From 424a3e1d9780d54afb242ae8165e1c59182c168e Mon Sep 17 00:00:00 2001
From: SunnyCrockett <153714968+SunnyCrockett@users.noreply.github.com>
Date: Mon, 17 Mar 2025 10:53:51 +0100
Subject: [PATCH] Added check for MFA

---
 plugins/module_utils/sap_api_common.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/plugins/module_utils/sap_api_common.py b/plugins/module_utils/sap_api_common.py
index 204b492..a2f5034 100644
--- a/plugins/module_utils/sap_api_common.py
+++ b/plugins/module_utils/sap_api_common.py
@@ -41,6 +41,9 @@ def _request(url, **kwargs):
             and res.json()['errorMessage'].startswith('Account Temporarily Locked Out')):
         raise Exception('SAP ID Service has reported `Account Temporarily Locked Out`. Please reset password to regain access and try again.')
 
+    if "WEB Two-Factor Authentication" in str(res.content):
+        raise Exception('The SAP ID is enabled for two-factor authentication (MFA). Please disable MFA under https://accounts.sap.com/ and try again.')
+
     res.raise_for_status()
 
     return res