Use more descriptive session mode names

Session mode PASSWD is ambiguous, because authentication includes password authentication. CHANGE_PASSWORD should be clearer. This also changes session mode AUTH to AUTHENTICATE so that we use a verb (which describes the purpose of the session) for both session modes.
ubuntu · Jan 17, 2025 · f213b36 · f213b36
1 parent aba1e3c
commit f213b36
Show file tree

Hide file tree

Showing 12 changed files with 111 additions and 110 deletions.
diff --git a/examplebroker/broker.go b/examplebroker/broker.go
@@ -308,7 +308,7 @@ func (b *Broker) NewSession(ctx context.Context, username, lang, mode string) (s
 		return "", "", fmt.Errorf("user %q does not exist", username)
 	}
 
-	if info.sessionMode == auth.SessionModePasswd {
+	if info.sessionMode == auth.SessionModeChangePassword {
 		info.neededAuthSteps++
 		info.pwdChange = mustReset
 	}

diff --git a/internal/brokers/auth/consts.go b/internal/brokers/auth/consts.go
@@ -18,8 +18,8 @@ const (
 var Replies = []string{Granted, Denied, Cancelled, Retry, Next}
 
 const (
-	// SessionModeAuth is the name of the authentication session.
-	SessionModeAuth = "auth"
-	// SessionModePasswd is the name of the passwd session.
-	SessionModePasswd = "passwd"
+	// SessionModeAuthenticate is used when the session is for user authentication.
+	SessionModeAuthenticate = "auth"
+	// SessionModeChangePassword is used when the session is for changing the user password.
+	SessionModeChangePassword = "passwd"
 )
diff --git a/internal/brokers/manager_test.go b/internal/brokers/manager_test.go
@@ -181,7 +181,7 @@ func TestNewSession(t *testing.T) {
 		wantErr bool
 	}{
 		"Successfully start a new auth session":                    {username: "success"},
-		"Successfully start a new passwd session":                  {username: "success", sessionMode: auth.SessionModePasswd},
+		"Successfully start a new passwd session":                  {username: "success", sessionMode: auth.SessionModeChangePassword},
 		"Successfully start a new session with the correct broker": {username: "success", configuredBrokers: []string{t.Name() + "_Broker1.conf", t.Name() + "_Broker2.conf"}},
 
 		"Error when broker does not exist":           {brokerID: "does_not_exist", wantErr: true},

diff --git a/internal/proto/authd/authd.pb.go b/internal/proto/authd/authd.pb.go
diff --git a/internal/proto/authd/authd.proto b/internal/proto/authd/authd.proto
@@ -43,8 +43,8 @@ message StringResponse {
 
 enum SessionMode {
   UNDEFINED = 0;
-  AUTH = 1;
-  PASSWD = 2;
+  AUTHENTICATE = 1;
+  CHANGE_PASSWORD = 2;
 }
 
 message SBRequest {

diff --git a/internal/services/pam/pam.go b/internal/services/pam/pam.go
@@ -140,10 +140,10 @@ func (s Service) SelectBroker(ctx context.Context, req *authd.SBRequest) (resp *
 
 	var mode string
 	switch req.GetMode() {
-	case authd.SessionMode_AUTH:
-		mode = auth.SessionModeAuth
-	case authd.SessionMode_PASSWD:
-		mode = auth.SessionModePasswd
+	case authd.SessionMode_AUTHENTICATE:
+		mode = auth.SessionModeAuthenticate
+	case authd.SessionMode_CHANGE_PASSWORD:
+		mode = auth.SessionModeChangePassword
 	default:
 		return nil, status.Error(codes.InvalidArgument, "invalid session mode")
 	}

diff --git a/internal/services/pam/pam_test.go b/internal/services/pam/pam_test.go
@@ -197,8 +197,8 @@ func TestSelectBroker(t *testing.T) {
 
 		wantErr bool
 	}{
-		"Successfully select a broker and creates auth session":   {username: "success", sessionMode: auth.SessionModeAuth},
-		"Successfully select a broker and creates passwd session": {username: "success", sessionMode: auth.SessionModePasswd},
+		"Successfully select a broker and creates auth session":   {username: "success", sessionMode: auth.SessionModeAuthenticate},
+		"Successfully select a broker and creates passwd session": {username: "success", sessionMode: auth.SessionModeChangePassword},
 
