Skip to content

Added check for MFA #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Added check for MFA #27

wants to merge 1 commit into from

Conversation

SunnyCrockett
Copy link

If the S-User has MFA activated, it is not possible to use it for download. I added a check in _request to check if "WEB Two-Factor Authentication" is in the content of the web request.

TASK [Execute Ansible Module to download SAP software] ***********************************************************************************************************
FAILED - RETRYING: [10.230.248.85]: Execute Ansible Module to download SAP software (1 retries left).
failed: [10.230.248.85] (item=SAPCAR_1200-70007716.EXE : An exception has occurred - The SAP ID is enabled for two-factor authentication (MFA). Please disable MFA under https://accounts.sap.com/ for the user and try again.) => {"ansible_loop_var": "item", "attempts": 1, "changed": false, "item": "SAPCAR_1200-70007716.EXE", "msg": "An exception has occurred - The SAP ID is enabled for two-factor authentication (MFA). Please disable MFA under https://accounts.sap.com/ for the user and try again."}

sean-freeman
sean-freeman approved these changes Mar 26, 2025
View reviewed changes
Copy link
Member

@sean-freeman sean-freeman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@marcelmamula
Copy link
Contributor

@SunnyCrockett Please provided full output of your res.content (remove any credentials of course) so we can ascertain that this fix does catch real MFA issue, not some "It would be great if you enabled MFA" recommendations.

String WEB Two-Factor Authentication is kind of ambiguous and can me anything.

marcelmamula
marcelmamula requested changes Mar 27, 2025
View reviewed changes
Copy link
Contributor

@marcelmamula marcelmamula left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sean-freeman @SunnyCrockett
This change does not work because str(res.content) is invalid. Please check your json response and improve its handling.
I do not have MFA enabled on my S-User, but it fails with error below.
msg: 'An exception has occurred - Expecting value: line 1 column 1 (char 0)'

My C-User with MFA does not get this error, because it gets stuck on real RSA MFA during SSO attempt (not this request check).

Tested with file 19118000000000008988 that was able to reproduce this error consistently. Other smaller files were not having consistent results.

@SunnyCrockett
Copy link
Author

Hi @marcelmamula
sorry to hear that my change isnt working for you. My tests were good.
I have attached a file and picture of the html of res.content:

image

[mfa.html.txt](https://github.com/user-attachments/files/19501062/mfa.html.txt)

@marcelmamula
Copy link
Contributor

@SunnyCrockett @sean-freeman I am not able to see attached file that you wanted to show.

I have done more tests and I was able to isolate few files that are behaving 100% same in each scenario so they can be used for testing:

        - '19118000000000008988'  # Does not work with MFA
        - 'S4CORE108_INST_EXPORT_23.zip'  # Does not work with MFA
        - 'SAPHOSTAGENT62_62-80004822.SAR'  # Works with MFA
        - 'IMDB_CLIENT20_024_21-80002082.SAR'  # Works with MFA

Test results:
main branch (same as dev when you created PR, just missing hashbang PR): CD Media 100% faiil, while 2 SAR files are always working.
dev branch with my recent PRs for download module + your MFA change: same as main, no difference
role fork for #32 + your MFA change: same results as above.
Removing MFA change from all these branches will result in successful download of all 4 files.

Download will never finish if this is added. It goes into 60 second timeout resulting in

 failed: [localhost] (item=19118000000000008988 : MODULE FAILURE: No start of json char found
See stdout/stderr for the exact error) =>
    ansible_loop_var: item
    changed: false
    item: '19118000000000008988'
    module_stderr: ''
    module_stdout: ''
    msg: |-
        MODULE FAILURE: No start of json char found
        See stdout/stderr for the exact error
    rc: 137
failed: [localhost] (item=S4CORE108_INST_EXPORT_23.zip : MODULE FAILURE: No start of json char found
See stdout/stderr for the exact error) =>
    ansible_loop_var: item
    changed: false
    item: S4CORE108_INST_EXPORT_23.zip
    module_stderr: ''
    module_stdout: ''
    msg: |-
        MODULE FAILURE: No start of json char found
        See stdout/stderr for the exact error
    rc: 137

NOTE: Condition above MFA IF section is also not working. If you remove RC check, then it also has syntax error!
You might need to look into request itself and what format is received as handling is incorrect.
This is result of if (res.json()['errorMessage'].startswith('Account Temporarily Locked Out')):

failed: [localhost] (item=19118000000000008988 : An exception has occurred - Expecting value: line 1 column 1 (char 0)) =>
    alternative: false
    ansible_loop_var: item
    changed: false
    filename: '19118000000000008988'
    item: '19118000000000008988'
    msg: 'An exception has occurred - Expecting value: line 1 column 1 (char 0)'

@SunnyCrockett
Copy link
Author

SunnyCrockett commented Mar 31, 2025
edited by sean-freeman
Loading

@marcelmamula

I have tested to download file SAPHOSTAGENT62_62-80004822.SAR with MFA activated, without luck. Please feel free to decline/delete my pull request, as it seems like the "solution" is only working for me.

This is the content:
Edit: formatted and remove junk, so we can see the important info

