Add DeviceAuthenticateConfirm event and code constants

lib/events/api.go

@@ -643,6 +643,11 @@ const (
 	// Tokens are spent in exchange for a single on-behalf-of device
 	// authentication attempt.
 	DeviceWebTokenCreateEvent = "device.webtoken.create"
+	// DeviceAuthenticateConfirmEvent is emitted when a device web authentication
+	// attempt is confirmed (via the ConfirmDeviceWebAuthentication RPC).
+	// A confirmed web authentication means the WebSession itself now holds
+	// augmented TLS and SSH certificates.
+	DeviceAuthenticateConfirmEvent = "device.authenticate.confirm"
 
 	// BotJoinEvent is emitted when a bot joins
 	BotJoinEvent = "bot.join"

lib/events/codes.go

@@ -466,6 +466,8 @@ const (
 	DeviceUpdateCode = "TV007I"
 	// DeviceWebTokenCreateCode is the device web token creation code.
 	DeviceWebTokenCreateCode = "TV008I"
+	// DeviceAuthenticateConfirmCode is the device authentication confirm code.
+	DeviceAuthenticateConfirmCode = "TV009I"
 
 	// LoginRuleCreateCode is the login rule create code.
 	LoginRuleCreateCode = "TLR00I"

lib/events/dynamic.go

@@ -251,7 +251,8 @@ func FromEventFields(fields EventFields) (events.AuditEvent, error) {
 		DeviceEnrollEvent,
 		DeviceAuthenticateEvent,
 		DeviceEnrollTokenCreateEvent,
-		DeviceWebTokenCreateEvent:
+		DeviceWebTokenCreateEvent,
+		DeviceAuthenticateConfirmEvent:
 		e = &events.DeviceEvent2{}
 	case LockCreatedEvent:
 		e = &events.LockCreate{}

web/packages/teleport/src/Audit/EventList/EventTypeCell.tsx

@@ -200,6 +200,7 @@ const EventIconMap: Record<EventCode, any> = {
   [eventCodes.DEVICE_ENROLL_TOKEN_SPENT]: Icons.Info,
   [eventCodes.DEVICE_UPDATE]: Icons.Info,
   [eventCodes.DEVICE_WEB_TOKEN_CREATE]: Icons.Info,
+  [eventCodes.DEVICE_AUTHENTICATE_CONFIRM]: Icons.Info,
   [eventCodes.MFA_DEVICE_ADD]: Icons.Info,
   [eventCodes.MFA_DEVICE_DELETE]: Icons.Info,
   [eventCodes.BILLING_CARD_CREATE]: Icons.CreditCard,

web/packages/teleport/src/Audit/__snapshots__/Audit.story.test.tsx.snap

@@ -406,12 +406,12 @@ exports[`list of all events 1`] = `
         </strong>
          - 
         <strong>
-          234
+          237
         </strong>
          of
 
