feat: allow OTP to be passed via MFAToken parameter

SESA826635 · SESA826635 · commit 115e7f5f7c7e · 2025-09-12T10:42:45.000+02:00
diff --git a/pkg/provider/pingfed/pingfed.go b/pkg/provider/pingfed/pingfed.go
@@ -179,7 +179,12 @@ func (ac *Client) handleCheckWebAuthn(ctx context.Context, doc *goquery.Document
 	return ctx, req, err
 }
 
+// Improved OTP handling in handleOTP function
 func (ac *Client) handleOTP(ctx context.Context, doc *goquery.Document, requestURL *url.URL) (context.Context, *http.Request, error) {
+	loginDetails, ok := ctx.Value(ctxKey("login")).(*creds.LoginDetails)
+	if !ok {
+		return ctx, nil, fmt.Errorf("no context value for 'login'")
+	}
 	form, err := page.NewFormFromDocument(doc, "#otp-form")
 	if err != nil {
 		return ctx, nil, errors.Wrap(err, "error extracting OTP form")
@@ -191,9 +196,16 @@ func (ac *Client) handleOTP(ctx context.Context, doc *goquery.Document, requestU
 			break
 		}
 	}
-
-	token := prompter.StringRequired("Enter passcode")
-	form.Values.Set("otp", token)
+	// Improved MFA token handling with retry capability
+	var mfaToken string
+	if loginDetails.MFAToken != "" {
+		mfaToken = loginDetails.MFAToken
+		// Clear the token to allow for retry on failure
+		loginDetails.MFAToken = ""
+	} else {
+		mfaToken = prompter.StringRequired("Enter passcode")
+	}
+	form.Values.Set("otp", mfaToken)
 	req, err := form.BuildRequest()
 	return ctx, req, err
 }