<!DOCTYPE html>
<html dir=\'ltr\' lang=\'en\'>
<head>
    <meta charset=\'utf-8\'>
    <base href=\'https://accounts.sap.com\' target=\'_self\'>
    <meta content=\'IE=edge\' http-equiv=\'X-UA-Compatible\'>
    <meta content=\'width=device-width, initial-scale=1.0\' name=\'viewport\'>
    <meta content=\'universalui\' name=\'uitype\'>
    <meta content=\'noindex, nofollow\' name=\'robots\'>
    <meta content=\'noindex, nofollow\' name=\'AdsBot-Google\'>
    <title>SAP ONE Support Launchpad: Two-Factor Authentication</title>
    <div style=\'width: 0; height: 0; overflow: hidden; position: absolute;\'></div>
    <meta name="csrf-param" content="authenticity_token" />
    <meta name="csrf-token" content="AAAAAAAAAAAA/BBBBBBBBBBBBB/CCCCCCCC+Q==" />
    <!-- third party cookies check --><!-- same origin protection check -->
</head>
<body style=\'justify-content: center\'>
    <div data-brandingType=\'theme_fiori\' data-page=\'ids-two_factor_choice/logon\' id=\'body\' style=\'display:none\'>
        <main class=\'ids-main\'>
            <div class=\'ids-main__content\'>
                <div class=\'iam-container__header\'>
                    <div class=\'iam-login-columned\'>
                        <div class=\'iam-login-columned__begin\'>
                            <div class=\'ids-login-tenant__logo\'><img alt=" logo" style="height:26px; width:auto" src="https://accounts.sap.com/ui/public/cached/tenant/v/2/tenant_logo" /></div>
                        </div>
                        <div class=\'iam-login-columned__end\'></div>
                    </div>
                    <div class=\'iam-container__title\'>
                        <h1 class=\'ids-heading-1 ids-heading-1--login\' id=\'ids-heading-1\'>Choose Two-Factor Authentication Method</h1>
                    </div>
                    <div class=\'iam-container__subtitle\'>
                        <h2>Account: my@mailaddress.de</h2>
                    </div>
                </div>
                <div class=\'iam-container__body\'>
                    <div aria-labelledby=\'ids-heading-1\' class=\'ids-container\' role=\'dialog\'>
                        <form action=\'/saml2/idp/acs\' autocomplete=\'off\' class=\'ids-form ids-form--horizontal\' id=\'secondFactorForm\' method=\'post\' role=\'form\'>
                            <div class=\'js-global-flashes-area\' id=\'globalMessages\'></div>
                            <p id=\'test-tfa-message\'>Please choose one of the enabled two-factor authentication methods or press the button to enable a new method.</p>
                            <div class=\'ids-input-area fd-has-display-none\'>
                                <fieldset class=\'ids-fieldset fn-fieldset\'>
                                    <div class=\'fd-form-item ids-input-group ids-input-group--text\' id=\'j_username-group\'>
                                        <div class=\'ids-label-container\'> <span class=\'ids-label-wrap\'>
                                            <label class=\'fn-label ids-label\' for=\'j_username\' id=\'j_username-label\'> E-Mail, ID, or Login Name </label>
                                            </span>
                                        </div>
                                        <div class=\'ids-control-container fd-form-input-message-group fd-popover
                                            fd-popover--input-message-group\'>
                                            <div class=\'fd-popover__control\'>
                                                <div class=\'fd-input-group\'>
                                                    <div class=\'fn-input\'> <input class=\'fn-input__text-field
                                                            ids-input ids-input--text ids-input--clear
                                                            js-has-input-clear\' id=\'j_username\' name=\'j_username\'
                                                            readonly=\'readonly\' type=\'text\'
                                                            value=\'my@mailaddress.de\'>
                                                        <div class=\'fn-input__border\'></div>
                                                    </div>
                                                </div>
                                            </div> <a class=\'ids-input-clear js-input-clear\' href=\'#\'
                                                tabindex=\'-1\'></a>
                                        </div>
                                    </div>
                                </fieldset>
                            </div>
                            <div class=\'ids-input-area\'>
                                <fieldset class=\'ids-fieldset fn-fieldset\'>
                                    <input
                                        type="hidden"
                                        id="hidden-xsrfProtection-field" name="xsrfProtection"
                                        value="AAAAAAAAAAAA"><input
                                        type="hidden" name="method" value="POST"><input type="hidden"
                                        name="idpSSOEndpoint" value="https://accounts.sap.com/saml2/idp/acs"><input
                                        type="hidden" name="RelayState" value="__HOST-arc1a07cd"><input id=\'spId\'
                                        name=\'spId\' type=\'hidden\' value=\'XXXX5985e4b07dc3abdfXXXX\'><input
                                        id=\'spName\' name=\'spName\' type=\'hidden\'
                                        value=\'https://hana.ondemand.com/supportportal\'><input id=\'tfaToken\'
                                        name=\'tfaToken\' type=\'hidden\'
                                        value=\'AAAAAAAAAAAA\'><input
                                        id=\'tfaChoice\' name=\'tfaChoice\' type=\'hidden\' value=\'\'></input><input
                                        id=\'activateNewTfaDevice\' name=\'activateNewTfaDevice\' type=\'hidden\'
                                        value=\'\'><input id=\'firstTfaMethodChoiceSuccess\'
                                        name=\'firstTfaMethodChoiceSuccess\' type=\'hidden\' value=\'\'
                                    >
                                    <section class=\'ids-section ids-section--profile js-tfa-choice-methods\'>
                                        <form class="ids-form ids-form--horizontal" role="form" id="chooseTwoFactorMethodForm" action="chooseTwoFactorMethod"
                                            accept-charset="UTF-8" data-remote="true" method="post">
                                            <input name="utf8" type="hidden" value="&#x2713;" autocomplete="off" />
                                            <div class=\'js-section-flashes-area\'></div>
                                            <ul class=\'ids-list ids-list-borders iam-verification-list\'>
                                                <li class=\'ids-list__item fd-margin-top--tiny\'>
                                                    <button
                                                        class=\'ids-status ids-status--totp ids-status--button
                                                        ids-button fn-button fn-button--secondary
                                                        ids-button--transparent\' id=\'tfaChoiceTotpButton\'
                                                        name=\'tfaChoiceTOTP\' type=\'submit\' value=\'true\'>
                                                        <div class=\'fn-button__text\'>TOTP Two-Factor Authentication
                                                        </div>
                                                    </button>
                                                </li>
                                                <li class=\'ids-list__item fd-margin-top--tiny\'>
                                                    <button
                                                        class=\'ids-status ids-status--sms ids-status--button ids-button
                                                        fn-button fn-button--secondary ids-button--transparent\'
                                                        disabled id=\'tfaChoiceSmsButton\' name=\'tfaChoiceSMS\'
                                                        type=\'submit\' value=\'true\'>
                                                        <div class=\'fn-button__text\'>SMS Two-Factor Authentication
                                                        </div>
                                                    </button>
                                                </li>
                                                <li class=\'ids-list__item fd-margin-top--tiny\'>
                                                    <button
                                                        class=\'ids-status ids-status--webauth ids-status--button
                                                        ids-button fn-button fn-button--secondary
                                                        ids-button--transparent\' disabled id=\'tfaChoiceWebButton\'
                                                        name=\'tfaChoiceWEB\' type=\'submit\' value=\'true\'>
                                                        <div class=\'fn-button__text\'>WEB Two-Factor Authentication
                                                        </div>
                                                    </button>
                                                </li>
                                            </ul>
                                        </form>
                                    </section>
                                </fieldset>
                            </div>
                        </form>
                    </div>
                </div>
                <div class=\'iam-container__footer\'>
                    <div class=\'iam-login-columned\'>
                        <div class=\'iam-login-columned__begin\'></div>
                        <div class=\'iam-login-columned__end\'>
                            <div class=\'ids-button-group\'><button class=\'ids-button fn-button ids-button--primary
                                    fn-button--emphasized\' form=\'secondFactorForm\'
                                    id=\'tfaChoiceActivateAnotherDeviceButton\' name=\'tfaChoiceActivateAnotherDevice\'
                                    type=\'submit\' value=\'true\'>
                                    <div class=\'fn-button__text\'>Enable Method</div>
                                </button></div>
                        </div>
                    </div>
                </div>
            </div>
        </main>
    </div>
    <script src="/universalui/assets/application-f0eb0890e5394a3ad0aff080fe961cd05c2f573162ddd9cdc751facefc988b84.js"></script>
    <script nonce=\'LQ5pJ7jfhfDjHEey3iAuski9ZV57UDshYUAHDCE5B4U=\'>$.ids.overlay.isClickjackingProtectEnabled = true;</script>
    <script nonce=\'LQ5pJ7jfhfDjHEey3iAuski9ZV57UDshYUAHDCE5B4U=\'>$(document).ready(function () 
    {
    if (document.getElementById("secondFactorForm") || document.getElementById("verifyPhoneForm"))
        { var isVerifyPhoneView = document.getElementById("smsCode"); if (isVerifyPhoneView) { $("#smsCode").focus(); } 
        else
            { $("#j_otpcode").focus(); }
        }
    else { var element = $(\'form :input:visible:not([readonly]):not([disabled]):not(.fn-button--layout):first\');
        if (element && element.attr("id") !== "newPasswordInput") {        element.focus();
        }
    }
    }
    )</script>
</body>
</html>

