fix: Skip local password creation with device auth if already created#1479
Draft
nooreldeenmansour wants to merge 1 commit intomainfrom
Draft
fix: Skip local password creation with device auth if already created#1479nooreldeenmansour wants to merge 1 commit intomainfrom
nooreldeenmansour wants to merge 1 commit intomainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes repeated prompts for local password creation when users authenticate via device/QR (remote) auth and a local password is already present, aligning behavior with issue #369.
Changes:
- Skip the
NewPasswordstep after device auth when the local password file already exists. - Add/adjust
TestIsAuthenticatedscenarios and expectations to validate the new flow. - Update golden test fixtures to reflect
AuthGrantedresponses (and resulting userinfo payload) where applicable.
Reviewed changes
Copilot reviewed 9 out of 10 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| authd-oidc-brokers/internal/broker/broker.go | Skip NewPassword and finish auth immediately after device auth when a local password already exists. |
| authd-oidc-brokers/internal/broker/broker_test.go | Extend TestIsAuthenticated with expectations for groups and next auth modes; add a new scenario covering device auth with an existing local password. |
| authd-oidc-brokers/internal/broker/testdata/golden/TestIsAuthenticated/Authenticating_with_qrcode_reacquires_token/first_call | Golden update: device/QR auth now returns granted with userinfo when password already exists. |
| authd-oidc-brokers/internal/broker/testdata/golden/TestIsAuthenticated/Authenticating_with_password_when_refresh_token_is_expired_results_in_device_auth_as_next_mode/second_call | Golden update: second call (device auth) now returns granted with userinfo. |
| authd-oidc-brokers/internal/broker/testdata/golden/TestIsAuthenticated/Authenticating_with_password_when_refresh_token_is_expired_due_to_inactivity_results_in_device_auth_as_next_mode/second_call | Golden update: second call (device auth) now returns granted with userinfo. |
| authd-oidc-brokers/internal/broker/testdata/golden/TestIsAuthenticated/Authenticating_with_password_when_refresh_token_is_expired_due_to_ca_sign_in_frequency_results_in_device_auth_as_next_mode/second_call | Golden update: second call (device auth) now returns granted with userinfo. |
| authd-oidc-brokers/internal/broker/testdata/golden/TestIsAuthenticated/Authenticating_with_password_when_no_refresh_token_results_in_device_auth_as_next_mode/second_call | Golden update: second call (device auth) now returns granted with userinfo. |
| authd-oidc-brokers/internal/broker/testdata/golden/TestIsAuthenticated/Authenticating_with_device_auth_and_existing_password_skips_newpassword/first_call | New golden fixture: validates skipping NewPassword when password exists. |
| authd-oidc-brokers/internal/broker/testdata/golden/TestIsAuthenticated/Authenticating_with_device_auth_and_existing_password_skips_newpassword/data/provider_url/test-user@email.com/token.json | New golden fixture data: generic token file content for snapshot stability. |
| authd-oidc-brokers/internal/broker/testdata/golden/TestIsAuthenticated/Authenticating_with_device_auth_and_existing_password_skips_newpassword/data/provider_url/test-user@email.com/password | New golden fixture data: generic password file content for snapshot stability. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1479 +/- ##
==========================================
- Coverage 86.94% 80.39% -6.55%
==========================================
Files 93 20 -73
Lines 6366 1051 -5315
Branches 111 0 -111
==========================================
- Hits 5535 845 -4690
+ Misses 775 206 -569
+ Partials 56 0 -56 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Member
Author
|
Marking as draft until we plan and implement the ability to reset local password for authd users. As suggested in #369 (comment) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #369
UDENG-9855