         <strong>
-          234
+          237
         </strong>
       </div>
       <button
@@ -537,6 +537,168 @@ exports[`list of all events 1`] = `
       </tr>
     </thead>
     <tbody>
+      <tr>
+        <td
+          style="vertical-align: inherit;"
+        >
+          <div
+            class="c18"
+          >
+            <span
+              class="c19 icon icon-info"
+            >
+              <svg
+                fill="currentColor"
+                height="20"
+                viewBox="0 0 24 24"
+                width="20"
+              >
+                <path
+                  d="M11.625 8.8125C12.1428 8.8125 12.5625 8.39277 12.5625 7.875C12.5625 7.35723 12.1428 6.9375 11.625 6.9375C11.1072 6.9375 10.6875 7.35723 10.6875 7.875C10.6875 8.39277 11.1072 8.8125 11.625 8.8125Z"
+                />
+                <path
+                  d="M10.5 11.25C10.5 10.8358 10.8358 10.5 11.25 10.5C11.6478 10.5 12.0294 10.658 12.3107 10.9393C12.592 11.2206 12.75 11.6022 12.75 12V15.75C13.1642 15.75 13.5 16.0858 13.5 16.5C13.5 16.9142 13.1642 17.25 12.75 17.25C12.3522 17.25 11.9706 17.092 11.6893 16.8107C11.408 16.5294 11.25 16.1478 11.25 15.75V12C10.8358 12 10.5 11.6642 10.5 11.25Z"
+                />
+                <path
+                  clip-rule="evenodd"
+                  d="M12 2.25C6.61522 2.25 2.25 6.61522 2.25 12C2.25 17.3848 6.61522 21.75 12 21.75C17.3848 21.75 21.75 17.3848 21.75 12C21.75 6.61522 17.3848 2.25 12 2.25ZM3.75 12C3.75 7.44365 7.44365 3.75 12 3.75C16.5563 3.75 20.25 7.44365 20.25 12C20.25 16.5563 16.5563 20.25 12 20.25C7.44365 20.25 3.75 16.5563 3.75 12Z"
+                  fill-rule="evenodd"
+                />
+              </svg>
+            </span>
+            Device Web Authentication Confirmed
+          </div>
+        </td>
+        <td
+          style="word-break: break-word;"
+        >
+          User [llama] has confirmed device web authentication
+        </td>
+        <td
+          style="min-width: 120px;"
+        >
+          2024-04-08T19:36:48.1Z
+        </td>
+        <td
+          align="right"
+        >
+          <button
+            class="c20"
+            kind="border"
+            width="87px"
+          >
+            Details
+          </button>
+        </td>
+      </tr>
+      <tr>
+        <td
+          style="vertical-align: inherit;"
+        >
+          <div
+            class="c18"
+          >
+            <span
+              class="c19 icon icon-info"
+            >
+              <svg
+                fill="currentColor"
+                height="20"
+                viewBox="0 0 24 24"
+                width="20"
+              >
+                <path
+                  d="M11.625 8.8125C12.1428 8.8125 12.5625 8.39277 12.5625 7.875C12.5625 7.35723 12.1428 6.9375 11.625 6.9375C11.1072 6.9375 10.6875 7.35723 10.6875 7.875C10.6875 8.39277 11.1072 8.8125 11.625 8.8125Z"
+                />
+                <path
+                  d="M10.5 11.25C10.5 10.8358 10.8358 10.5 11.25 10.5C11.6478 10.5 12.0294 10.658 12.3107 10.9393C12.592 11.2206 12.75 11.6022 12.75 12V15.75C13.1642 15.75 13.5 16.0858 13.5 16.5C13.5 16.9142 13.1642 17.25 12.75 17.25C12.3522 17.25 11.9706 17.092 11.6893 16.8107C11.408 16.5294 11.25 16.1478 11.25 15.75V12C10.8358 12 10.5 11.6642 10.5 11.25Z"
+                />
+                <path
+                  clip-rule="evenodd"
+                  d="M12 2.25C6.61522 2.25 2.25 6.61522 2.25 12C2.25 17.3848 6.61522 21.75 12 21.75C17.3848 21.75 21.75 17.3848 21.75 12C21.75 6.61522 17.3848 2.25 12 2.25ZM3.75 12C3.75 7.44365 7.44365 3.75 12 3.75C16.5563 3.75 20.25 7.44365 20.25 12C20.25 16.5563 16.5563 20.25 12 20.25C7.44365 20.25 3.75 16.5563 3.75 12Z"
+                  fill-rule="evenodd"
+                />
+              </svg>
+            </span>
+            Device Web Authentication Confirmed
+          </div>
+        </td>
+        <td
+          style="word-break: break-word;"
+        >
+          User [llama] has failed to confirm device web authentication
+        </td>
+        <td
+          style="min-width: 120px;"
+        >
+          2024-04-08T19:35:48.1Z
+        </td>
+        <td
+          align="right"
+        >
+          <button
+            class="c20"
+            kind="border"
+            width="87px"
+          >
+            Details
+          </button>
+        </td>
+      </tr>
+      <tr>
+        <td
+          style="vertical-align: inherit;"
+        >
+          <div
+            class="c18"
+          >
+            <span
+              class="c19 icon icon-info"
+            >
+              <svg
+                fill="currentColor"
+                height="20"
+                viewBox="0 0 24 24"
+                width="20"
+              >
+                <path
+                  d="M11.625 8.8125C12.1428 8.8125 12.5625 8.39277 12.5625 7.875C12.5625 7.35723 12.1428 6.9375 11.625 6.9375C11.1072 6.9375 10.6875 7.35723 10.6875 7.875C10.6875 8.39277 11.1072 8.8125 11.625 8.8125Z"
+                />
+                <path
+                  d="M10.5 11.25C10.5 10.8358 10.8358 10.5 11.25 10.5C11.6478 10.5 12.0294 10.658 12.3107 10.9393C12.592 11.2206 12.75 11.6022 12.75 12V15.75C13.1642 15.75 13.5 16.0858 13.5 16.5C13.5 16.9142 13.1642 17.25 12.75 17.25C12.3522 17.25 11.9706 17.092 11.6893 16.8107C11.408 16.5294 11.25 16.1478 11.25 15.75V12C10.8358 12 10.5 11.6642 10.5 11.25Z"
+                />
+                <path
+                  clip-rule="evenodd"
+                  d="M12 2.25C6.61522 2.25 2.25 6.61522 2.25 12C2.25 17.3848 6.61522 21.75 12 21.75C17.3848 21.75 21.75 17.3848 21.75 12C21.75 6.61522 17.3848 2.25 12 2.25ZM3.75 12C3.75 7.44365 7.44365 3.75 12 3.75C16.5563 3.75 20.25 7.44365 20.25 12C20.25 16.5563 16.5563 20.25 12 20.25C7.44365 20.25 3.75 16.5563 3.75 12Z"
+                  fill-rule="evenodd"
+                />
+              </svg>
+            </span>
+            Device Authenticated
+          </div>
+        </td>
+        <td
+          style="word-break: break-word;"
+        >
+          User [llama] has successfully authenticated their device
+        </td>
+        <td
+          style="min-width: 120px;"
+        >
+          2024-04-08T19:34:48.1Z
+        </td>
+        <td
+          align="right"
+        >
+          <button
+            class="c20"
+            kind="border"
+            width="87px"
+          >
+            Details
+          </button>
+        </td>
+      </tr>
       <tr>
         <td
           style="vertical-align: inherit;"