@marcelmamula
Copy link
Contributor

marcelmamula commented Mar 31, 2025
edited
Loading

@SunnyCrockett Please make sure to test 2 CD Media files that never work. SAPHOSTAGENT and HANA CLIENT I listed are working fine.

        - '19118000000000008988'  # Does not work with MFA
        - 'S4CORE108_INST_EXPORT_23.zip'  # Does not work with MFA

All these 4 files are on SAP download site, for example:

19118000000000008988S4CORE108_INST_EXPORT_23.zip
S4CORE108_INST_EXPORT_23.zip

image

@sean-freeman
Copy link
Member

Note: looking for these may be easier?

  • <title>SAP ONE Support Launchpad: Two-Factor Authentication</title>
  • data-page=\'ids-two_factor_choice/logon\'
  • <h1 class=\'ids-heading-1 ids-heading-1--login\' id=\'ids-heading-1\'>Choose Two-Factor Authentication Method</h1>
  • <p id=\'test-tfa-message\'>Please choose one of the enabled two-factor authentication methods or press the button to enable a new method.</p>

Instead of searching for TFA methods:

  • <section class=\'ids-section ids-section--profile js-tfa-choice-methods\'>
  • <form class="ids-form ids-form--horizontal" role="form" id="chooseTwoFactorMethodForm" action="chooseTwoFactorMethod" accept-charset="UTF-8" data-remote="true" method="post">
  • <div class=\'fn-button__text\'>TOTP Two-Factor Authentication</div>
  • <div class=\'fn-button__text\'>SMS Two-Factor Authentication</div>
  • <div class=\'fn-button__text\'>WEB Two-Factor Authentication</div>

@marcelmamula
Copy link
Contributor

Problem is not with what to look for, but rather where to look.

Neither solution works so it needs proper investigation and review to see output request format because:
res.json()['errorMessage'] which is there already, but it does not work 'An exception has occurred - Expecting value: line 1 column 1 (char 0)' . You never see this error because it never gets executed due to condition res.status_code == 403 before that.

str(res.content) from this PR also does not work - MODULE FAILURE: No start of json char found

@sean-freeman
Copy link
Member

res.content is binary format > https://requests.readthedocs.io/en/latest/user/quickstart/#binary-response-content

That's why you can see it parsed elsewhere as soup = BeautifulSoup(res.content, features='lxml')

res.text is just simple parse > https://requests.readthedocs.io/en/latest/user/quickstart/#response-content

@marcelmamula
Copy link
Contributor

marcelmamula commented Apr 1, 2025
edited
Loading

@SunnyCrockett I did some test now and I can confirm that this is not causing issue. Can you test if it catches your MFA account?
We dont have any MFA enabled account with @sean-freeman and enabling it has chance to cause issues removing it later.

I would love to add return code there, but I dont see it in your response. What code did you get?
Following code works only sometimes as we need to prepend it with res.status_code == ??

    if 'Two-Factor Authentication' in res.text:
        raise Exception(f'The SAP ID is enabled for two-factor authentication (MFA). Please disable MFA under https://accounts.sap.com/ and try again.')

@marcelmamula
Copy link
Contributor

@SunnyCrockett res.text seems to be having issue when we have large response.
Can you get other parts of res so we can check if code or header can help us better than checking whole block?

I am using this to get content

    raise ValueError(f'TEST - CODE {res.status_code}, TEXT {res.text}, CONTENT {res.content}, REQ HEADERS {res.request.headers}, REQ BODY {res.request.body}, REQ METHOD {res.request.method}, HIST {res.history}')

@SunnyCrockett
Copy link
Author

Here you find my output of the ValueError requests by @marcelmamula

failed: [10.230.248.74] (item=SAPHOSTAGENT62_62-80004822.SAR : An exception has occurred - TEST - CODE 200, 

