Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[SOAR-17031] - Set 401 status_code if Okta domain is invalid (#2571)
Browse files Browse the repository at this point in the history
ekelly-r7 authored and joneill-r7 committed Jun 5, 2024
1 parent 0bad06b commit 0ddb7a5
Showing 7 changed files with 24 additions and 15 deletions.
6 changes: 3 additions & 3 deletions plugins/okta/.CHECKSUM
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"spec": "156fe783b411f058a02cb0453a02df3c",
"manifest": "6785023b2ce83e39920c7ca08154fb5d",
"setup": "237b1f2d526ca1c374dd1601ed44e348",
"spec": "5f51dd8bff0793bea8783bf3adc76d1d",
"manifest": "0ce3d2a9c0342004f26185e862693b24",
"setup": "62958ca36bef95f5841f8f748ca7c020",
"schemas": [
{
"identifier": "add_user_to_group/schema.py",
2 changes: 1 addition & 1 deletion plugins/okta/bin/komand_okta
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@ from sys import argv

Name = "Okta"
Vendor = "rapid7"
Version = "4.2.7"
Version = "4.2.8"
Description = "[Okta](https://www.okta.com/) is a SSO and account lifecycle management provider that allows companies to integrate their central user account system with a wide variety of other applications and services"


1 change: 1 addition & 0 deletions plugins/okta/help.md
Original file line number Diff line number Diff line change
@@ -1598,6 +1598,7 @@ Actions may fail depending on the state of the resource you attempt to operate o

# Version History

* 4.2.8 - Connection: Set appropriate error code when domain is invalid
* 4.2.7 - Updated to include latest SDK v5.4.9 | Task `Monitor Logs` updated to increase max lookback cutoff to 7 days
* 4.2.6 - Connection: Update to ensure subdomain is entered correctly. Plugin will now raise an error if this value is not present
* 4.2.5 - Monitor Logs task: Update handing of custom_config parameter
10 changes: 3 additions & 7 deletions plugins/okta/komand_okta/connection/connection.py
Original file line number Diff line number Diff line change
@@ -19,13 +19,9 @@ def connect(self, params={}):

valid_url = validate_url(base_url)

if not valid_url:
raise PluginException(
cause="Invalid domain entered for input 'Okta Domain'.",
assistance="Please include a valid subdomain, e.g. 'example.okta.com', if using 'okta.com'.",
data=f"Provided Okta Domain: {okta_url}",
)
self.api_client = OktaAPI(params.get(Input.OKTAKEY, {}).get("secretKey"), base_url, logger=self.logger)
self.api_client = OktaAPI(
params.get(Input.OKTAKEY, {}).get("secretKey"), base_url, logger=self.logger, valid_url=valid_url
)

def test(self):
try:
15 changes: 13 additions & 2 deletions plugins/okta/komand_okta/util/api.py
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@
from urllib.parse import urlsplit
from insightconnect_plugin_runtime.exceptions import PluginException
from komand_okta.util.exceptions import ApiException
from komand_okta.util.helpers import clean
from komand_okta.util.helpers import clean, get_hostname
from komand_okta.util.endpoints import (
ADD_USER_TO_GROUP_ENDPOINT,
ASSIGN_USER_TO_APP_SSO_ENDPOINT,
@@ -60,11 +60,12 @@ def _wrapper(*args, **kwargs):


class OktaAPI:
def __init__(self, okta_key: str, okta_url: str, logger: Logger):
def __init__(self, okta_key: str, okta_url: str, logger: Logger, valid_url: bool):
self.logger = logger
self._okta_key = okta_key
self.base_url = okta_url
self.toggle_rate_limiting = True
self.valid_url = valid_url

def get_headers(self) -> dict:
return {
@@ -180,6 +181,16 @@ def get_users_in_group(self, group_id: str) -> requests.Response:
@rate_limiting(10)
def make_request(self, method: str, url: str, json_data: dict = None, params: dict = None) -> requests.Response:
try:
if not self.valid_url:
# explicitly set 401 status_code when domain is invalid so that tasks handle it correctly
# we want the integration to go in to an 'error' state, and not continually retry
raise ApiException(
cause="Invalid domain entered for input 'Okta Domain'.",
assistance="Please include a valid subdomain, e.g. 'example.okta.com', if using 'okta.com'.",
status_code=401,
data=f"Provided Okta Domain: {get_hostname(self.base_url.rstrip('/'))}",
)

response = requests.request(
method=method, url=f"{self.base_url}{url}", headers=self.get_headers(), json=json_data, params=params
)
3 changes: 2 additions & 1 deletion plugins/okta/plugin.spec.yaml
Original file line number Diff line number Diff line change
@@ -14,7 +14,7 @@ sdk:
user: nobody
description: "[Okta](https://www.okta.com/) is a SSO and account lifecycle management provider that allows companies
to integrate their central user account system with a wide variety of other applications and services"
version: 4.2.7
version: 4.2.8
connection_version: 4
resources:
source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/okta
@@ -30,6 +30,7 @@ hub_tags:
keywords: [sso, provisioning, deprovisioning, saml, cloud_enabled]
features: []
version_history:
- "4.2.8 - Connection: Set appropriate error code when domain is invalid"
- "4.2.7 - Updated to include latest SDK v5.4.9 | Task `Monitor Logs` updated to increase max lookback cutoff to 7 days"
- "4.2.6 - Connection: Update to ensure subdomain is entered correctly. Plugin will now raise an error if this value is not present"
- "4.2.5 - Monitor Logs task: Update handing of custom_config parameter"
2 changes: 1 addition & 1 deletion plugins/okta/setup.py
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@


setup(name="okta-rapid7-plugin",
version="4.2.7",
version="4.2.8",
description="[Okta](https://www.okta.com/) is a SSO and account lifecycle management provider that allows companies to integrate their central user account system with a wide variety of other applications and services",
author="rapid7",
author_email="",

0 comments on commit 0ddb7a5

Please sign in to comment.