From 1227eb0f929b7a74b1b75a3a1b763c5dae1e400a Mon Sep 17 00:00:00 2001 From: Russell Kerns Date: Sun, 4 Feb 2024 20:51:14 -0600 Subject: [PATCH 1/3] AUTH-5608 added warp auth fields to access organizations and apps --- .changelog/1496.txt | 4 +++ access_application.go | 3 +++ access_application_test.go | 17 +++++++++--- access_organization.go | 6 +++++ access_organization_test.go | 52 ++++++++++++++++++++++++------------- 5 files changed, 60 insertions(+), 22 deletions(-) create mode 100644 .changelog/1496.txt diff --git a/.changelog/1496.txt b/.changelog/1496.txt new file mode 100644 index 00000000000..b16b1a7cce8 --- /dev/null +++ b/.changelog/1496.txt @@ -0,0 +1,4 @@ +```release-note:enhancement +access_application: Add support for allow_authenticate_via_warp +access_organization: Add support for allow_authenticate_via_warp and warp_auth_session_duration +``` \ No newline at end of file diff --git a/access_application.go b/access_application.go index 98b240ae743..f6106599114 100644 --- a/access_application.go +++ b/access_application.go @@ -52,6 +52,7 @@ type AccessApplication struct { HttpOnlyCookieAttribute *bool `json:"http_only_cookie_attribute,omitempty"` ServiceAuth401Redirect *bool `json:"service_auth_401_redirect,omitempty"` PathCookieAttribute *bool `json:"path_cookie_attribute,omitempty"` + AllowAuthenticateViaWarp *bool `json:"allow_authenticate_via_warp,omitempty"` CustomPages []string `json:"custom_pages,omitempty"` Tags []string `json:"tags,omitempty"` AccessAppLauncherCustomization @@ -166,6 +167,7 @@ type CreateAccessApplicationParams struct { SessionDuration string `json:"session_duration,omitempty"` SkipInterstitial *bool `json:"skip_interstitial,omitempty"` Type AccessApplicationType `json:"type,omitempty"` + AllowAuthenticateViaWarp *bool `json:"allow_authenticate_via_warp,omitempty"` CustomPages []string `json:"custom_pages,omitempty"` Tags []string `json:"tags,omitempty"` AccessAppLauncherCustomization @@ -196,6 +198,7 @@ type UpdateAccessApplicationParams struct { SessionDuration string `json:"session_duration,omitempty"` SkipInterstitial *bool `json:"skip_interstitial,omitempty"` Type AccessApplicationType `json:"type,omitempty"` + AllowAuthenticateViaWarp *bool `json:"allow_authenticate_via_warp,omitempty"` CustomPages []string `json:"custom_pages,omitempty"` Tags []string `json:"tags,omitempty"` AccessAppLauncherCustomization diff --git a/access_application_test.go b/access_application_test.go index ed0916e03a9..4bf414b2b0a 100644 --- a/access_application_test.go +++ b/access_application_test.go @@ -49,7 +49,8 @@ func TestAccessApplications(t *testing.T) { "service_auth_401_redirect": true, "path_cookie_attribute": true, "custom_pages": ["480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"], - "tags": ["engineers"] + "tags": ["engineers"], + "allow_authenticate_via_warp": true } ], "result_info": { @@ -89,6 +90,7 @@ func TestAccessApplications(t *testing.T) { CustomPages: []string{"480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"}, Tags: []string{"engineers"}, CustomNonIdentityDenyURL: "https://blocked.com", + AllowAuthenticateViaWarp: BoolPtr(true), }} mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler) @@ -140,7 +142,8 @@ func TestAccessApplication(t *testing.T) { "app_launcher_visible": true, "service_auth_401_redirect": true, "http_only_cookie_attribute": false, - "path_cookie_attribute": false + "path_cookie_attribute": false, + "allow_authenticate_via_warp": false } } `) @@ -171,6 +174,7 @@ func TestAccessApplication(t *testing.T) { HttpOnlyCookieAttribute: BoolPtr(false), PathCookieAttribute: BoolPtr(false), CustomNonIdentityDenyURL: "https://blocked.com", + AllowAuthenticateViaWarp: BoolPtr(false), } mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler) @@ -221,7 +225,8 @@ func TestCreateAccessApplications(t *testing.T) { "skip_interstitial": true, "app_launcher_visible": true, "service_auth_401_redirect": true, - "tags": ["engineers"] + "tags": ["engineers"], + "allow_authenticate_via_warp": false } } `) @@ -250,6 +255,7 @@ func TestCreateAccessApplications(t *testing.T) { UpdatedAt: &updatedAt, CustomNonIdentityDenyURL: "https://blocked.com", Tags: []string{"engineers"}, + AllowAuthenticateViaWarp: BoolPtr(false), } mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler) @@ -308,7 +314,8 @@ func TestUpdateAccessApplication(t *testing.T) { "skip_interstitial": true, "app_launcher_visible": true, "service_auth_401_redirect": true, - "tags": ["engineers"] + "tags": ["engineers"], + "allow_authenticate_via_warp": true } } `) @@ -333,6 +340,7 @@ func TestUpdateAccessApplication(t *testing.T) { CustomNonIdentityDenyURL: "https://blocked.com", Tags: []string{"engineers"}, SkipInterstitial: BoolPtr(true), + AllowAuthenticateViaWarp: BoolPtr(true), CreatedAt: &createdAt, UpdatedAt: &updatedAt, } @@ -356,6 +364,7 @@ func TestUpdateAccessApplication(t *testing.T) { SkipInterstitial: BoolPtr(true), CustomNonIdentityDenyURL: "https://blocked.com", Tags: []string{"engineers"}, + AllowAuthenticateViaWarp: BoolPtr(true), } mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler) diff --git a/access_organization.go b/access_organization.go index bb02b1ca46d..f7eea16af71 100644 --- a/access_organization.go +++ b/access_organization.go @@ -22,6 +22,8 @@ type AccessOrganization struct { AutoRedirectToIdentity *bool `json:"auto_redirect_to_identity,omitempty"` SessionDuration *string `json:"session_duration,omitempty"` CustomPages AccessOrganizationCustomPages `json:"custom_pages,omitempty"` + WarpAuthSessionDuration *string `json:"warp_auth_session_duration,omitempty"` + AllowAuthenticateViaWarp *bool `json:"allow_authenticate_via_warp,omitempty"` } // AccessOrganizationLoginDesign represents the login design options. @@ -67,6 +69,8 @@ type CreateAccessOrganizationParams struct { AutoRedirectToIdentity *bool `json:"auto_redirect_to_identity,omitempty"` SessionDuration *string `json:"session_duration,omitempty"` CustomPages AccessOrganizationCustomPages `json:"custom_pages,omitempty"` + WarpAuthSessionDuration *string `json:"warp_auth_session_duration,omitempty"` + AllowAuthenticateViaWarp *bool `json:"allow_authenticate_via_warp,omitempty"` } type UpdateAccessOrganizationParams struct { @@ -79,6 +83,8 @@ type UpdateAccessOrganizationParams struct { AutoRedirectToIdentity *bool `json:"auto_redirect_to_identity,omitempty"` SessionDuration *string `json:"session_duration,omitempty"` CustomPages AccessOrganizationCustomPages `json:"custom_pages,omitempty"` + WarpAuthSessionDuration *string `json:"warp_auth_session_duration,omitempty"` + AllowAuthenticateViaWarp *bool `json:"allow_authenticate_via_warp,omitempty"` } func (api *API) GetAccessOrganization(ctx context.Context, rc *ResourceContainer, params GetAccessOrganizationParams) (AccessOrganization, ResultInfo, error) { diff --git a/access_organization_test.go b/access_organization_test.go index 295a7f7d84c..fc9cfb4bf3d 100644 --- a/access_organization_test.go +++ b/access_organization_test.go @@ -29,6 +29,8 @@ func TestAccessOrganization(t *testing.T) { "is_ui_read_only": false, "user_seat_expiration_inactive_time": "720h", "auto_redirect_to_identity": true, + "allow_authenticate_via_warp": true, + "warp_auth_session_duration": "24h", "session_duration": "12h", "login_design": { "background_color": "#c5ed1b", @@ -46,10 +48,12 @@ func TestAccessOrganization(t *testing.T) { updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z") want := AccessOrganization{ - Name: "Widget Corps Internal Applications", - CreatedAt: &createdAt, - UpdatedAt: &updatedAt, - AuthDomain: "test.cloudflareaccess.com", + Name: "Widget Corps Internal Applications", + CreatedAt: &createdAt, + UpdatedAt: &updatedAt, + AuthDomain: "test.cloudflareaccess.com", + AllowAuthenticateViaWarp: BoolPtr(true), + WarpAuthSessionDuration: StringPtr("24h"), LoginDesign: AccessOrganizationLoginDesign{ BackgroundColor: "#c5ed1b", LogoPath: "https://example.com/logo.png", @@ -96,6 +100,8 @@ func TestCreateAccessOrganization(t *testing.T) { "updated_at": "2014-01-01T05:20:00.12345Z", "name": "Widget Corps Internal Applications", "auth_domain": "test.cloudflareaccess.com", + "allow_authenticate_via_warp": true, + "warp_auth_session_duration": "24h", "is_ui_read_only": true, "session_duration": "12h", "login_design": { @@ -114,10 +120,12 @@ func TestCreateAccessOrganization(t *testing.T) { updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z") want := AccessOrganization{ - CreatedAt: &createdAt, - UpdatedAt: &updatedAt, - Name: "Widget Corps Internal Applications", - AuthDomain: "test.cloudflareaccess.com", + CreatedAt: &createdAt, + UpdatedAt: &updatedAt, + Name: "Widget Corps Internal Applications", + AuthDomain: "test.cloudflareaccess.com", + AllowAuthenticateViaWarp: BoolPtr(true), + WarpAuthSessionDuration: StringPtr("24h"), LoginDesign: AccessOrganizationLoginDesign{ BackgroundColor: "#c5ed1b", LogoPath: "https://example.com/logo.png", @@ -186,6 +194,8 @@ func TestUpdateAccessOrganization(t *testing.T) { "updated_at": "2014-01-01T05:20:00.12345Z", "name": "Widget Corps Internal Applications", "auth_domain": "test.cloudflareaccess.com", + "allow_authenticate_via_warp": false, + "warp_auth_session_duration": "18h", "login_design": { "background_color": "#c5ed1b", "logo_path": "https://example.com/logo.png", @@ -205,10 +215,12 @@ func TestUpdateAccessOrganization(t *testing.T) { updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z") want := AccessOrganization{ - CreatedAt: &createdAt, - UpdatedAt: &updatedAt, - Name: "Widget Corps Internal Applications", - AuthDomain: "test.cloudflareaccess.com", + CreatedAt: &createdAt, + UpdatedAt: &updatedAt, + Name: "Widget Corps Internal Applications", + AuthDomain: "test.cloudflareaccess.com", + WarpAuthSessionDuration: StringPtr("18h"), + AllowAuthenticateViaWarp: BoolPtr(false), LoginDesign: AccessOrganizationLoginDesign{ BackgroundColor: "#c5ed1b", LogoPath: "https://example.com/logo.png", @@ -233,9 +245,11 @@ func TestUpdateAccessOrganization(t *testing.T) { HeaderText: "Widget Corp", FooterText: "© Widget Corp", }, - IsUIReadOnly: BoolPtr(false), - SessionDuration: StringPtr("12h"), - UIReadOnlyToggleReason: "this is my reason", + WarpAuthSessionDuration: StringPtr("18h"), + AllowAuthenticateViaWarp: BoolPtr(false), + IsUIReadOnly: BoolPtr(false), + SessionDuration: StringPtr("12h"), + UIReadOnlyToggleReason: "this is my reason", }) if assert.NoError(t, err) { @@ -254,9 +268,11 @@ func TestUpdateAccessOrganization(t *testing.T) { HeaderText: "Widget Corp", FooterText: "© Widget Corp", }, - IsUIReadOnly: BoolPtr(false), - UIReadOnlyToggleReason: "this is my reason", - SessionDuration: StringPtr("12h"), + WarpAuthSessionDuration: StringPtr("18h"), + AllowAuthenticateViaWarp: BoolPtr(false), + IsUIReadOnly: BoolPtr(false), + UIReadOnlyToggleReason: "this is my reason", + SessionDuration: StringPtr("12h"), }) if assert.NoError(t, err) { From a3cc5abfe4f02cce23d4c16a04cf6211b7fcf40d Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Mon, 5 Feb 2024 14:31:08 +1100 Subject: [PATCH 2/3] Update .changelog/1496.txt --- .changelog/1496.txt | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.changelog/1496.txt b/.changelog/1496.txt index b16b1a7cce8..6e3b7fc300b 100644 --- a/.changelog/1496.txt +++ b/.changelog/1496.txt @@ -1,4 +1,2 @@ ```release-note:enhancement -access_application: Add support for allow_authenticate_via_warp -access_organization: Add support for allow_authenticate_via_warp and warp_auth_session_duration -``` \ No newline at end of file +access_application: Add support for allow_authenticate_via_warp \ No newline at end of file From 58a99ee3b182e41d87604b21b134e0716efeda44 Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Mon, 5 Feb 2024 14:32:16 +1100 Subject: [PATCH 3/3] Update 1496.txt --- .changelog/1496.txt | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.changelog/1496.txt b/.changelog/1496.txt index 6e3b7fc300b..5d3ea285747 100644 --- a/.changelog/1496.txt +++ b/.changelog/1496.txt @@ -1,2 +1,7 @@ ```release-note:enhancement -access_application: Add support for allow_authenticate_via_warp \ No newline at end of file +access_application: Add support for `allow_authenticate_via_warp` +``` + +```release-note:enhancement +access_organization: Add support for `allow_authenticate_via_warp` and `warp_auth_session_duration` +```