Move SSOSessionData to a more fitting package.

gravitational · Oct 29, 2024 · 8651a04 · 8651a04
1 parent 1854581
commit 8651a04
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 14 deletions.
diff --git a/lib/services/sso_mfa.go → lib/auth/mfa/session.go b/lib/services/sso_mfa.go → lib/auth/mfa/session.go
@@ -16,11 +16,11 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-package services
+package mfa
 
 import mfav1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/mfa/v1"
 
-// SSOMFASessionData SSO MFA Session data.
+// SSOMFASessionData is SSO MFA Session data.
 type SSOMFASessionData struct {
 	// RequestID is the ID of the corresponding SSO Auth request, which is used to
 	// identity this session.
@@ -38,7 +38,10 @@ type SSOMFASessionData struct {
 }
 
 // ChallengeExtensions is a json struct for [mfav1.ChallengeExtensions].
+//
+// The UserVerificationRequirement field from [mfav1.ChallengeExtensions]
+// has been omitted as it's only relevant to WebAuthn/Passwordless.
 type ChallengeExtensions struct {
-	Scope      mfav1.ChallengeScope      `json:"scope,omitempty"`
+	Scope      mfav1.ChallengeScope      `json:"scope"`
 	AllowReuse mfav1.ChallengeAllowReuse `json:"allow_reuse,omitempty"`
 }
diff --git a/lib/auth/sso_mfa.go b/lib/auth/sso_mfa.go
@@ -26,9 +26,9 @@ import (
 	"github.com/gravitational/teleport/api/constants"
 	mfav1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/mfa/v1"
 	"github.com/gravitational/teleport/api/types"
+	"github.com/gravitational/teleport/lib/auth/mfa"
 	"github.com/gravitational/teleport/lib/authz"
 	"github.com/gravitational/teleport/lib/defaults"
-	"github.com/gravitational/teleport/lib/services"
 	"github.com/gravitational/teleport/lib/utils"
 )
 
@@ -136,12 +136,12 @@ func (a *Server) verifySSOMFASession(ctx context.Context, username, sessionID, t
 // upsertSSOMFASession upserts a new unverified SSO MFA session for the given username,
 // sessionID, connector details, and challenge extensions.
 func (a *Server) upsertSSOMFASession(ctx context.Context, user string, sessionID string, connectorID string, connectorType string, ext *mfav1.ChallengeExtensions) error {
-	err := a.UpsertSSOMFASessionData(ctx, &services.SSOMFASessionData{
+	err := a.UpsertSSOMFASessionData(ctx, &mfa.SSOMFASessionData{
 		Username:      user,
 		RequestID:     sessionID,
 		ConnectorID:   connectorID,
 		ConnectorType: connectorType,
-		ChallengeExtensions: &services.ChallengeExtensions{
+		ChallengeExtensions: &mfa.ChallengeExtensions{
 			Scope:      ext.Scope,
 			AllowReuse: ext.AllowReuse,
 		},
@@ -150,7 +150,7 @@ func (a *Server) upsertSSOMFASession(ctx context.Context, user string, sessionID
 }
 
 // UpsertSSOMFASessionWithToken upserts the given SSO MFA session with a random mfa token.
-func (a *Server) UpsertSSOMFASessionWithToken(ctx context.Context, sd *services.SSOMFASessionData) (token string, err error) {
+func (a *Server) UpsertSSOMFASessionWithToken(ctx context.Context, sd *mfa.SSOMFASessionData) (token string, err error) {
 	sd.Token, err = utils.CryptoRandomHex(defaults.TokenLenBytes)
 	if err != nil {
 		return "", trace.Wrap(err)
@@ -164,7 +164,7 @@ func (a *Server) UpsertSSOMFASessionWithToken(ctx context.Context, sd *services.
 }
 