TEXT 
<!DOCTYPE html>
<html dir='ltr' lang='en'>
   <head>
      <meta charset='utf-8'>
      <base href='https://accounts.sap.com' target='_self'>
      <meta content='IE=edge' http-equiv='X-UA-Compatible'>
      <meta content='width=device-width, initial-scale=1.0' name='viewport'>
      <meta content='universalui' name='uitype'>
      <meta content='noindex, nofollow' name='robots'>
      <meta content='noindex, nofollow' name='AdsBot-Google'>
      <title>SAP ONE Support Launchpad: Two-Factor Authentication</title>
      <link href='https://accounts.sap.com/ui/public/cached/tenant/v/1/favicon' rel='icon' type='image'>
      <link href='https://accounts.sap.com/ui/public/cached/tenant/v/1/favicon' rel='shortcut icon' type='image/x-icon'>
      <link href='https://accounts.sap.com/ui/public/cached/tenant/v/1/favicon' rel='apple-touch-icon'>
      <style>@font-face {font-family: "72";src: url(/universalui/assets/72-Regular-full-13166772a25bed9a0f7449132e3a6283baf5ac3060ee5bddbb7b538ecef04fbf.woff2) format("woff2"), url(/universalui/assets/72-Regular-full-9647d57cf02b77bda494292c5c463b62962a1d2eae0fb789df42f5b9c61b52bf.woff) format("woff");font-weight: normal;font-style: normal;font-display: swap;}@font-face {font-family: "72";src: url(/universalui/assets/72-Bold-full-865699d7fc86329695b5a173e21f5f58c8957c8403d682d39139064619a0a129.woff2) format("woff2"), url(/universalui/assets/72-Bold-full-32faa76e1ccaaac0a266069809a78773123c3cace830f78b401adec8b45e508a.woff) format("woff");font-weight: 700;font-style: normal;font-display: swap;}@font-face {font-family: "72";src: url(/universalui/assets/72-Black-full-9ab17b2e3534a1b1999647d277b538da71436275f606f3b4611fa24cda24c3fe.woff2) format("woff2"), url(/universalui/assets/72-Black-full-2bae0b93c151f77c1a0b93b512e384cfb1bc8131e74ff999400f9012a17c24ed.woff) format("woff");font-weight: 900;font-style: normal;font-display: swap;}@font-face {font-family: "72";src: url(/universalui/assets/72-Light-full-1a1d9e2143cdf5bc8b91cf86c527b877bb244e2efadb3af603f5af3902987fe8.woff2) format("woff2"), url(/universalui/assets/72-Light-full-81eeab5689682906c7625e3792ec6174dbedbe23cc662e539d1f12a634a598e7.woff) format("woff");font-weight: 300;font-style: normal;font-display: swap;}@font-face {font-family: "SAP-icons";src: url(/universalui/assets/SAP-icons-minimized-e6452e71809a0d6c0af97b9ca6381af948ddca8c3613e6fad3090a152f60e7c1.woff2) format("woff2"), url(/universalui/assets/SAP-icons-minimized-b95c57dae2db46fc4dd12930ed8f36b8f4a7c9f2a171b26a7ab78b2c2e078fd2.woff) format("woff");font-weight: normal;font-style: normal;}@font-face {font-family: 'BusinessSuiteInAppSymbols';src: url(/universalui/assets/BusinessSuiteInAppSymbols-4285b111fae5b5703081b3fdb7dcbf6d8be08eb276bc15fd1ca0b4ee1b1fcc7d.woff2) format('woff2'), url(/universalui/assets/BusinessSuiteInAppSymbols-685a364dd1577572f980383f1d6ad9c71e7f9bc8442618dcf55a99b21186dce5.woff) format('woff');font-weight: normal;font-style: normal;}@font-face {font-family: 'SAP-icons-TNT';src: url(/universalui/assets/SAP-icons-TNT-07afca5573fa2356233032dac369d2638367b793f4bfcec0f1c4bb3caf1dfdc1.woff2) format('woff2'), url(/universalui/assets/SAP-icons-TNT-a0e38f4b60dfc7c77e5ab37a9b4afa26304d515d6b0c0f0a2eff9aac116e6f61.woff) format('woff');font-weight: normal;font-style: normal;}html {font-family: "72", Arial, Helvetica, sans-serif;font-size: 16px;}</style>
      <div style='width: 0; height: 0; overflow: hidden; position: absolute;'>
         <svg xmlns="http://www.w3.org/2000/svg">
            <defs>
               <pattern id="sapIllus_PatternShadow" width="3" height="5.5" patternUnits="userSpaceOnUse" viewBox="0 0 3 5.5">
                  <rect class="sapIllus_NoColor" style="fill:var(--sapIllus_NoColor)" width="3" height="5.5"></rect>
                  <circle class="sapIllus_BrandColorPrimary" style="fill:var(--sapIllus_BrandColorPrimary)" cx="3" cy="5.5001" r="0.5"></circle>
                  <circle class="sapIllus_BrandColorPrimary" style="fill:var(--sapIllus_BrandColorPrimary)" cy="5.5001" r="0.5"></circle>
                  <circle class="sapIllus_BrandColorPrimary" style="fill:var(--sapIllus_BrandColorPrimary)" cx="1.5" cy="2.7501" r="0.5"></circle>
                  <circle class="sapIllus_BrandColorPrimary" style="fill:var(--sapIllus_BrandColorPrimary)" cx="3" cy="0.0001" r="0.5"></circle>
                  <circle class="sapIllus_BrandColorPrimary" style="fill:var(--sapIllus_BrandColorPrimary)" cy="0.0001" r="0.5"></circle>
               </pattern>
               <pattern id="sapIllus_PatternHighlight" width="3" height="5.5" patternTransform="translate(35.9059 309.6208)" patternUnits="userSpaceOnUse" viewBox="0 0 3 5.5">
                  <rect class="sapIllus_NoColor" style="fill:var(--sapIllus_NoColor)" width="3" height="5.5"></rect>
                  <circle class="sapIllus_ObjectFillColor" style="fill:var(--sapIllus_ObjectFillColor)" cx="3.0001" cy="5.5001" r="0.5"></circle>
                  <circle class="sapIllus_ObjectFillColor" style="fill:var(--sapIllus_ObjectFillColor)" cx="0.0001" cy="5.5001" r="0.5"></circle>
                  <circle class="sapIllus_ObjectFillColor" style="fill:var(--sapIllus_ObjectFillColor)" cx="1.5001" cy="2.7501" r="0.5"></circle>
                  <circle class="sapIllus_ObjectFillColor" style="fill:var(--sapIllus_ObjectFillColor)" cx="3.0001" cy="0.0001" r="0.5"></circle>
                  <circle class="sapIllus_ObjectFillColor" style="fill:var(--sapIllus_ObjectFillColor)" cx="0.0001" cy="0.0001" r="0.5"></circle>
               </pattern>
            </defs>
         </svg>
      </div>
      <link rel="stylesheet" media="all" href="/universalui/assets/fn/end-user-ui/application-760677aa8df88cf62819e1919254c8132b1f858d6c46f34261d3b60f09868717.css" />
      <meta name="csrf-param" content="authenticity_token" />
      <meta name="csrf-token" content="my-csrf-token" />
      <!-- third party cookies check --><!-- same origin protection check -->
   </head>
   <body style='justify-content: center'>
      <div data-brandingType='theme_fiori' data-page='ids-two_factor_choice/logon' id='body' style='display:none'>
         <main class='ids-main'>
            <div class='ids-main__content'>
               <div class='iam-container__header'>
                  <div class='iam-login-columned'>
                     <div class='iam-login-columned__begin'>
                        <div class='ids-login-tenant__logo'><img alt=" logo" style="height:26px; width:auto" src="https://accounts.sap.com/ui/public/cached/tenant/v/2/tenant_logo" /></div>
                     </div>
                     <div class='iam-login-columned__end'></div>
                  </div>
                  <div class='iam-container__title'>
                     <h1 class='ids-heading-1 ids-heading-1--login' id='ids-heading-1'>Choose Two-Factor Authentication Method</h1>
                  </div>
                  <div class='iam-container__subtitle'>
                     <h2>Account: my@mailaddress.de</h2>
                  </div>
               </div>
               <div class='iam-container__body'>
                  <style>  #test-tfa-message { margin-bottom: 1.5rem; }  .iam-verification-list { margin-top: 1.5rem; }</style>
                  <div aria-labelledby='ids-heading-1' class='ids-container' role='dialog'>
                     <form action='/saml2/idp/acs' autocomplete='off' class='ids-form ids-form--horizontal' id='secondFactorForm' method='post' role='form'>
                        <div class='js-global-flashes-area' id='globalMessages'></div>
                        <p id='test-tfa-message'>Please choose one of the enabled two-factor authentication methods or press the button to enable a new method.</p>
