Squashed 'keyconjurer-v2/' changes from 7c2fb08..f186716

f186716 UX improvements (RiotGames#103) d2672b3 Fix moving content on large screens ec2d4bf Add sentinel error if we cant find a SAML response git-subtree-dir: keyconjurer-v2 git-subtree-split: f186716
punmechanic · Jan 11, 2024 · f7860e9 · f7860e9
1 parent 28fdcb0
commit f7860e9
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 16 deletions.
diff --git a/cli/config.go b/cli/config.go
@@ -197,10 +197,11 @@ func (a accountSet) WriteTable(w io.Writer, withHeaders bool) {
 
 // Config stores all information related to the user
 type Config struct {
-	Accounts      *accountSet `json:"accounts"`
-	TTL           uint        `json:"ttl"`
-	TimeRemaining uint        `json:"time_remaining"`
-	Tokens        *TokenSet   `json:"tokens"`
+	Accounts        *accountSet `json:"accounts"`
+	TTL             uint        `json:"ttl"`
+	TimeRemaining   uint        `json:"time_remaining"`
+	Tokens          *TokenSet   `json:"tokens"`
+	LastUsedAccount *string     `json:"last_used_account"`
 }
 
 func (c Config) GetOAuthToken() (*TokenSet, bool) {

diff --git a/cli/consts.go b/cli/consts.go
@@ -12,7 +12,7 @@ var (
 
 const (
 	// DefaultTTL for requested credentials in hours
-	DefaultTTL uint = 1
+	DefaultTTL uint = 8
 	// DefaultTimeRemaining for new key requests in minutes
 	DefaultTimeRemaining  uint   = 5
 	LinuxAmd64BinaryName  string = "keyconjurer-linux-amd64"

diff --git a/cli/get.go b/cli/get.go
@@ -67,7 +67,6 @@ var getCmd = &cobra.Command{
 	Long: `Retrieves temporary cloud API credentials for the specified account.  It sends a push request to the first Duo device it finds associated with your account.
 
 A role must be specified when using this command through the --role flag. You may list the roles you can assume through the roles command.`,
-	Args: cobra.ExactArgs(1),
 	RunE: func(cmd *cobra.Command, args []string) error {
 		config := ConfigFromCommand(cmd)
 		ctx := cmd.Context()
@@ -101,10 +100,20 @@ A role must be specified when using this command through the --role flag. You ma
 			ttl = 8
 		}
 
+		var accountID string
+		if len(args) > 0 {
+			accountID = args[0]
+		} else if config.LastUsedAccount != nil {
+			// No account specified. Can we use the most recent one?
+			accountID = *config.LastUsedAccount
+		} else {
+			return cmd.Usage()
+		}
+
 		bypassCache, _ := cmd.Flags().GetBool(FlagBypassCache)
-		account, ok := resolveApplicationInfo(config, bypassCache, args[0])
+		account, ok := resolveApplicationInfo(config, bypassCache, accountID)
 		if !ok {
-			cmd.PrintErrf("%q is not a known account name in your account cache. Your cache can be refreshed by entering executing `keyconjurer accounts`. If the value provided is an Okta application ID, you may provide %s as an option to this command and try again.", args[0], FlagBypassCache)
+			cmd.PrintErrf("%q is not a known account name in your account cache. Your cache can be refreshed by entering executing `keyconjurer accounts`. If the value provided is an Okta application ID, you may provide %s as an option to this command and try again.", accountID, FlagBypassCache)
 			return nil
 		}
 
@@ -128,7 +137,7 @@ A role must be specified when using this command through the --role flag. You ma
 		}
 
 		if credentials.ValidUntil(account, time.Duration(timeRemaining)*time.Minute) {
-			return echoCredentials(args[0], args[0], credentials, outputType, shellType, awsCliPath, tencentCliPath)
+			return echoCredentials(accountID, accountID, credentials, outputType, shellType, awsCliPath, tencentCliPath)
 		}
 
 		oauthCfg, err := DiscoverOAuth2Config(cmd.Context(), oidcDomain, clientID)
@@ -158,7 +167,7 @@ A role must be specified when using this command through the --role flag. You ma
 
 		pair, ok := FindRoleInSAML(roleName, samlResponse)
 		if !ok {
-			cmd.PrintErrf("you do not have access to the role %s on application %s\n", roleName, args[0])
+			cmd.PrintErrf("you do not have access to the role %s on application %s\n", roleName, accountID)
 			return nil
 		}
 
@@ -197,8 +206,9 @@ A role must be specified when using this command through the --role flag. You ma
 		if account != nil {
 			account.MostRecentRole = roleName
 		}
+		config.LastUsedAccount = &accountID
 
-		return echoCredentials(args[0], args[0], credentials, outputType, shellType, awsCliPath, tencentCliPath)
+		return echoCredentials(accountID, accountID, credentials, outputType, shellType, awsCliPath, tencentCliPath)
 	}}
 
 func echoCredentials(id, name string, credentials CloudCredentials, outputType, shellType, awsCliPath, tencentCliPath string) error {

diff --git a/cli/oauth2.go b/cli/oauth2.go
@@ -19,6 +19,8 @@ import (
 	"golang.org/x/oauth2"
 )
 
+var ErrNoSAMLAssertion = errors.New("no saml assertion")
+
 // stateBufSize is the size of the buffer used to generate the state parameter.
 // 43 is a magic number - It generates states that are not too short or long for Okta's validation.
 const stateBufSize = 43
@@ -231,12 +233,12 @@ func ExchangeWebSSOTokenForSAMLAssertion(ctx context.Context, client *http.Clien
 	doc, _ := html.Parse(resp.Body)
 	form, ok := FindFirstForm(doc)
 	if !ok {
-		return nil, errors.New("could not find form")
+		return nil, ErrNoSAMLAssertion
 	}
 
 	saml, ok := form.Inputs["SAMLResponse"]
 	if !ok {
-		return nil, errors.New("no SAML assertion")
+		return nil, ErrNoSAMLAssertion
 	}
 
 	return []byte(saml), nil

diff --git a/frontend/src/App.module.css b/frontend/src/App.module.css
@@ -5,9 +5,7 @@
 
 .Content {
     display: grid;
-    grid-template-columns: 2 2fr;
-    grid-template-rows: 2;
-
+    grid-template-columns: auto 100%;
     padding: 10px;
 }