Skip to content

fix: Correctly handle passwordless in MFA audit events#40607

Merged
codingllama merged 3 commits intomasterfrom
codingllama/pwdless-audit
Apr 17, 2024
Merged

fix: Correctly handle passwordless in MFA audit events#40607
codingllama merged 3 commits intomasterfrom
codingllama/pwdless-audit

Conversation

@codingllama
Copy link
Copy Markdown
Contributor

@codingllama codingllama commented Apr 16, 2024

Do the following fixes:

  • Correctly render "mfa_auth_challenge.create" events without an user
  • Record the passwordless user in "mfa_auth_challenge.validate" events

Fixes #37826.

Changelog: Handle passwordless in MFA audit events

@github-actions github-actions Bot requested review from ravicious and rudream April 16, 2024 22:09
@codingllama
Copy link
Copy Markdown
Contributor Author

codingllama commented Apr 16, 2024

I think we just missed the passwordless corner-cases on #36953. FYI @Joerger.

codingllama
codingllama commented Apr 16, 2024
View reviewed changes
Comment thread lib/auth/auth.go
clusterName = cn.GetClusterName()
}

// Take the user from the authData if the user param is empty.
Copy link
Copy Markdown
Contributor Author

@codingllama codingllama Apr 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code here is mainly a move from below, minus the user == "" logic you see here.

Copy link
Copy Markdown
Contributor Author

@codingllama codingllama Apr 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I opted for an "internal" func so we avoid shenanigans with defers reading named return variables, which can be harder to maintain over time.

@codingllama
Copy link
Copy Markdown
Contributor Author

codingllama commented Apr 17, 2024

Thanks for the quick reviews!

@codingllama codingllama added this pull request to the merge queue Apr 17, 2024
Merged via the queue into master with commit cfc3558 Apr 17, 2024
@codingllama codingllama deleted the codingllama/pwdless-audit branch April 17, 2024 13:36
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Apr 17, 2024

@codingllama See the table below for backport results.

Branch Result
branch/v15 Failed

codingllama added a commit that referenced this pull request Apr 17, 2024
@codingllama
fix: Correctly handle passwordless in MFA audit events (#40607)
7ce8dae 
* Record passwordless username in the mfa_auth_challenge.validate event

* Correctly render mfa_auth_challenge.create events without an user

* Update snapshots
@codingllama codingllama mentioned this pull request Apr 17, 2024
Merged
github-merge-queue Bot pushed a commit that referenced this pull request Apr 17, 2024
@codingllama
[v15] fix: Correctly handle passwordless in MFA audit events (#40617)
cbfa62c 
* fix: Correctly handle passwordless in MFA audit events (#40607)

* Record passwordless username in the mfa_auth_challenge.validate event

* Correctly render mfa_auth_challenge.create events without an user

* Update snapshots

* Update snapshots
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zmb3 zmb3 zmb3 approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees

No one assigned

Labels

size/md ui

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Passwordless audit events display undefined user

3 participants

@codingllama @zmb3 @rosstimothy