 // GetSSOMFASession returns the SSO MFA session for the given username and sessionID.
-func (a *Server) GetSSOMFASession(ctx context.Context, sessionID string) (*services.SSOMFASessionData, error) {
+func (a *Server) GetSSOMFASession(ctx context.Context, sessionID string) (*mfa.SSOMFASessionData, error) {
 	sd, err := a.GetSSOMFASessionData(ctx, sessionID)
 	if err != nil {
 		return nil, trace.Wrap(err)

diff --git a/lib/services/identity.go b/lib/services/identity.go
@@ -34,6 +34,7 @@ import (
 	userspb "github.com/gravitational/teleport/api/gen/proto/go/teleport/users/v1"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/utils/keys"
+	"github.com/gravitational/teleport/lib/auth/mfa"
 	wantypes "github.com/gravitational/teleport/lib/auth/webauthntypes"
 	"github.com/gravitational/teleport/lib/defaults"
 )
@@ -249,10 +250,10 @@ type Identity interface {
 	// UpsertSSOMFASessionData creates or updates SSO MFA session data in
 	// storage, for the purpose of later verifying an MFA authentication attempt.
 	// SSO MFA session data is expected to expire according to backend settings.
-	UpsertSSOMFASessionData(ctx context.Context, sd *SSOMFASessionData) error
+	UpsertSSOMFASessionData(ctx context.Context, sd *mfa.SSOMFASessionData) error
 
 	// GetSSOMFASessionData retrieves SSO MFA session data by ID.
-	GetSSOMFASessionData(ctx context.Context, sessionID string) (*SSOMFASessionData, error)
+	GetSSOMFASessionData(ctx context.Context, sessionID string) (*mfa.SSOMFASessionData, error)
 
 	// DeleteSSOMFASessionData deletes SSO MFA session data by ID.
 	DeleteSSOMFASessionData(ctx context.Context, sessionID string) error

diff --git a/lib/services/local/users.go b/lib/services/local/users.go
@@ -48,6 +48,7 @@ import (
 	"github.com/gravitational/teleport/api/internalutils/stream"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/utils/keys"
+	"github.com/gravitational/teleport/lib/auth/mfa"
 	wantypes "github.com/gravitational/teleport/lib/auth/webauthntypes"
 	"github.com/gravitational/teleport/lib/backend"
 	"github.com/gravitational/teleport/lib/defaults"
@@ -1884,7 +1885,7 @@ func (s *IdentityService) GetSSODiagnosticInfo(ctx context.Context, authKind str
 	return &req, nil
 }
 
-func (s *IdentityService) UpsertSSOMFASessionData(ctx context.Context, sd *services.SSOMFASessionData) error {
+func (s *IdentityService) UpsertSSOMFASessionData(ctx context.Context, sd *mfa.SSOMFASessionData) error {
 	switch {
 	case sd == nil:
 		return trace.BadParameter("missing parameter sd")
@@ -1910,7 +1911,7 @@ func (s *IdentityService) UpsertSSOMFASessionData(ctx context.Context, sd *servi
 	return trace.Wrap(err)
 }
 
-func (s *IdentityService) GetSSOMFASessionData(ctx context.Context, sessionID string) (*services.SSOMFASessionData, error) {
+func (s *IdentityService) GetSSOMFASessionData(ctx context.Context, sessionID string) (*mfa.SSOMFASessionData, error) {
 	if sessionID == "" {
 		return nil, trace.BadParameter("missing parameter sessionID")
 	}
@@ -1919,7 +1920,7 @@ func (s *IdentityService) GetSSOMFASessionData(ctx context.Context, sessionID st
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
-	sd := &services.SSOMFASessionData{}
+	sd := &mfa.SSOMFASessionData{}
 	return sd, trace.Wrap(json.Unmarshal(item.Value, sd))
 }
 

diff --git a/lib/services/local/users_test.go b/lib/services/local/users_test.go
@@ -45,6 +45,7 @@ import (
 	userspb "github.com/gravitational/teleport/api/gen/proto/go/teleport/users/v1"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/utils/keys"
+	"github.com/gravitational/teleport/lib/auth/mfa"
 	wantypes "github.com/gravitational/teleport/lib/auth/webauthntypes"
 	"github.com/gravitational/teleport/lib/backend"
 	"github.com/gravitational/teleport/lib/backend/memory"
@@ -1748,7 +1749,7 @@ func TestIdentityService_SSOMFASessionDataCRUD(t *testing.T) {
 	identity := newIdentityService(t, clockwork.NewFakeClock())
 
 	// Verify create.
-	sd := &services.SSOMFASessionData{
+	sd := &mfa.SSOMFASessionData{
 		RequestID:     "request",
 		Username:      "alice",
 		ConnectorID:   "saml",