Skip to content

Commit

Permalink
Resolve comment.
Browse files Browse the repository at this point in the history
  • Loading branch information
@Joerger
Joerger committed Nov 4, 2024
1 parent cc930f0 commit e18f9e3
Show file tree
Hide file tree
Showing 8 changed files with 26 additions and 30 deletions.
4 changes: 2 additions & 2 deletions lib/defaults/defaults.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -707,8 +707,8 @@ const (
// made for an existing file transfer request
WebsocketFileTransferDecision = "t"

// MFAChallenge is sending an MFA challenge. Only supports WebAuthn and SSO MFA.
MFAChallenge = "n"
// WebsocketMFAChallenge is sending an MFA challenge. Only supports WebAuthn and SSO MFA.
WebsocketMFAChallenge = "n"

// WebsocketSessionMetadata is sending the data for a ssh session.
WebsocketSessionMetadata = "s"
Expand Down
8 changes: 4 additions & 4 deletions lib/srv/desktop/tdp/proto.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -737,10 +737,10 @@ func DecodeMFA(in byteReader) (*MFA, error) {
}
s := string(mt)
switch s {
case defaults.MFAChallenge:
case defaults.WebsocketMFAChallenge:
default:
return nil, trace.BadParameter(
"got mfa type %v, expected %v (MFAChallenge)", mt, defaults.MFAChallenge)
"got mfa type %v, expected %v (MFAChallenge)", mt, defaults.WebsocketMFAChallenge)
}

var length uint32
Expand Down Expand Up @@ -780,10 +780,10 @@ func DecodeMFAChallenge(in byteReader) (*MFA, error) {
}
s := string(mt)
switch s {
case defaults.MFAChallenge:
case defaults.WebsocketMFAChallenge:
default:
return nil, trace.BadParameter(
"got mfa type %v, expected %v (MFAChallenge)", mt, defaults.MFAChallenge)
"got mfa type %v, expected %v (MFAChallenge)", mt, defaults.WebsocketMFAChallenge)
}

var length uint32
Expand Down
6 changes: 3 additions & 3 deletions lib/srv/desktop/tdp/proto_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ func TestEncodeDecode(t *testing.T) {
}

func FuzzDecode(f *testing.F) {
var corpus = []string{
corpus := []string{
"0",
"\x02",
"\x1b\xff\xff\x800",
Expand Down Expand Up @@ -125,7 +125,7 @@ func TestMFA(t *testing.T) {
c := NewConn(&fakeConn{Buffer: &buff})

mfaWant := &MFA{
Type: defaults.MFAChallenge[0],
Type: defaults.WebsocketMFAChallenge[0],
MFAAuthenticateChallenge: &client.MFAAuthenticateChallenge{
WebauthnChallenge: &wantypes.CredentialAssertion{
Response: wantypes.PublicKeyCredentialRequestOptions{
Expand Down Expand Up @@ -159,7 +159,7 @@ func TestMFA(t *testing.T) {
require.Equal(t, mfaWant, mfaGot)

respWant := &MFA{
Type: defaults.MFAChallenge[0],
Type: defaults.WebsocketMFAChallenge[0],
MFAAuthenticateResponse: &authproto.MFAAuthenticateResponse{
Response: &authproto.MFAAuthenticateResponse_Webauthn{
Webauthn: &wanpb.CredentialAssertionResponse{
Expand Down
14 changes: 5 additions & 9 deletions lib/web/apiserver_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2182,7 +2182,7 @@ func TestTerminalRequireSessionMFA(t *testing.T) {

envelope := &terminal.Envelope{
Version: defaults.WebsocketVersion,
Type: defaults.MFAChallenge,
Type: defaults.WebsocketMFAChallenge,
Payload: string(webauthnResBytes),
}
protoBytes, err := proto.Marshal(envelope)
Expand Down Expand Up @@ -2389,7 +2389,7 @@ func handleDesktopMFAWebauthnChallenge(t *testing.T, ws *websocket.Conn, dev *au
})
require.NoError(t, err)
err = tdpConn.WriteMessage(tdp.MFA{
Type: defaults.MFAChallenge[0],
Type: defaults.WebsocketMFAChallenge[0],
MFAAuthenticateResponse: &authproto.MFAAuthenticateResponse{
Response: &authproto.MFAAuthenticateResponse_Webauthn{
Webauthn: res.GetWebauthn(),
Expand Down Expand Up @@ -3093,7 +3093,6 @@ func TestPingSSHDialTimeout(t *testing.T) {