 		"Error when not root":                             {username: "success", currentUserNotRoot: true, wantErr: true},
 		"Error when username is empty":                    {wantErr: true},
@@ -229,10 +229,10 @@ func TestSelectBroker(t *testing.T) {
 
 			var sessionMode authd.SessionMode
 			switch tc.sessionMode {
-			case auth.SessionModeAuth, "":
-				sessionMode = authd.SessionMode_AUTH
-			case auth.SessionModePasswd:
-				sessionMode = authd.SessionMode_PASSWD
+			case auth.SessionModeAuthenticate, "":
+				sessionMode = authd.SessionMode_AUTHENTICATE
+			case auth.SessionModeChangePassword:
+				sessionMode = authd.SessionMode_CHANGE_PASSWORD
 			case "-":
 				sessionMode = authd.SessionMode_UNDEFINED
 			}
@@ -571,7 +571,7 @@ func TestIDGeneration(t *testing.T) {
 			sbResp, err := client.SelectBroker(context.Background(), &authd.SBRequest{
 				BrokerId: mockBrokerGeneratedID,
 				Username: usernamePrefix + testutils.IDSeparator + tc.username,
-				Mode:     authd.SessionMode_AUTH,
+				Mode:     authd.SessionMode_AUTHENTICATE,
 			})
 			require.NoError(t, err, "Setup: failed to create session for tests")
 
@@ -812,7 +812,7 @@ func startSession(t *testing.T, client authd.PAMClient, username string) string
 	sbResp, err := client.SelectBroker(context.Background(), &authd.SBRequest{
 		BrokerId: mockBrokerGeneratedID,
 		Username: username,
-		Mode:     authd.SessionMode_AUTH,
+		Mode:     authd.SessionMode_AUTHENTICATE,
 	})
 	require.NoError(t, err, "Setup: failed to create session for tests")
 	return sbResp.GetSessionId()

diff --git a/pam/integration-tests/cli_test.go b/pam/integration-tests/cli_test.go
@@ -219,7 +219,7 @@ func TestCLIAuthenticate(t *testing.T) {
 
 			localgroupstestutils.RequireGPasswdOutput(t, gpasswdOutput, golden.Path(t)+".gpasswd_out")
 
-			requireRunnerResultForUser(t, authd.SessionMode_AUTH, tc.clientOptions.PamUser, got)
+			requireRunnerResultForUser(t, authd.SessionMode_AUTHENTICATE, tc.clientOptions.PamUser, got)
 		})
 	}
 }
@@ -306,7 +306,7 @@ func TestCLIChangeAuthTok(t *testing.T) {
 			got := td.ExpectedOutput(t, outDir)
 			golden.CheckOrUpdate(t, got)
 
-			requireRunnerResult(t, authd.SessionMode_PASSWD, got)
+			requireRunnerResult(t, authd.SessionMode_CHANGE_PASSWORD, got)
 		})
 	}
 }

diff --git a/pam/integration-tests/native_test.go b/pam/integration-tests/native_test.go
@@ -341,7 +341,7 @@ func TestNativeAuthenticate(t *testing.T) {
 			localgroupstestutils.RequireGPasswdOutput(t, gpasswdOutput, golden.Path(t)+".gpasswd_out")
 
 			if !tc.skipRunnerCheck {
-				requireRunnerResultForUser(t, authd.SessionMode_AUTH, tc.clientOptions.PamUser, got)
+				requireRunnerResultForUser(t, authd.SessionMode_AUTHENTICATE, tc.clientOptions.PamUser, got)
 			}
 		})
 	}
@@ -435,7 +435,7 @@ func TestNativeChangeAuthTok(t *testing.T) {
 			golden.CheckOrUpdate(t, got)
 
 			if !tc.skipRunnerCheck {
-				requireRunnerResult(t, authd.SessionMode_PASSWD, got)
+				requireRunnerResult(t, authd.SessionMode_CHANGE_PASSWORD, got)
 			}
 		})
 	}