Extract session mode constants (#324)

internal/broker/broker.go

@@ -19,6 +19,7 @@ import (
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/google/uuid"
 	"github.com/ubuntu/authd-oidc-brokers/internal/broker/authmodes"
+	"github.com/ubuntu/authd-oidc-brokers/internal/broker/sessionmode"
 	"github.com/ubuntu/authd-oidc-brokers/internal/consts"
 	"github.com/ubuntu/authd-oidc-brokers/internal/fileutils"
 	"github.com/ubuntu/authd-oidc-brokers/internal/password"
@@ -399,7 +400,7 @@ func (b *Broker) generateUILayout(session *session, authModeID string) (map[stri
 
 	case authmodes.NewPassword:
 		label := "Create a local password"
-		if session.mode == "passwd" {
+		if session.mode == sessionmode.ChangePassword || session.mode == sessionmode.ChangePasswordOld {
 			label = "Update your local password"
 		}
 
@@ -596,7 +597,7 @@ func (b *Broker) handleIsAuthenticated(ctx context.Context, session *session, au
 			authInfo.UserInfo = userInfo
 		}
 
-		if session.mode == "passwd" {
+		if session.mode == sessionmode.ChangePassword || session.mode == sessionmode.ChangePasswordOld {
 			session.authInfo["auth_info"] = authInfo
 			return AuthNext, nil
 		}

internal/broker/broker_test.go

@@ -14,6 +14,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"github.com/ubuntu/authd-oidc-brokers/internal/broker"
 	"github.com/ubuntu/authd-oidc-brokers/internal/broker/authmodes"
+	"github.com/ubuntu/authd-oidc-brokers/internal/broker/sessionmode"
 	"github.com/ubuntu/authd-oidc-brokers/internal/password"
 	"github.com/ubuntu/authd-oidc-brokers/internal/providers/info"
 	"github.com/ubuntu/authd-oidc-brokers/internal/testutils"
@@ -108,7 +109,7 @@ func TestNewSession(t *testing.T) {
 				customHandlers: tc.customHandlers,
 			})
 
-			id, _, err := b.NewSession("test-user", "lang", "auth")
+			id, _, err := b.NewSession("test-user", "lang", sessionmode.Login)
 			require.NoError(t, err, "NewSession should not have returned an error")
 
 			gotOffline, err := b.IsOffline(id)
@@ -170,17 +171,18 @@ func TestGetAuthenticationModes(t *testing.T) {
 
 		wantErr bool
 	}{
-		// Auth Session
+		// Authentication session
 		"Get_device_auth_qr_if_there_is_no_token":                      {},
 		"Get_newpassword_if_already_authenticated_with_device_auth_qr": {secondAuthStep: true},
 		"Get_password_and_device_auth_qr_if_token_exists":              {tokenExists: true},
 
 		"Get_only_password_if_token_exists_and_provider_is_not_available":                {tokenExists: true, providerAddress: "127.0.0.1:31310", unavailableProvider: true},
 		"Get_only_password_if_token_exists_and_provider_does_not_support_device_auth_qr": {tokenExists: true, providerAddress: "127.0.0.1:31311", deviceAuthUnsupported: true},
 
-		// Passwd Session
-		"Get_only_password_if_token_exists_and_session_is_passwd":                      {sessionMode: "passwd", tokenExists: true},
-		"Get_newpassword_if_already_authenticated_with_password_and_session_is_passwd": {sessionMode: "passwd", tokenExists: true, secondAuthStep: true},
+		// Change password session
+		"Get_only_password_if_token_exists_and_session_is_for_changing_password":                      {sessionMode: sessionmode.ChangePassword, tokenExists: true},
+		"Get_newpassword_if_already_authenticated_with_password_and_session_is_for_changing_password": {sessionMode: sessionmode.ChangePassword, tokenExists: true, secondAuthStep: true},
+		"Get_only_password_if_token_exists_and_session_mode_is_the_old_passwd_value":                  {sessionMode: sessionmode.ChangePasswordOld, tokenExists: true},
 
 		"Error_if_there_is_no_session": {sessionID: "-", wantErr: true},
 
@@ -191,15 +193,15 @@ func TestGetAuthenticationModes(t *testing.T) {
 		"Error_if_expecting_newpassword_but_not_supported":    {supportedLayouts: []string{"newpassword-without-entry"}, wantErr: true},
 		"Error_if_expecting_password_but_not_supported":       {supportedLayouts: []string{"form-without-entry"}, wantErr: true},
 
-		// Passwd session errors
-		"Error_if_session_is_passwd_but_token_does_not_exist": {sessionMode: "passwd", wantErr: true},
+		// Change password session errors
+		"Error_if_session_is_for_changing_password_but_token_does_not_exist": {sessionMode: sessionmode.ChangePassword, wantErr: true},
 	}
 	for name, tc := range tests {
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
 
 			if tc.sessionMode == "" {
-				tc.sessionMode = "auth"
+				tc.sessionMode = sessionmode.Login
 			}
 
 			cfg := &brokerForTestConfig{}
@@ -331,9 +333,9 @@ func TestSelectAuthenticationMode(t *testing.T) {
 			}
 			b := newBrokerForTests(t, cfg)
 
