Find MFA options by action URL

[Nuru]

• Fixes Cannot login: MFA stopped working, then took wrong choice #201 except for No attempt to use U2F Security Key #202. Partial fix for Problems with Google Prompts #200 (now will not offer Google Prompt as an option if it uses the unsupported API).

• Scans the selectchallenge response page for form action URLs we know how to handle and offers those as a choice of MFA options.

• Does not fix No attempt to use U2F Security Key #202 failure to use YubiKey (Google now thinks the browser does not support a U2F key, so it is not offered as an option).

• Does not implement Google Prompt dp style, but restores proper function of Google Prompt az style.

• Backup codes remain unsupported (though they should be easy to implement).

• Adds --save-saml-flow option to save all requests and responses prior to receiving the SAML assertion for troubleshooting.

[coveralls]

Coverage decreased (-1.6%) to 45.89% when pulling c22f5af on cloudposse:mfa into d473d67 on cevoaustralia:master.

[andreaso]

Currently looking into catching /signin/challenge/skotp/ to cover the https://g.co/sc security key fallback.

Something which belongs in this PR/branch, or rather something we should try to get merged later separately?

[Nuru]

@stevemac007 can you review and approve this PR, or bring this to the attention of someone who can?

[forsberg]

@andreaso - if I understand you correctly, you're trying to fix #202, correct?

My five cents is that what we have here should be merged ASAP as it adds stability (I can now login using TOTP, on master it's quite erratic), while getting back the Yubikey/U2F functionality would be nice but can be handled in a separate PR.

[andreaso]

Hej Erik!

Well, at least I'm trying to work-around the #202 issue, with the https://g.co/sc one-time security codes being a viable option even when TOTP, etc is disabled for your G-Suite account.

I do have something crude working under https://github.com/andreaso/aws-google-auth/tree/wip/skotp-support, which is based on this PR.

But yeah, let's get this PR merged first, while I get some further testing/improvement on my patch internally.

[gageorsburn]

Is this going to go in?

[stevemac007]

Apols for the radio silence - 2020 was a crazy year for us all - I've got this ready to ship in the release shortly and will do work to triage the remaining outstanding issues and pr's over the coming days.