Authsession non empty vec (#1522)

2025-02-23 20:47:01 +01:00 · 2023-04-07 19:00:45 -05:00 · 2023-04-07 19:00:45 -05:00 · bd1215299a
parent fda217fc3f
commit bd1215299a
1 changed files with 6 additions and 5 deletions
--- a/server/lib/src/idm/authsession.rs
+++ b/server/lib/src/idm/authsession.rs
@ -18,6 +18,7 @@ use kanidm_proto::v1::{
 use tokio::sync::mpsc::UnboundedSender as Sender;
 use uuid::Uuid;
 // use webauthn_rs::prelude::DeviceKey as DeviceKeyV4;
+use nonempty::{nonempty, NonEmpty};
 use webauthn_rs::prelude::Passkey as PasskeyV4;
 use webauthn_rs::prelude::{
    CredentialID, PasskeyAuthentication, RequestChallengeResponse, SecurityKeyAuthentication,
@ -84,7 +85,7 @@ enum AuthIntent {
 /// A response type to indicate the progress and potential result of an authentication attempt.
 enum CredState {
    Success { auth_type: AuthType, cred_id: Uuid },
-    Continue(Vec<AuthAllowed>),
+    Continue(NonEmpty<AuthAllowed>),
    Denied(&'static str),
 }

@ -420,7 +421,7 @@ impl CredHandler {
                                        admin_warn!("unable to queue delayed webauthn property update, continuing ... ");
                                    };
                                };
-                                CredState::Continue(vec![AuthAllowed::Password])
+                                CredState::Continue(nonempty![AuthAllowed::Password])
                            }
                            Err(e) => {
                                pw_mfa.mfa_state = CredVerifyState::Fail;
@ -447,7 +448,7 @@ impl CredHandler {
                            security_info!(
                                "Handler::PasswordMfa -> Result::Continue - TOTP ({}) OK, password -", label
                            );
-                            CredState::Continue(vec![AuthAllowed::Password])
+                            CredState::Continue(nonempty![AuthAllowed::Password])
                        } else {
                            pw_mfa.mfa_state = CredVerifyState::Fail;
                            security_error!(
@ -470,7 +471,7 @@ impl CredHandler {
                            };
                            pw_mfa.mfa_state = CredVerifyState::Success;
                            security_info!("Handler::PasswordMfa -> Result::Continue - BackupCode OK, password -");
-                            CredState::Continue(vec![AuthAllowed::Password])
+                            CredState::Continue(nonempty![AuthAllowed::Password])
                        } else {
                            pw_mfa.mfa_state = CredVerifyState::Fail;
                            security_error!("Handler::PasswordMfa -> Result::Denied - BackupCode Fail, password -");
@ -1037,7 +1038,7 @@ impl AuthSession {
                    }
                    CredState::Continue(allowed) => {
                        security_info!(?allowed, "Request credential continuation");
-                        (None, Ok(AuthState::Continue(allowed)))
+                        (None, Ok(AuthState::Continue(allowed.into_iter().collect())))
                    }
                    CredState::Denied(reason) => {
                        security_info!(%reason, "Credentials denied");