-			sessionType := "auth"
+			sessionType := sessionmode.Login
 			if tc.passwdSession {
-				sessionType = "passwd"
+				sessionType = sessionmode.ChangePassword
 			}
 			sessionID, _ := newSessionForTests(t, b, "", sessionType)
 
@@ -522,7 +524,7 @@ func TestIsAuthenticated(t *testing.T) {
 			t.Parallel()
 
 			if tc.sessionMode == "" {
-				tc.sessionMode = "auth"
+				tc.sessionMode = sessionmode.Login
 			}
 
 			if tc.sessionOffline {
@@ -1031,7 +1033,7 @@ func TestFetchUserInfo(t *testing.T) {
 			}
 			tc.token.issuer = defaultIssuerURL
 
-			sessionID, _, err := b.NewSession(tc.username, "lang", "auth")
+			sessionID, _, err := b.NewSession(tc.username, "lang", sessionmode.Login)
 			require.NoError(t, err, "Setup: Failed to create session for the tests")
 
 			cachedInfo := generateCachedInfo(t, tc.token)

internal/broker/helper_test.go

@@ -14,6 +14,7 @@ import (
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/stretchr/testify/require"
 	"github.com/ubuntu/authd-oidc-brokers/internal/broker"
+	"github.com/ubuntu/authd-oidc-brokers/internal/broker/sessionmode"
 	"github.com/ubuntu/authd-oidc-brokers/internal/providers"
 	"github.com/ubuntu/authd-oidc-brokers/internal/providers/info"
 	"github.com/ubuntu/authd-oidc-brokers/internal/testutils"
@@ -118,7 +119,7 @@ func newSessionForTests(t *testing.T, b *broker.Broker, username, mode string) (
 		username = "[email protected]"
 	}
 	if mode == "" {
-		mode = "auth"
+		mode = sessionmode.Login
 	}
 
 	id, key, err := b.NewSession(username, "some lang", mode)

internal/broker/sessionmode/consts.go

@@ -0,0 +1,15 @@
+// Package sessionmode defines the session modes supported by the broker.
+package sessionmode
+
+const (
+	// Login is used when the session is for user login.
+	Login = "login"
+	// LoginOld is the old name for the login session, which is now deprecated but still used by authd until all broker
+	// installations are updated.
+	LoginOld = "auth"
+	// ChangePassword is used when the session is for changing the user password.
+	ChangePassword = "change-password"
+	// ChangePasswordOld is the old name for the change-password session, which is now deprecated but still used by authd
+	// until all broker installations are updated.
+	ChangePasswordOld = "passwd"
+)

internal/broker/testdata/golden/TestGetAuthenticationModes/Get_only_password_if_token_exists_and_session_mode_is_the_old_passwd_value

@@ -0,0 +1,2 @@
+- id: password
+  label: Local Password Authentication

internal/providers/msentraid/msentraid.go

@@ -17,6 +17,7 @@ import (
 	msgraphauth "github.com/microsoftgraph/msgraph-sdk-go-core/authentication"
 	msgraphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
 	"github.com/ubuntu/authd-oidc-brokers/internal/broker/authmodes"
+	"github.com/ubuntu/authd-oidc-brokers/internal/broker/sessionmode"
 	"github.com/ubuntu/authd-oidc-brokers/internal/consts"
 	providerErrors "github.com/ubuntu/authd-oidc-brokers/internal/providers/errors"
 	"github.com/ubuntu/authd-oidc-brokers/internal/providers/info"
@@ -286,7 +287,7 @@ func (p Provider) CurrentAuthenticationModesOffered(
 	log.Debugf(context.Background(), "In CurrentAuthenticationModesOffered: sessionMode=%q, supportedAuthModes=%q, tokenExists=%t, providerReachable=%t, endpoints=%q, currentAuthStep=%d\n", sessionMode, supportedAuthModes, tokenExists, providerReachable, endpoints, currentAuthStep)
 	var offeredModes []string
 	switch sessionMode {
-	case "passwd":
+	case sessionmode.ChangePassword, sessionmode.ChangePasswordOld:
 		if !tokenExists {
 			return nil, errors.New("user has no cached token")
 		}

internal/providers/noprovider/noprovider.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/ubuntu/authd-oidc-brokers/internal/broker/authmodes"
+	"github.com/ubuntu/authd-oidc-brokers/internal/broker/sessionmode"
 	"github.com/ubuntu/authd-oidc-brokers/internal/providers/info"
 	"golang.org/x/oauth2"
 )
@@ -47,7 +48,7 @@ func (p NoProvider) CurrentAuthenticationModesOffered(
 ) ([]string, error) {
 	var offeredModes []string
 	switch sessionMode {
-	case "passwd":
+	case sessionmode.ChangePassword, sessionmode.ChangePasswordOld:
 		if !tokenExists {
 			return nil, errors.New("user has no cached token")
 		}