Fix failing tests.

gravitational · Oct 11, 2024 · 9bbd5af · 9bbd5af
1 parent b0d55c2
commit 9bbd5af
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 15 deletions.
diff --git a/lib/auth/usertoken.go b/lib/auth/usertoken.go
@@ -384,7 +384,7 @@ func (a *Server) CreatePrivilegeToken(ctx context.Context, req *proto.CreatePriv
 	// For a user to add a device, second factor must be enabled.
 	// A nil request will be interpreted as a user who has second factor enabled
 	// but does not have any MFA registered, as can be the case with second factor optional.
-	if !authPref.IsSecondFactorEnforced() {
+	if !authPref.IsSecondFactorEnabled() {
 		return nil, trace.AccessDenied("second factor must be enabled")
 	}
 

diff --git a/lib/web/apiserver_test.go b/lib/web/apiserver_test.go
@@ -4612,7 +4612,7 @@ func TestGetWebConfig_WithEntitlements(t *testing.T) {
 	const MOTD = "Welcome to cluster, your activity will be recorded."
 	ap, err := types.NewAuthPreference(types.AuthPreferenceSpecV2{
 		Type:          constants.Local,
-		SecondFactor:  constants.SecondFactorOptional,
+		SecondFactor:  constants.SecondFactorOn,
 		ConnectorName: constants.PasswordlessConnector,
 		Webauthn: &types.Webauthn{
 			RPID: "localhost",
@@ -4642,7 +4642,7 @@ func TestGetWebConfig_WithEntitlements(t *testing.T) {
 
 	expectedCfg := webclient.WebConfig{
 		Auth: webclient.WebConfigAuthSettings{
-			SecondFactor: constants.SecondFactorOptional,
+			SecondFactor: constants.SecondFactorOn,
 			Providers: []webclient.WebConfigAuthProvider{{
 				Name:      "test-github",
 				Type:      constants.Github,

diff --git a/tool/tctl/common/edit_command_test.go b/tool/tctl/common/edit_command_test.go
@@ -282,10 +282,7 @@ func testEditAuthPreference(t *testing.T, clt *authclient.Client) {
 		}
 
 		expected.SetRevision(initial.GetRevision())
-		expected.SetSecondFactors(
-			types.SecondFactorType_SECOND_FACTOR_TYPE_WEBAUTHN,
-			types.SecondFactorType_SECOND_FACTOR_TYPE_OTP,
-		)
+		expected.SetSecondFactors(types.SecondFactorType_SECOND_FACTOR_TYPE_OTP)
 
 		collection := &authPrefCollection{authPref: expected}
 		return trace.NewAggregate(writeYAML(collection, f), f.Close())

diff --git a/tool/tctl/common/resource_command_test.go b/tool/tctl/common/resource_command_test.go
@@ -1832,7 +1832,7 @@ func testCreateAuthPreference(t *testing.T, clt *authclient.Client) {
 metadata:
   name: cluster-auth-preference
 spec:
-  second_factors: [otp]
+  second_factors: [otp, sso]
   type: local
 version: v2
 `
@@ -1849,17 +1849,18 @@ version: v2
 	cap = mustDecodeJSON[[]*types.AuthPreferenceV2](t, buf)
 	require.Len(t, cap, 1)
 
-	expectSecondFactors := []types.SecondFactorType{types.SecondFactorType_SECOND_FACTOR_TYPE_OTP}
+	expectInitialSecondFactors := []types.SecondFactorType{types.SecondFactorType_SECOND_FACTOR_TYPE_OTP} // second factors defaults to [otp]
+	require.Equal(t, expectInitialSecondFactors, initial.GetSecondFactors())
 
-	var expected types.AuthPreferenceV2
-	require.NoError(t, yaml.Unmarshal([]byte(capYAML), &expected))
-	require.NotEqual(t, expectSecondFactors, initial.GetSecondFactors())
-	require.Equal(t, expectSecondFactors, expected.GetSecondFactors())
+	var revised types.AuthPreferenceV2
+	require.NoError(t, yaml.Unmarshal([]byte(capYAML), &revised))
+	expectRevisedSecondFactors := []types.SecondFactorType{types.SecondFactorType_SECOND_FACTOR_TYPE_OTP, types.SecondFactorType_SECOND_FACTOR_TYPE_SSO}
+	require.Equal(t, expectRevisedSecondFactors, revised.GetSecondFactors())
 
 	// Explicitly change the revision and try creating the cap with and without
 	// the force flag.
-	expected.SetRevision(uuid.NewString())
-	raw, err := services.MarshalAuthPreference(&expected, services.PreserveRevision())
+	revised.SetRevision(uuid.NewString())
+	raw, err := services.MarshalAuthPreference(&revised, services.PreserveRevision())
 	require.NoError(t, err)
 	require.NoError(t, os.WriteFile(capYAMLPath, raw, 0644))