                        <div class='ids-input-area fd-has-display-none'>
                           <fieldset class='ids-fieldset fn-fieldset'>
                              <div class='fd-form-item ids-input-group ids-input-group--text' id='j_username-group'>
                                 <div class='ids-label-container'>    <span class='ids-label-wrap'>      <label class='fn-label ids-label' for='j_username' id='j_username-label'>        E-Mail, ID, or Login Name      </label>    </span>  </div>
                                 <div class='ids-control-container fd-form-input-message-group fd-popover fd-popover--input-message-group'>
                                    <div class='fd-popover__control'>
                                       <div class='fd-input-group'>
                                          <div class='fn-input'>
                                             <input class='fn-input__text-field ids-input ids-input--text ids-input--clear js-has-input-clear' id='j_username' name='j_username' readonly='readonly' type='text' value='my@mailaddress.de'>          
                                             <div class='fn-input__border'></div>
                                          </div>
                                       </div>
                                    </div>
                                    <a class='ids-input-clear js-input-clear' href='#' tabindex='-1'></a>  
                                 </div>
                              </div>
                           </fieldset>
                        </div>
                        <div class='ids-input-area'>
                           <fieldset class='ids-fieldset fn-fieldset'>
                              <input type="hidden" id="hidden-xsrfProtection-field" name="xsrfProtection" value="ybo8kjzoExF3V7UHQAk6_UDANFmjhLiJXOWhg5dnio86MTc0MzUwNjMwMDA2OA" ><input type="hidden" name="method" value="POST"><input type="hidden" name="idpSSOEndpoint" value="https://accounts.sap.com/saml2/idp/acs"><input type="hidden" name="RelayState" value="__HOST-arceb61a9"><input id='spId' name='spId' type='hidden' value='55365985e4b07dc3abdfc16c'><input id='spName' name='spName' type='hidden' value='https://hana.ondemand.com/supportportal'><input id='tfaToken' name='tfaToken' type='hidden' value='very-long-number'><input id='tfaChoice' name='tfaChoice' type='hidden' value=''></input><input id='activateNewTfaDevice' name='activateNewTfaDevice' type='hidden' value=''><input id='firstTfaMethodChoiceSuccess' name='firstTfaMethodChoiceSuccess' type='hidden' value=''>
                              <section class='ids-section ids-section--profile js-tfa-choice-methods'>
                     <form class="ids-form ids-form--horizontal" role="form" id="chooseTwoFactorMethodForm" action="chooseTwoFactorMethod" accept-charset="UTF-8" data-remote="true" method="post"><input name="utf8" type="hidden" value="&#x2713;" autocomplete="off" /><div class='js-section-flashes-area'></div><ul class='ids-list ids-list-borders iam-verification-list'><li class='ids-list__item fd-margin-top--tiny'><button class='ids-status ids-status--totp ids-status--button ids-button fn-button fn-button--secondary ids-button--transparent' id='tfaChoiceTotpButton' name='tfaChoiceTOTP' type='submit' value='true'><img height="16px" class="sap-icon is-hidden" src="/universalui/assets/ids-icon-passcode-4eab511e09a4f4db288735110d0697ca3c553db6c8b795e3dedcac3e30c7628d.svg" /><div class='fn-button__text'>TOTP Two-Factor Authentication</div></button></li><li class='ids-list__item fd-margin-top--tiny'><button class='ids-status ids-status--sms ids-status--button ids-button fn-button fn-button--secondary ids-button--transparent' disabled id='tfaChoiceSmsButton' name='tfaChoiceSMS' type='submit' value='true'><img height="16px" class="sap-icon is-hidden" src="/universalui/assets/ids-icon-sms-aab4a3c7bf39b184f5663c776e0dd5cef315068c4a9dc0689f050ed317c7741e.svg" /><div class='fn-button__text'>SMS Two-Factor Authentication</div></button></li><li class='ids-list__item fd-margin-top--tiny'><button class='ids-status ids-status--webauth ids-status--button ids-button fn-button fn-button--secondary ids-button--transparent' disabled id='tfaChoiceWebButton' name='tfaChoiceWEB' type='submit' value='true'><img height="16px" class="sap-icon is-hidden" src="/universalui/assets/ids-icon-webauth-207e4b9fdc76db31d2b8ccd63f34166b8f7e1819225dc94a79f4413f4d58bd4c.svg" /><div class='fn-button__text'>WEB Two-Factor Authentication</div></button></li></ul></form></section></fieldset></div></form>
                  </div>
               </div>
               <div class='iam-container__footer'>
                  <div class='iam-login-columned'>
                     <div class='iam-login-columned__begin'></div>
                     <div class='iam-login-columned__end'>
                        <div class='ids-button-group'>
                           <button class='ids-button fn-button ids-button--primary fn-button--emphasized' form='secondFactorForm' id='tfaChoiceActivateAnotherDeviceButton' name='tfaChoiceActivateAnotherDevice' type='submit' value='true'>
                              <div class='fn-button__text'>Enable Method</div>
                           </button>
                        </div>
                     </div>
                  </div>
               </div>
            </div>
         </main>
      </div>
      <footer class='ids-footer'>
         <div class='ids-footer__inner'>
            <ul class='ids-footer__links'>
               <li class='ids-footer__links__item'>
                  <div class='copyright_link'><img style="height:38px; width:auto;margin: auto;" src="/ui/public/cached/61f188e575fb8f5a8e8be0a9/v/1/logo"> <span style="vertical-align: top;display: inline-block;text-align: left;"> Existing Users | One login for all accounts:     <br>     <a href="https://account.sap.com/core/create/register?redirectURL=IDS_promotion" target="_blank">         Get SAP Universal ID     </a> </span></div>
               </li>
               <li class='ids-footer__links__item'>
                  <div class='privacy_link'><a href="https://accounts.sap.com/ui/public/viewTextResource?scenario=788c7859-5fb6-4b2d-b0aa-d40ba33d6638&resourceType=RESOURCE_PRIVACYPOLICY"> Privacy Policy</a></div>
               </li>
               <li class='ids-footer__links__item'>
                  <div class='legal_disclosure_link'><a href="https://www.sap.com/corporate/en/legal/impressum.html" > Legal Disclosure</a></div>
               </li>
               <li class='ids-footer__links__item'>
                  <div class='cookie_link'><a href="https://account.sap.com/core/doc/SAP_IDService-CookieStatement.pdf" > Cookie Statement</a></div>
               </li>
            </ul>
         </div>
      </footer>
      <script src="/universalui/assets/application-f0eb0890e5394a3ad0aff080fe961cd05c2f573162ddd9cdc751facefc988b84.js"></script><script nonce='J3mjpgIogo0emA5lXLyyAY1uf0rq2aGbZliFDVTWwmE='>$.ids.overlay.isClickjackingProtectEnabled = true;</script><script nonce='J3mjpgIogo0emA5lXLyyAY1uf0rq2aGbZliFDVTWwmE='>$(document).ready(function() {  if (document.getElementById("secondFactorForm") || document.getElementById("verifyPhoneForm")) {    var isVerifyPhoneView = document.getElementById("smsCode");    if (isVerifyPhoneView) {      $("#smsCode").focus();    }    else {      $("#j_otpcode").focus();    }  } else {      var element = $('form :input:visible:not([readonly]):not([disabled]):not(.fn-button--layout):first');      if (element && element.attr("id") !== "newPasswordInput") {        element.focus();      }  }})</script>
   </body>
</html>, 