web/packages/teleport/src/Audit/fixtures/index.ts

@@ -3005,6 +3005,53 @@ export const events = [
     user: 'llama',
     user_kind: 1,
   },
+  {
+    cluster_name: 'im-a-cluster-name',
+    code: 'TV006I',
+    device: {
+      device_id: 'f84f6b35-6226-4e73-8205-3bcbd7d12970',
+      web_authentication: true,
+      web_session_id: 'my-session-id-12345',
+    },
+    ei: 0,
+    event: 'device.authenticate',
+    success: true,
+    time: '2024-04-08T19:34:48.1Z',
+    uid: 'fa279611-91d8-47b5-9fad-b8ea3e5286e0',
+    user: 'llama',
+  },
+  {
+    cluster_name: 'im-a-cluster-name',
+    code: 'TV009I',
+    device: {
+      device_id: 'f84f6b35-6226-4e73-8205-3bcbd7d12970',
+      web_authentication: true,
+      web_session_id: 'my-session-id-12345',
+    },
+    ei: 0,
+    event: 'device.authenticate.confirm',
+    success: false,
+    time: '2024-04-08T19:35:48.1Z',
+    uid: 'b1361d51-70fa-4f1b-803c-a252c2877707',
+    user: 'llama',
+    user_kind: 1,
+  },
+  {
+    cluster_name: 'im-a-cluster-name',
+    code: 'TV009I',
+    device: {
+      device_id: 'f84f6b35-6226-4e73-8205-3bcbd7d12970',
+      web_authentication: true,
+      web_session_id: 'my-session-id-12345',
+    },
+    ei: 0,
+    event: 'device.authenticate.confirm',
+    success: true,
+    time: '2024-04-08T19:36:48.1Z',
+    uid: 'b1361d51-70fa-4f1b-803c-a252c2877707',
+    user: 'llama',
+    user_kind: 1,
+  },
   {
     cluster_name: 'im-a-cluster-name',
     code: 'TLR00I',

web/packages/teleport/src/services/audit/makeEvent.ts

@@ -1403,6 +1403,14 @@ export const formatters: Formatters = {
         ? `User [${user}] has issued a device web token`
         : `User [${user}] has failed to issue a device web token`,
   },
+  [eventCodes.DEVICE_AUTHENTICATE_CONFIRM]: {
+    type: 'device.authenticate.confirm',
+    desc: 'Device Web Authentication Confirmed',
+    format: ({ user, status, success }) =>
+      success || (status && status.success)
+        ? `User [${user}] has confirmed device web authentication`
+        : `User [${user}] has failed to confirm device web authentication`,
+  },
   [eventCodes.X11_FORWARD]: {
     type: 'x11-forward',
     desc: 'X11 Forwarding Requested',

web/packages/teleport/src/services/audit/types.ts

@@ -125,6 +125,7 @@ export const eventCodes = {
   DEVICE_AUTHENTICATE: 'TV006I',
   DEVICE_UPDATE: 'TV007I',
   DEVICE_WEB_TOKEN_CREATE: 'TV008I',
+  DEVICE_AUTHENTICATE_CONFIRM: 'TV009I',
   EXEC_FAILURE: 'T3002E',
   EXEC: 'T3002I',
   GITHUB_CONNECTOR_CREATED: 'T8000I',
@@ -1248,6 +1249,9 @@ export type RawEvents = {
   [eventCodes.DEVICE_WEB_TOKEN_CREATE]: RawDeviceEvent<
     typeof eventCodes.DEVICE_WEB_TOKEN_CREATE
   >;
+  [eventCodes.DEVICE_AUTHENTICATE_CONFIRM]: RawDeviceEvent<
+    typeof eventCodes.DEVICE_AUTHENTICATE_CONFIRM
+  >;
   [eventCodes.UNKNOWN]: RawEvent<
     typeof eventCodes.UNKNOWN,
     {