🎨 Clearer app sign on rule failure messages #180
🎨 Address @randomsamples' code review
- Invert condition and blocks to put failure case last - Add comments about heuristics for re-auth and app-level MFA
- Loading branch information
commit 640053aafdac5dbe983feb036621eeba1e638d3c
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -68,20 +68,24 @@ private String getSamlResponseForAwsFromDocument(Document document) { | |
| } else { | ||
| Elements errorContent = document.getElementsByClass("error-content"); | ||
| Elements errorHeadline = errorContent.select("h1"); | ||
| if (errorHeadline.hasText()) { | ||
| throw new RuntimeException(errorHeadline.text()); | ||
| } else { | ||
| throw new RuntimeException("You do not have access to AWS through Okta. \nPlease contact your administrator."); | ||
| } | ||
| } | ||
| } | ||
| return samlResponseInputElement.attr("value"); | ||
| } | ||
|
|
||
| // Heuristic based on undocumented behavior observed experimentally | ||
| // This condition may be missed Okta significantly changes the app-level re-auth page | ||
|
There was a problem hiding this comment. I’ll fix that and merge. Thank you for code reviews. |
||
| private boolean isPasswordAuthenticationChallenge(Document document) { | ||
|
There was a problem hiding this comment. It might be helpful if we could point to the API docs where these strings are defined? |
||
| return document.getElementById("password-verification-challenge") != null; | ||
| } | ||
|
There was a problem hiding this comment. @randomsamples hopefully the comments on these methods make up for the lack of documentation. The risk is mostly that the tool will incorrectly say that the user doesn't have app access if Okta changes these pages (the current behavior prior to this change). Is that an acceptable compromise? |
||
|
|
||
| // Heuristic based on undocumented behavior observed experimentally | ||
| // This condition may be missed if Okta significantly changes the app-level MFA page | ||
| private boolean isPromptForFactorChallenge(Document document) { | ||
| return document.getElementById("okta-sign-in") != null; | ||
| } | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@randomsamples this is much cleaner with your suggestions. Thank you 🎉