CONTENT b'\r\n
<!DOCTYPE html>
<html dir=\'ltr\' lang=\'en\'>
   <head>
      <meta charset=\'utf-8\'>
      <base href=\'https://accounts.sap.com\' target=\'_self\'>
      <meta content=\'IE=edge\' http-equiv=\'X-UA-Compatible\'>
      <meta content=\'width=device-width, initial-scale=1.0\' name=\'viewport\'>
      <meta content=\'universalui\' name=\'uitype\'>
      <meta content=\'noindex, nofollow\' name=\'robots\'>
      <meta content=\'noindex, nofollow\' name=\'AdsBot-Google\'>
      <title>SAP ONE Support Launchpad: Two-Factor Authentication</title>
      <link href=\'https://accounts.sap.com/ui/public/cached/tenant/v/1/favicon\' rel=\'icon\' type=\'image\'>
      <link href=\'https://accounts.sap.com/ui/public/cached/tenant/v/1/favicon\' rel=\'shortcut icon\' type=\'image/x-icon\'>
      <link href=\'https://accounts.sap.com/ui/public/cached/tenant/v/1/favicon\' rel=\'apple-touch-icon\'>
      <style>@font-face {font-family: "72";src: url(/universalui/assets/72-Regular-full-13166772a25bed9a0f7449132e3a6283baf5ac3060ee5bddbb7b538ecef04fbf.woff2) format("woff2"), url(/universalui/assets/72-Regular-full-9647d57cf02b77bda494292c5c463b62962a1d2eae0fb789df42f5b9c61b52bf.woff) format("woff");font-weight: normal;font-style: normal;font-display: swap;}@font-face {font-family: "72";src: url(/universalui/assets/72-Bold-full-865699d7fc86329695b5a173e21f5f58c8957c8403d682d39139064619a0a129.woff2) format("woff2"), url(/universalui/assets/72-Bold-full-32faa76e1ccaaac0a266069809a78773123c3cace830f78b401adec8b45e508a.woff) format("woff");font-weight: 700;font-style: normal;font-display: swap;}@font-face {font-family: "72";src: url(/universalui/assets/72-Black-full-9ab17b2e3534a1b1999647d277b538da71436275f606f3b4611fa24cda24c3fe.woff2) format("woff2"), url(/universalui/assets/72-Black-full-2bae0b93c151f77c1a0b93b512e384cfb1bc8131e74ff999400f9012a17c24ed.woff) format("woff");font-weight: 900;font-style: normal;font-display: swap;}@font-face {font-family: "72";src: url(/universalui/assets/72-Light-full-1a1d9e2143cdf5bc8b91cf86c527b877bb244e2efadb3af603f5af3902987fe8.woff2) format("woff2"), url(/universalui/assets/72-Light-full-81eeab5689682906c7625e3792ec6174dbedbe23cc662e539d1f12a634a598e7.woff) format("woff");font-weight: 300;font-style: normal;font-display: swap;}@font-face {font-family: "SAP-icons";src: url(/universalui/assets/SAP-icons-minimized-e6452e71809a0d6c0af97b9ca6381af948ddca8c3613e6fad3090a152f60e7c1.woff2) format("woff2"), url(/universalui/assets/SAP-icons-minimized-b95c57dae2db46fc4dd12930ed8f36b8f4a7c9f2a171b26a7ab78b2c2e078fd2.woff) format("woff");font-weight: normal;font-style: normal;}@font-face {font-family: \'BusinessSuiteInAppSymbols\';src: url(/universalui/assets/BusinessSuiteInAppSymbols-4285b111fae5b5703081b3fdb7dcbf6d8be08eb276bc15fd1ca0b4ee1b1fcc7d.woff2) format(\'woff2\'), url(/universalui/assets/BusinessSuiteInAppSymbols-685a364dd1577572f980383f1d6ad9c71e7f9bc8442618dcf55a99b21186dce5.woff) format(\'woff\');font-weight: normal;font-style: normal;}@font-face {font-family: \'SAP-icons-TNT\';src: url(/universalui/assets/SAP-icons-TNT-07afca5573fa2356233032dac369d2638367b793f4bfcec0f1c4bb3caf1dfdc1.woff2) format(\'woff2\'), url(/universalui/assets/SAP-icons-TNT-a0e38f4b60dfc7c77e5ab37a9b4afa26304d515d6b0c0f0a2eff9aac116e6f61.woff) format(\'woff\');font-weight: normal;font-style: normal;}html {font-family: "72", Arial, Helvetica, sans-serif;font-size: 16px;}</style>
      <div style=\'width: 0; height: 0; overflow: hidden; position: absolute;\'>
      <svg xmlns="http://www.w3.org/2000/svg">
         <defs>
            <pattern id="sapIllus_PatternShadow" width="3" height="5.5" patternUnits="userSpaceOnUse" viewBox="0 0 3 5.5">
               <rect class="sapIllus_NoColor" style="fill:var(--sapIllus_NoColor)" width="3" height="5.5"></rect>
               <circle class="sapIllus_BrandColorPrimary" style="fill:var(--sapIllus_BrandColorPrimary)" cx="3" cy="5.5001" r="0.5"></circle>
               <circle class="sapIllus_BrandColorPrimary" style="fill:var(--sapIllus_BrandColorPrimary)" cy="5.5001" r="0.5"></circle>
               <circle class="sapIllus_BrandColorPrimary" style="fill:var(--sapIllus_BrandColorPrimary)" cx="1.5" cy="2.7501" r="0.5"></circle>
               <circle class="sapIllus_BrandColorPrimary" style="fill:var(--sapIllus_BrandColorPrimary)" cx="3" cy="0.0001" r="0.5"></circle>
               <circle class="sapIllus_BrandColorPrimary" style="fill:var(--sapIllus_BrandColorPrimary)" cy="0.0001" r="0.5"></circle>
            </pattern>
            <pattern id="sapIllus_PatternHighlight" width="3" height="5.5" patternTransform="translate(35.9059 309.6208)" patternUnits="userSpaceOnUse" viewBox="0 0 3 5.5">
               <rect class="sapIllus_NoColor" style="fill:var(--sapIllus_NoColor)" width="3" height="5.5"></rect>
               <circle class="sapIllus_ObjectFillColor" style="fill:var(--sapIllus_ObjectFillColor)" cx="3.0001" cy="5.5001" r="0.5"></circle>
               <circle class="sapIllus_ObjectFillColor" style="fill:var(--sapIllus_ObjectFillColor)" cx="0.0001" cy="5.5001" r="0.5"></circle>
               <circle class="sapIllus_ObjectFillColor" style="fill:var(--sapIllus_ObjectFillColor)" cx="1.5001" cy="2.7501" r="0.5"></circle>
               <circle class="sapIllus_ObjectFillColor" style="fill:var(--sapIllus_ObjectFillColor)" cx="3.0001" cy="0.0001" r="0.5"></circle>
               <circle class="sapIllus_ObjectFillColor" style="fill:var(--sapIllus_ObjectFillColor)" cx="0.0001" cy="0.0001" r="0.5"></circle>
            </pattern>
         </defs>
      </svg>
      </div>
      <link rel="stylesheet" media="all" href="/universalui/assets/fn/end-user-ui/application-760677aa8df88cf62819e1919254c8132b1f858d6c46f34261d3b60f09868717.css" />
      <meta name="csrf-param" content="authenticity_token" />
      <meta name="csrf-token" content="my-csrf-token" />
      <!-- third party cookies check --><!-- same origin protection check -->
   </head>
   <body style=\'justify-content: center\'>
      <div data-brandingType=\'theme_fiori\' data-page=\'ids-two_factor_choice/logon\' id=\'body\' style=\'display:none\'>
         <main class=\'ids-main\'>
            <div class=\'ids-main__content\'>
               <div class=\'iam-container__header\'>
                  <div class=\'iam-login-columned\'>
                     <div class=\'iam-login-columned__begin\'>
                        <div class=\'ids-login-tenant__logo\'><img alt=" logo" style="height:26px; width:auto" src="https://accounts.sap.com/ui/public/cached/tenant/v/2/tenant_logo" /></div>
                     </div>
                     <div class=\'iam-login-columned__end\'></div>
                  </div>
                  <div class=\'iam-container__title\'>
                     <h1 class=\'ids-heading-1 ids-heading-1--login\' id=\'ids-heading-1\'>Choose Two-Factor Authentication Method</h1>
                  </div>
                  <div class=\'iam-container__subtitle\'>
                     <h2>Account: my@mailaddress.de</h2>
                  </div>
               </div>
               <div class=\'iam-container__body\'>
                  <style>  #test-tfa-message { margin-bottom: 1.5rem; }  .iam-verification-list { margin-top: 1.5rem; }</style>
                  <div aria-labelledby=\'ids-heading-1\' class=\'ids-container\' role=\'dialog\'>
                     <form action=\'/saml2/idp/acs\' autocomplete=\'off\' class=\'ids-form ids-form--horizontal\' id=\'secondFactorForm\' method=\'post\' role=\'form\'>
                        <div class=\'js-global-flashes-area\' id=\'globalMessages\'></div>
                        <p id=\'test-tfa-message\'>Please choose one of the enabled two-factor authentication methods or press the button to enable a new method.</p>