// Validate the timeout is the default value.
require.Equal(t, cnc.GetSSHDialTimeout(), out.Proxy.SSH.DialTimeout)

}

// TestConstructSSHResponse checks if the secret package uses AES-GCM to
Expand Down Expand Up @@ -4387,7 +4386,6 @@ func TestClusterKubeResourcesGet(t *testing.T) {
require.NoError(t, json.Unmarshal(re.Bytes(), &resp))
require.ElementsMatch(t, tc.expectedResponse, resp.Items)
}

})
}
}
Expand Down Expand Up @@ -4768,7 +4766,6 @@ func TestGetWebConfig_WithEntitlements(t *testing.T) {
assert.NoError(t, err)
diff := cmp.Diff(expectedCfg, cfg)
assert.Empty(t, diff)

}, time.Second*5, time.Millisecond*50)

// use mock client to assert that if ping returns an error, we'll default to
Expand Down Expand Up @@ -4806,7 +4803,6 @@ func TestGetWebConfig_WithEntitlements(t *testing.T) {
assert.NoError(t, err)
diff := cmp.Diff(expectedCfg, cfg)
assert.Empty(t, diff)

}, time.Second*5, time.Millisecond*50)
}

Expand Down Expand Up @@ -10063,7 +10059,7 @@ func TestModeratedSessionWithMFA(t *testing.T) {

envelope := &terminal.Envelope{
Version: defaults.WebsocketVersion,
Type: defaults.MFAChallenge,
Type: defaults.WebsocketMFAChallenge,
Payload: string(webauthnResBytes),
}
envelopeBytes, err := proto.Marshal(envelope)
Expand Down Expand Up @@ -10094,7 +10090,7 @@ func TestModeratedSessionWithMFA(t *testing.T) {

envelope := &terminal.Envelope{
Version: defaults.WebsocketVersion,
Type: defaults.MFAChallenge,
Type: defaults.WebsocketMFAChallenge,
Payload: string(webauthnResBytes),
}
envelopeBytes, err := proto.Marshal(envelope)
Expand Down Expand Up @@ -10132,7 +10128,7 @@ func TestModeratedSessionWithMFA(t *testing.T) {

envelope := &terminal.Envelope{
Version: defaults.WebsocketVersion,
Type: defaults.MFAChallenge,
Type: defaults.WebsocketMFAChallenge,
Payload: string(webauthnResBytes),
}
envelopeBytes, err := proto.Marshal(envelope)
Expand Down
4 changes: 2 additions & 2 deletions lib/web/desktop.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -379,7 +379,7 @@ func (h *Handler) performSessionMFACeremony(
&client.MFAAuthenticateChallenge{
WebauthnChallenge: wantypes.CredentialAssertionFromProto(chal.WebauthnChallenge),
},
defaults.MFAChallenge,
defaults.WebsocketMFAChallenge,
)
if err != nil {
return nil, trace.Wrap(err)
Expand Down Expand Up @@ -421,7 +421,7 @@ func (h *Handler) performSessionMFACeremony(
break
}

