add fixes from Versent#714

stepstone-tech · Oct 23, 2021 · c9ab126 · c9ab126
1 parent 0cd5e19
commit c9ab126
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/pkg/provider/okta/okta.go b/pkg/provider/okta/okta.go
@@ -559,10 +559,12 @@ func (oc *Client) follow(ctx context.Context, req *http.Request, loginDetails *c
 		logger.WithField("type", "saml-response").Debug("doc detect")
 		handler = oc.handleFormRedirect
 	} else {
-		req, err = http.NewRequest("GET", loginDetails.URL + oc.appID, nil)
+		req.URL, err = url.Parse(loginDetails.URL + oc.appID)
 		if err != nil {
 			return "", errors.Wrap(err, "error building app request")
 		}
+		req.Method = "GET"
+		req.Body = nil
 		res, err = oc.client.Do(req)
 		if err != nil {
 			return "", errors.Wrap(err, "error retrieving app response")
@@ -671,14 +673,22 @@ func getMfaChallengeContext(oc *Client, mfaOption int, resp string) (*mfaChallen
 	oktaVerify := gjson.Get(resp, fmt.Sprintf("_embedded.factors.%d._links.verify.href", mfaOption)).String()
 	mfaIdentifer := parseMfaIdentifer(resp, mfaOption)
 
+    if !strings.Contains(oktaVerify, "rememberDevice") {
+        separator := "?"
+        if strings.Contains(oktaVerify, "?") {
+            separator = "&"
+        }
+        oktaVerify = oktaVerify + separator + "rememberDevice=" + strconv.FormatBool(oc.rememberDevice)
+    }
+
 	logger.WithField("factorID", factorID).WithField("oktaVerify", oktaVerify).WithField("mfaIdentifer", mfaIdentifer).Debug("MFA")
 
 	if _, ok := supportedMfaOptions[mfaIdentifer]; !ok {
 		return nil, errors.New("unsupported mfa provider")
 	}
 
 	// get signature & callback
-	verifyReq := VerifyRequest{StateToken: stateToken, RememberDevice: strconv.FormatBool(oc.rememberDevice)}
+	verifyReq := VerifyRequest{StateToken: stateToken}
 	verifyBody := new(bytes.Buffer)
 
 	// Login flow is different for YubiKeys ( of course )