                        <div class=\'ids-input-area fd-has-display-none\'>
                           <fieldset class=\'ids-fieldset fn-fieldset\'>
                              <div class=\'fd-form-item ids-input-group ids-input-group--text\' id=\'j_username-group\'>
                                 <div class=\'ids-label-container\'>    <span class=\'ids-label-wrap\'>      <label class=\'fn-label ids-label\' for=\'j_username\' id=\'j_username-label\'>        E-Mail, ID, or Login Name      </label>    </span>  </div>
                                 <div class=\'ids-control-container fd-form-input-message-group fd-popover fd-popover--input-message-group\'>
                                    <div class=\'fd-popover__control\'>
                                       <div class=\'fd-input-group\'>
                                          <div class=\'fn-input\'>
                                             <input class=\'fn-input__text-field ids-input ids-input--text ids-input--clear js-has-input-clear\' id=\'j_username\' name=\'j_username\' readonly=\'readonly\' type=\'text\' value=\'my@mailaddress.de\'>          
                                             <div class=\'fn-input__border\'></div>
                                          </div>
                                       </div>
                                    </div>
                                    <a class=\'ids-input-clear js-input-clear\' href=\'#\' tabindex=\'-1\'></a>  
                                 </div>
                              </div>
                           </fieldset>
                        </div>
                        <div class=\'ids-input-area\'>
                           <fieldset class=\'ids-fieldset fn-fieldset\'>
                              <input type="hidden" id="hidden-xsrfProtection-field" name="xsrfProtection" value="XXX" ><input type="hidden" name="method" value="POST"><input type="hidden" name="idpSSOEndpoint" value="https://accounts.sap.com/saml2/idp/acs"><input type="hidden" name="RelayState" value="__HOST-arceb61a9"><input id=\'spId\' name=\'spId\' type=\'hidden\' value=\'55365985e4b07dc3abdfc16c\'><input id=\'spName\' name=\'spName\' type=\'hidden\' value=\'https://hana.ondemand.com/supportportal\'><input id=\'tfaToken\' name=\'tfaToken\' type=\'hidden\' value=\'some-very-long-number\'><input id=\'tfaChoice\' name=\'tfaChoice\' type=\'hidden\' value=\'\'></input><input id=\'activateNewTfaDevice\' name=\'activateNewTfaDevice\' type=\'hidden\' value=\'\'><input id=\'firstTfaMethodChoiceSuccess\' name=\'firstTfaMethodChoiceSuccess\' type=\'hidden\' value=\'\'>
                              <section class=\'ids-section ids-section--profile js-tfa-choice-methods\'>
                     <form class="ids-form ids-form--horizontal" role="form" id="chooseTwoFactorMethodForm" action="chooseTwoFactorMethod" accept-charset="UTF-8" data-remote="true" method="post"><input name="utf8" type="hidden" value="&#x2713;" autocomplete="off" /><div class=\'js-section-flashes-area\'></div><ul class=\'ids-list ids-list-borders iam-verification-list\'><li class=\'ids-list__item fd-margin-top--tiny\'><button class=\'ids-status ids-status--totp ids-status--button ids-button fn-button fn-button--secondary ids-button--transparent\' id=\'tfaChoiceTotpButton\' name=\'tfaChoiceTOTP\' type=\'submit\' value=\'true\'><img height="16px" class="sap-icon is-hidden" src="/universalui/assets/ids-icon-passcode-4eab511e09a4f4db288735110d0697ca3c553db6c8b795e3dedcac3e30c7628d.svg" /><div class=\'fn-button__text\'>TOTP Two-Factor Authentication</div></button></li><li class=\'ids-list__item fd-margin-top--tiny\'><button class=\'ids-status ids-status--sms ids-status--button ids-button fn-button fn-button--secondary ids-button--transparent\' disabled id=\'tfaChoiceSmsButton\' name=\'tfaChoiceSMS\' type=\'submit\' value=\'true\'><img height="16px" class="sap-icon is-hidden" src="/universalui/assets/ids-icon-sms-aab4a3c7bf39b184f5663c776e0dd5cef315068c4a9dc0689f050ed317c7741e.svg" /><div class=\'fn-button__text\'>SMS Two-Factor Authentication</div></button></li><li class=\'ids-list__item fd-margin-top--tiny\'><button class=\'ids-status ids-status--webauth ids-status--button ids-button fn-button fn-button--secondary ids-button--transparent\' disabled id=\'tfaChoiceWebButton\' name=\'tfaChoiceWEB\' type=\'submit\' value=\'true\'><img height="16px" class="sap-icon is-hidden" src="/universalui/assets/ids-icon-webauth-207e4b9fdc76db31d2b8ccd63f34166b8f7e1819225dc94a79f4413f4d58bd4c.svg" /><div class=\'fn-button__text\'>WEB Two-Factor Authentication</div></button></li></ul></form></section></fieldset></div></form>
                  </div>
               </div>
               <div class=\'iam-container__footer\'>
                  <div class=\'iam-login-columned\'>
                     <div class=\'iam-login-columned__begin\'></div>
                     <div class=\'iam-login-columned__end\'>
                        <div class=\'ids-button-group\'>
                           <button class=\'ids-button fn-button ids-button--primary fn-button--emphasized\' form=\'secondFactorForm\' id=\'tfaChoiceActivateAnotherDeviceButton\' name=\'tfaChoiceActivateAnotherDevice\' type=\'submit\' value=\'true\'>
                              <div class=\'fn-button__text\'>Enable Method</div>
                           </button>
                        </div>
                     </div>
                  </div>
               </div>
            </div>
         </main>
      </div>
      <footer class=\'ids-footer\'>
         <div class=\'ids-footer__inner\'>
            <ul class=\'ids-footer__links\'>
               <li class=\'ids-footer__links__item\'>
                  <div class=\'copyright_link\'><img style="height:38px; width:auto;margin: auto;" src="/ui/public/cached/61f188e575fb8f5a8e8be0a9/v/1/logo"> <span style="vertical-align: top;display: inline-block;text-align: left;"> Existing Users | One login for all accounts:     <br>     <a href="https://account.sap.com/core/create/register?redirectURL=IDS_promotion" target="_blank">         Get SAP Universal ID     </a> </span></div>
               </li>
               <li class=\'ids-footer__links__item\'>
                  <div class=\'privacy_link\'><a href="https://accounts.sap.com/ui/public/viewTextResource?scenario=788c7859-5fb6-4b2d-b0aa-d40ba33d6638&resourceType=RESOURCE_PRIVACYPOLICY"> Privacy Policy</a></div>
               </li>
               <li class=\'ids-footer__links__item\'>
                  <div class=\'legal_disclosure_link\'><a href="https://www.sap.com/corporate/en/legal/impressum.html" > Legal Disclosure</a></div>
               </li>
               <li class=\'ids-footer__links__item\'>
                  <div class=\'cookie_link\'><a href="https://account.sap.com/core/doc/SAP_IDService-CookieStatement.pdf" > Cookie Statement</a></div>
               </li>
            </ul>
         </div>
      </footer>
      <script src="/universalui/assets/application-f0eb0890e5394a3ad0aff080fe961cd05c2f573162ddd9cdc751facefc988b84.js"></script><script nonce=\'J3mjpgIogo0emA5lXLyyAY1uf0rq2aGbZliFDVTWwmE=\'>$.ids.overlay.isClickjackingProtectEnabled = true;</script><script nonce=\'J3mjpgIogo0emA5lXLyyAY1uf0rq2aGbZliFDVTWwmE=\'>$(document).ready(function() {  if (document.getElementById("secondFactorForm") || document.getElementById("verifyPhoneForm")) {    var isVerifyPhoneView = document.getElementById("smsCode");    if (isVerifyPhoneView) {      $("#smsCode").focus();    }    else {      $("#j_otpcode").focus();    }  } else {      var element = $(\'form :input:visible:not([readonly]):not([disabled]):not(.fn-button--layout):first\');      if (element && element.attr("id") !== "newPasswordInput") {        element.focus();      }  }})</script>
   </body>
</html>
', 
 
