by resuming an existing persistent session (no step loop)."""
return self._logged_in_with_persistent

def run(self) -> Optional[keeper_auth.KeeperAuth]:
"""
Run the login flow.
Expand All @@ -91,14 +103,14 @@ def run(self) -> Optional[keeper_auth.KeeperAuth]:
step = login_auth_context.login_step
if isinstance(step, login_auth.LoginStepDeviceApproval):
self._handle_device_approval(step)
elif isinstance(step, login_auth.LoginStepPassword):
self._handle_password(step)
elif isinstance(step, login_auth.LoginStepTwoFactor):
self._handle_two_factor(step)
elif isinstance(step, login_auth.LoginStepSsoDataKey):
self._handle_sso_data_key(step)
elif isinstance(step, login_auth.LoginStepPassword):
self._handle_password(step)
elif isinstance(step, login_auth.LoginStepSsoToken):
self._handle_sso_token(step)
elif isinstance(step, login_auth.LoginStepSsoDataKey):
self._handle_sso_data_key(step)
elif isinstance(step, login_auth.LoginStepError):
print(f"Login error: ({step.code}) {step.message}")
return None
Expand Down Expand Up @@ -133,16 +145,61 @@ def _ensure_server(self) -> str:
def _handle_device_approval(
self, step: login_auth.LoginStepDeviceApproval
) -> None:
step.send_push(login_auth.DeviceApprovalChannel.KeeperPush)
print(
"Device approval request sent. Login to existing vault/console or "
"ask admin to approve this device and then press return/enter to resume"
)
input()
"""Device approval: same options as keepercli verify_device (email, keeper push, 2FA, resume)."""
menu = [
("email_send", "to send email"),
("email_code=<code>", "to validate verification code sent via email"),
("keeper_push", "to send Keeper Push notification"),
("2fa_send", "to send 2FA code"),
("2fa_code=<code>", "to validate a code provided by 2FA application"),
("<Enter>", "to resume"),
]
lines = ["Approve by selecting a method below"]
lines.extend(f" {cmd} {desc}" for cmd, desc in menu)
print("\n".join(lines))

selection = input("Type your selection or <Enter> to resume: ").strip()
if selection is None:
return
if selection in ("email_send", "es"):
step.send_push(channel=login_auth.DeviceApprovalChannel.Email)
print("An email with instructions has been sent. Press <Enter> when approved.")
elif selection.startswith("email_code="):
code = selection[len("email_code=") :]
step.send_code(channel=login_auth.DeviceApprovalChannel.Email, code=code)
print("Successfully verified email code.")
elif selection in ("keeper_push", "kp"):
step.send_push(channel=login_auth.DeviceApprovalChannel.KeeperPush)
print(
"Successfully made a push notification to the approved device. "
"Press <Enter> when approved."
)
elif selection in ("2fa_send", "2fs"):
step.send_push(channel=login_auth.DeviceApprovalChannel.TwoFactor)
print("2FA code was sent.")
elif selection.startswith("2fa_code="):
code = selection[len("2fa_code=") :]
step.send_code(channel=login_auth.DeviceApprovalChannel.TwoFactor, code=code)
print("Successfully verified 2FA code.")
else:
step.resume()

def _handle_password(self, step: login_auth.LoginStepPassword) -> None:
password = getpass.getpass("Enter password: ")
step.verify_password(password)
"""Password step: prompt for password and retry on auth_failed (aligned with keepercli handle_verify_password)."""
print(f"\nEnter password for {step.username}")
while True:
password = getpass.getpass("Password: ")
if not password:
raise KeyboardInterrupt()
try:
step.verify_password(password)
break
except errors.KeeperApiError as kae:
print(
"Invalid email or password combination, please re-enter."
if kae.result_code == "auth_failed"
else kae.message
)

def _handle_two_factor(self, step: login_auth.LoginStepTwoFactor) -> None:
channels = [
Expand Down Expand Up @@ -430,7 +487,7 @@ def login():
"""
flow = LoginFlow()
keeper_auth_context = flow.run()
if keeper_auth_context:
if keeper_auth_context and not flow.logged_in_with_persistent:
enable_persistent_login(keeper_auth_context)
keeper_endpoint = flow.endpoint if keeper_auth_context else None
return keeper_auth_context, keeper_endpoint
Expand All @@ -439,7 +496,7 @@ def login():
def display_login_info(keeper_auth_context: keeper_auth.KeeperAuth, keeper_endpoint: endpoint.KeeperEndpoint):
"""
Display login success information.

Args:
keeper_auth_context: The authenticated Keeper context.
keeper_endpoint: The Keeper endpoint with server information.
Expand Down
Loading