From 13c3e146585801f3fd30af75d00b67ff34d58209 Mon Sep 17 00:00:00 2001
From: Edward Viaene <ward@in4it.io>
Date: Wed, 22 Feb 2023 10:18:56 -0600
Subject: [PATCH] update saml_assertation api to v2

---
 .gitignore                              |  1 +
 cmd/login.go                            |  8 ++---
 internal/onelogin/saml-assertion.go     | 42 +++++++++++--------------
 internal/onelogin/saml-verify-device.go | 15 +++------
 4 files changed, 28 insertions(+), 38 deletions(-)

diff --git a/.gitignore b/.gitignore
index 156a9fc..19b8023 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 .idea
 config.yaml
 /onelogin-auth-*
+.DS_Store
diff --git a/cmd/login.go b/cmd/login.go
index 3a494bb..0f4006b 100644
--- a/cmd/login.go
+++ b/cmd/login.go
@@ -76,9 +76,9 @@ var loginCmd = &cobra.Command{
 
 		//MFA Device verification
 		var deviceID *int
-		if assertionResponse.Status.Message == "MFA is required for this user" {
+		if assertionResponse.Message == onelogin.MFA_REQUIRED_STRING {
 			fmt.Println("MFA Required, select a device:")
-			deviceID, err = getDeviceID(assertionResponse.Data[0].Devices)
+			deviceID, err = getDeviceID(assertionResponse.Devices)
 			if err != nil {
 				log.Fatalln(err)
 			}
@@ -86,7 +86,7 @@ var loginCmd = &cobra.Command{
 			if err != nil {
 				log.Fatalln(err)
 			}
-			verificationResponse, err := onelogin.VerifyFactor(token, *deviceID, appID, assertionResponse.Data[0].StateToken, mfaCode)
+			verificationResponse, err := onelogin.VerifyFactor(token, *deviceID, appID, assertionResponse.StateToken, mfaCode)
 			if err != nil {
 				fmt.Println(err)
 				os.Exit(1)
@@ -166,7 +166,7 @@ func getDeviceID(devices []onelogin.Device) (*int, error) {
 	}
 	for _, v := range devices {
 		if v.DeviceType == selectedDeviceType {
-			return &v.DeviceId, nil
+			return &v.DeviceID, nil
 		}
 	}
 	return nil, fmt.Errorf("No device found")
diff --git a/internal/onelogin/saml-assertion.go b/internal/onelogin/saml-assertion.go
index 33510f6..4f86210 100644
--- a/internal/onelogin/saml-assertion.go
+++ b/internal/onelogin/saml-assertion.go
@@ -8,40 +8,34 @@ import (
 	"net/http"
 )
 
+const MFA_REQUIRED_STRING = "MFA is required for this user"
+
 type SAMLAssertionBody struct {
 	UsernameOrEmail string `json:"username_or_email"`
 	Password        string `json:"password"`
 	AppID           string `json:"app_id"`
 	SubDomain       string `json:"subdomain"`
 }
-
 type SAMLAssertionResponse struct {
-	Data []struct {
-		Devices     []Device `json:"devices"`
-		CallbackUrl string   `json:"callback_url"`
-		User        struct {
-			Username  string `json:"username"`
-			Email     string `json:"email"`
-			Lastname  string `json:"lastname"`
-			Id        int    `json:"id"`
-			Firstname string `json:"firstname"`
-		} `json:"user"`
-		StateToken string `json:"state_token"`
-	} `json:"data"`
-	Status struct {
-		Message string `json:"message"`
-		Error   bool   `json:"error"`
-		Type    string `json:"type"`
-		Code    int    `json:"code"`
-	} `json:"status"`
+	StateToken  string   `json:"state_token"`
+	Message     string   `json:"message"`
+	Devices     []Device `json:"devices"`
+	CallbackURL string   `json:"callback_url"`
+	User        User     `json:"user"`
 }
-
 type Device struct {
-	DeviceId   int    `json:"device_id"`
+	DeviceID   int    `json:"device_id"`
 	DeviceType string `json:"device_type"`
 }
+type User struct {
+	Lastname  string `json:"lastname"`
+	Username  string `json:"username"`
+	Email     string `json:"email"`
+	Firstname string `json:"firstname"`
+	ID        int    `json:"id"`
+}
 
-const SAMLAssertionURl = OneLoginAPIURL + "api/1/saml_assertion"
+const SAMLAssertionURl = OneLoginAPIURL + "api/2/saml_assertion"
 
 func SAMLAssertion(token, login, password, appID, oneloginDomain string) (*SAMLAssertionResponse, error) {
 
@@ -75,8 +69,8 @@ func SAMLAssertion(token, login, password, appID, oneloginDomain string) (*SAMLA
 	if err != nil {
 		return nil, err
 	}
-	if responseObject.Status.Code != 200 {
-		return nil, fmt.Errorf(responseObject.Status.Message)
+	if responseObject.Message != "Success" && responseObject.Message != MFA_REQUIRED_STRING {
+		return nil, fmt.Errorf(responseObject.Message)
 	}
 
 	return &responseObject, nil
diff --git a/internal/onelogin/saml-verify-device.go b/internal/onelogin/saml-verify-device.go
index 65fe7d6..ab6a4d1 100644
--- a/internal/onelogin/saml-verify-device.go
+++ b/internal/onelogin/saml-verify-device.go
@@ -17,16 +17,11 @@ type VerifyFactorBody struct {
 }
 
 type VerifyFactorResponse struct {
-	Data   string `json:"data"`
-	Status struct {
-		Message string `json:"message"`
-		Error   bool   `json:"error"`
-		Type    string `json:"type"`
-		Code    int    `json:"code"`
-	} `json:"status"`
+	Data    string `json:"data"`
+	Message string `json:"message"`
 }
 
-const VerifyFactorURL = OneLoginAPIURL + "api/1/saml_assertion/verify_factor"
+const VerifyFactorURL = OneLoginAPIURL + "api/2/saml_assertion/verify_factor"
 
 func VerifyFactor(token string, deviceID int, appID string, stateToken string, mfaCode string) (*VerifyFactorResponse, error) {
 	newBody := VerifyFactorBody{
@@ -59,8 +54,8 @@ func VerifyFactor(token string, deviceID int, appID string, stateToken string, m
 	if err != nil {
 		return nil, err
 	}
-	if responseObject.Status.Code != 200 {
-		return nil, fmt.Errorf(responseObject.Status.Message)
+	if responseObject.Message != "Success" {
+		return nil, fmt.Errorf(responseObject.Message)
 	}
 
 	return &responseObject, nil