 REQ HEADERS
 {
 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36', 
 'Accept-Encoding': 'gzip, deflate', 
 'Accept': '*/*', 
 'Connection': 'keep-alive', 
 'Origin': 'https://accounts.sap.com', 
 'Referer': 'https://accounts.sap.com', 
 'Cookie': 'JSESSIONID=XXX; __HOST-XSRF_COOKIE=XXX; __HOST-xxx=XXX; __HOST-authIdentifierDataTemporary=XXX', 
 'Content-Length': '8543', 
 'Content-Type': 'application/x-www-form-urlencoded'}, 
 
 REQ BODY SAMLResponse=a-very-long-response-string&RelayState=__HOST-xxx, 
 
 REQ METHOD
 POST, 
 
 HIST [])

@marcelmamula
Copy link
Contributor

@SunnyCrockett Thank you for this PR, but we cannot accept it because:

  • Return code 200
  • No MFA information in header

Problem: Executing Fuzzy search using _request function will result in VERY LARGE res.content and res.text which will lead to very long execution (or never ending).

I am updating this function with extra check as well as explanation for future reference

    # Validating against `res.text` can cause long execution time, because fuzzy search result can contain large `res.text`.
    # This can be prevented by validating `res.status_code` check before `res.text`.
    # Example: 'Two-Factor Authentication' is only in `res.text`, which can lead to long execution.

    if res.status_code == 403:
        if 'You are not authorized to download this file' in res.text:
            raise Exception(f'You are not authorized to download this file.')
        elif 'Account Temporarily Locked Out' in res.text:
            raise Exception(f'Account Temporarily Locked Out. Please reset password to regain access and try again.')
        else:
            res.raise_for_status()

    if res.status_code == 404:
        if 'The file you have requested cannot be found' in res.text:
            raise Exception(f'The file you have requested cannot be found.')
        else:
            res.raise_for_status()

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcelmamula marcelmamula marcelmamula requested changes

@sean-freeman sean-freeman sean-freeman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@SunnyCrockett @marcelmamula @sean-freeman