assertion, err := codec.DecodeResponse(buf, defaults.MFAChallenge)
assertion, err := codec.DecodeResponse(buf, defaults.WebsocketMFAChallenge)
if err != nil {
return nil, trace.Wrap(err)
}
Expand Down
8 changes: 4 additions & 4 deletions lib/web/fuzz_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,9 @@ func FuzzTdpMFACodecDecodeChallenge(f *testing.F) {
var normalBuf bytes.Buffer
var maxSizeBuf bytes.Buffer
// add initial bytes for protocol
_, err = normalBuf.Write([]byte{byte(tdp.TypeMFA), []byte(defaults.MFAChallenge)[0]})
_, err = normalBuf.Write([]byte{byte(tdp.TypeMFA), []byte(defaults.WebsocketMFAChallenge)[0]})
require.NoError(f, err)
_, err = maxSizeBuf.Write([]byte{byte(tdp.TypeMFA), []byte(defaults.MFAChallenge)[0]})
_, err = maxSizeBuf.Write([]byte{byte(tdp.TypeMFA), []byte(defaults.WebsocketMFAChallenge)[0]})
require.NoError(f, err)
// Write the length using BigEndian encoding
require.NoError(f, binary.Write(&normalBuf, binary.BigEndian, uint32(len(jsonData))))
Expand All @@ -84,9 +84,9 @@ func FuzzTdpMFACodecDecodeResponse(f *testing.F) {
var normalBuf bytes.Buffer
var maxSizeBuf bytes.Buffer
// add initial bytes for protocol
_, err := normalBuf.Write([]byte{byte(tdp.TypeMFA), []byte(defaults.MFAChallenge)[0]})
_, err := normalBuf.Write([]byte{byte(tdp.TypeMFA), []byte(defaults.WebsocketMFAChallenge)[0]})
require.NoError(f, err)
_, err = maxSizeBuf.Write([]byte{byte(tdp.TypeMFA), []byte(defaults.MFAChallenge)[0]})
_, err = maxSizeBuf.Write([]byte{byte(tdp.TypeMFA), []byte(defaults.WebsocketMFAChallenge)[0]})
require.NoError(f, err)
mfaData := []byte("fake-data")
// Write the length using BigEndian encoding
Expand Down
4 changes: 2 additions & 2 deletions lib/web/mfa_codec.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,10 +76,10 @@ type tdpMFACodec struct{}

func (tdpMFACodec) Encode(chal *client.MFAAuthenticateChallenge, envelopeType string) ([]byte, error) {
switch envelopeType {
case defaults.MFAChallenge:
case defaults.WebsocketMFAChallenge:
default:
return nil, trace.BadParameter(
"received envelope type %v, expected %v (MFAChallenge)", envelopeType, defaults.MFAChallenge)
"received envelope type %v, expected %v (MFAChallenge)", envelopeType, defaults.WebsocketMFAChallenge)
}

tdpMsg := tdp.MFA{
Expand Down
8 changes: 4 additions & 4 deletions lib/web/terminal/terminal.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ func (t *WSStream) processMessages(ctx context.Context) {
switch envelope.Type {
case defaults.WebsocketClose:
return
case defaults.MFAChallenge:
case defaults.WebsocketMFAChallenge:
select {
case <-ctx.Done():
return
Expand Down Expand Up @@ -223,7 +223,7 @@ type MFACodec interface {
// websocket in the correct format.
func (t *WSStream) WriteChallenge(challenge *client.MFAAuthenticateChallenge, codec MFACodec) error {
// Send the challenge over the socket.
msg, err := codec.Encode(challenge, defaults.MFAChallenge)
msg, err := codec.Encode(challenge, defaults.WebsocketMFAChallenge)
if err != nil {
return trace.Wrap(err)
}
Expand All @@ -238,7 +238,7 @@ func (t *WSStream) ReadChallengeResponse(codec MFACodec) (*authproto.MFAAuthenti
if !ok {
return nil, io.EOF
}
resp, err := codec.DecodeResponse([]byte(envelope.Payload), defaults.MFAChallenge)
resp, err := codec.DecodeResponse([]byte(envelope.Payload), defaults.WebsocketMFAChallenge)
return resp, trace.Wrap(err)
}

Expand All @@ -249,7 +249,7 @@ func (t *WSStream) ReadChallenge(codec MFACodec) (*authproto.MFAAuthenticateChal
if !ok {
return nil, io.EOF
}
challenge, err := codec.DecodeChallenge([]byte(envelope.Payload), defaults.MFAChallenge)
challenge, err := codec.DecodeChallenge([]byte(envelope.Payload), defaults.WebsocketMFAChallenge)
return challenge, trace.Wrap(err)
}

Expand Down

0 comments on commit e18f9e3

Please sign in to comment.