Skip to content

[v13] always require MFA when joining a session if at least one role requires session MFA#39816

Merged
capnspacehook merged 2 commits intobranch/v13from
capnspacehook/backport/v13/39602
Mar 26, 2024
Merged

[v13] always require MFA when joining a session if at least one role requires session MFA#39816
capnspacehook merged 2 commits intobranch/v13from
capnspacehook/backport/v13/39602

Conversation

@capnspacehook
Copy link
Copy Markdown
Contributor

@capnspacehook capnspacehook commented Mar 25, 2024

Backport of #39602.

Note that the unit test had to be reworked a bit to call IsMFARequired instead of CreateAuthenticateChallenge, because in v13 CreateAuthenticateChallengeRequest doesn't have a MFARequiredCheck field.

changelog: fix MFA checks not being prompted when joining a session

@capnspacehook
always require MFA when joining a session if at least one role requir…
3a4a09f 
…es session MFA

* extend role 'join_sessions' so MFA can be required at the role level when joining sessions

* add test cases

* update operator CRDs

* remove change to 'join_sessions', instead require MFA if any roles require it

* add comment

* address feedback

* add additional test cases

* add authhandler test

* fix role from test case not getting used in test
codingllama
codingllama reviewed Mar 26, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@codingllama codingllama left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as v14.

Comment thread lib/auth/auth_login_test.go Outdated
Comment thread lib/auth/auth_login_test.go Outdated
capnspacehook
capnspacehook commented Mar 26, 2024
View reviewed changes
Comment thread lib/srv/authhandlers_test.go
@capnspacehook capnspacehook enabled auto-merge March 26, 2024 17:43
@capnspacehook capnspacehook added this pull request to the merge queue Mar 26, 2024
Merged via the queue into branch/v13 with commit 067d6a0 Mar 26, 2024
@capnspacehook capnspacehook deleted the capnspacehook/backport/v13/39602 branch March 26, 2024 21:56
tcsc added a commit that referenced this pull request Mar 27, 2024
@tcsc
Release 13.4.21
def729d 
* Fixed possible phishing links which could result in code execution with install and join scripts. [#39839](#39839)
* Fixed MFA checks not being prompted when joining a session. [#39816](#39816)
* Fixed broken SSO login landing page on certain versions of Google Chrome. [#39721](#39721)
* Updated Electron to v29 in Teleport Connect. [#39659](#39659)
* Fixed a bug in the discovery script failing when `jq` was not installed. [#39601](#39601)
@tcsc tcsc mentioned this pull request Mar 27, 2024
Merged
github-merge-queue Bot pushed a commit that referenced this pull request Mar 28, 2024
@tcsc
Release 13.4.21 (#39937)
1239717 
* Fixed possible phishing links which could result in code execution with install and join scripts. [#39839](#39839)
* Fixed MFA checks not being prompted when joining a session. [#39816](#39816)
* Fixed broken SSO login landing page on certain versions of Google Chrome. [#39721](#39721)
* Updated Electron to v29 in Teleport Connect. [#39659](#39659)
* Fixed a bug in the discovery script failing when `jq` was not installed. [#39601](#39601)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Joerger Joerger Joerger left review comments

@codingllama codingllama codingllama approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees

No one assigned

Labels

backport size/md

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@capnspacehook @codingllama @Joerger @rosstimothy