Merge pull request #751 from openziti/update-auth-query-model

update auth query model

inc_internal/auth_method.h

@@ -23,7 +23,7 @@ enum AuthenticationMethod {
 };
 
 static const ziti_auth_query_mfa ZITI_MFA = {
-        .type_id = "MFA",
+        .type_id = ziti_auth_query_type_MFA,
         .provider = "ziti",
 };
 

inc_internal/internal_model.h

@@ -58,7 +58,10 @@ XX(updated, timestamp, none, updatedAt, __VA_ARGS__) \
 XX(cached_last_activity_at, timestamp, none, cachedLastActivityAt, __VA_ARGS__) \
 XX(identity, ziti_identity, none, identity, __VA_ARGS__) \
 XX(posture_query_set, ziti_posture_query_set, array, postureQueries, __VA_ARGS__) \
-XX(auth_queries, ziti_auth_query_mfa, list, authQueries, __VA_ARGS__)         \
+XX(is_mfa_required, model_bool, none, IsMfaRequired, __VA_ARGS__) \
+XX(is_mfa_complete, model_bool, none, IsMfaComplete, __VA_ARGS__) \
+XX(is_cert_extendable, model_bool, none, IsCertExtendable, __VA_ARGS__) \
+XX(auth_queries, ziti_auth_query_mfa, list, authQueries, __VA_ARGS__) \
 XX(authenticator_id, model_string, none, authenticatorId, __VA_ARGS__)
 
 #define ZITI_ERROR_MODEL(XX, ...) \

includes/ziti/model_support.h

@@ -251,8 +251,16 @@ ZITI_FUNC int enum_from_json(void *ptr, struct json_object *j, const void *enum_
 ZITI_FUNC int json_enum(const void *ptr, void *buf, int indent, int flags, const void *enum_type);
 ZITI_FUNC struct json_object* enum_to_json(const void* ptr, const void *enum_type);
 
-#define mk_enum(v,t) t##_##v,
-#define enum_field(v,t) const t v;
+
+#define mk_enum2(v,t) t##_##v
+#define mk_enum3(v,n,t) t##_##n
+#define enum_f2(v, t) const t v
+#define enum_f3(v, n, t) const t n
+
+#define get_ovrd(_1, _2, _3, NAME, ...) NAME
+
+#define mk_enum(...) get_ovrd(__VA_ARGS__, mk_enum3, mk_enum2)(__VA_ARGS__),
+#define enum_field(...) get_ovrd(__VA_ARGS__, enum_f3, enum_f2)(__VA_ARGS__);
 
 #define DECLARE_ENUM(Enum, Values) \
 enum Enum {                        \
@@ -270,12 +278,19 @@ Values(enum_field, Enum)                          \
 MODEL_API const type_meta* get_##Enum##_meta();\
 extern const struct Enum##_s Enum##s;
 
-#define call_f(f,args) f args
-#define enum_value_of1(v, t, s, n) if(strncmp(s,#v,n) == 0){return (t)t##s.v;}
-#define enum_value_of(v,...) call_f(enum_value_of1, (v, __VA_ARGS__))
+#define get_value_of_ovrd(_1, _2, _3, _4, _5, NAME, ...) NAME
+#define enum_value_of4(v, t, str, len) if(strncmp(str,#v,len) == 0){return (t)t##s.v;}
+#define enum_value_of5(v, n, t, str, len) if(strncmp(str,#v,len) == 0){return (t)t##s.n;}
+#define enum_value_of(...) get_value_of_ovrd(__VA_ARGS__, enum_value_of5, enum_value_of4)(__VA_ARGS__)
+
+#define enum_c2(v,t)  case t##_##v: return #v
+#define enum_c3(v,n,t) case t##_##n: return #v
+#define enum_case(...)  get_ovrd(__VA_ARGS__, enum_c3, enum_c2)(__VA_ARGS__);
+
+#define enum_field_v2(v,t) .v = t##_##v
+#define enum_field_v3(v,n,t) .n = t##_##n
 
-#define enum_case(v,t)  case t##_##v: return #v;
-#define enum_field_val(v,t) .v = t##_##v,
+#define enum_field_val(...) get_ovrd(__VA_ARGS__, enum_field_v3, enum_field_v2)(__VA_ARGS__),
 #define IMPL_ENUM(Enum, Values) \
 static const char* Enum##_name(int v) { \
 switch (v) { \

includes/ziti/ziti_model.h

@@ -34,8 +34,14 @@ XX(udp, __VA_ARGS__)
 XX(Bind, __VA_ARGS__)                   \
 XX(Dial, __VA_ARGS__)
 
+#define ZITI_AUTH_QUERY_TYPE_ENUM(XX, ...) \
+XX(MFA, __VA_ARGS__) \
+XX(TOTP, __VA_ARGS__) \
+XX(EXT-JWT, EXT_JWT, __VA_ARGS__)
+
 #define ZITI_AUTH_QUERY_MFA_MODEL(XX, ...) \
-XX(type_id, model_string, none, typeId, __VA_ARGS__) \
+XX(id, model_string, none, id, __VA_ARGS__) \
+XX(type_id, ziti_auth_query_type, none, typeId, __VA_ARGS__) \
 XX(provider, model_string, none, provider, __VA_ARGS__) \
 XX(http_method, model_string, none, httpMethod, __VA_ARGS__) \
 XX(http_url, model_string, none, httpUrl, __VA_ARGS__) \
@@ -230,6 +236,8 @@ ZITI_FUNC int ziti_port_match(int port, const model_list *port_range_list);
 
 DECLARE_ENUM(ziti_session_type, ZITI_SESSION_TYPE_ENUM)
 
+DECLARE_ENUM(ziti_auth_query_type, ZITI_AUTH_QUERY_TYPE_ENUM)
+
 DECLARE_ENUM(ziti_ctrl_cap, ZITI_CTRL_CAP_ENUM)
 
 DECLARE_MODEL(api_path, ZITI_API_PATH_MODEL)

library/auth_queries.c

@@ -116,7 +116,7 @@ void ziti_auth_query_mfa_process(ziti_mfa_auth_ctx *mfa_auth_ctx) {
                 .type = ZitiAuthEvent,
                 .auth = {
                         .action = ziti_auth_prompt_totp,
-                        .type = mfa_auth_ctx->auth_query_mfa->type_id,
+                        .type = ziti_auth_query_types.name(mfa_auth_ctx->auth_query_mfa->type_id),
                         .detail = mfa_auth_ctx->auth_query_mfa->provider,
                 }
         };

library/internal_model.c

@@ -153,6 +153,8 @@ IMPL_MODEL(ziti_extend_cert_authenticator_resp, ZITI_EXTEND_CERT_AUTHENTICATOR_R
 
 IMPL_ENUM(ziti_session_type, ZITI_SESSION_TYPE_ENUM)
 
+IMPL_ENUM(ziti_auth_query_type, ZITI_AUTH_QUERY_TYPE_ENUM)
+
 IMPL_ENUM(ziti_protocol, ZITI_PROTOCOL_ENUM)
 
 IMPL_MODEL(ziti_create_api_cert_req, ZITI_CREATE_API_CERT_REQ)

library/legacy_auth.c

@@ -243,7 +243,7 @@ void auth_timer_cb(uv_timer_t *t) {
 static ziti_auth_query_mfa* get_mfa(ziti_api_session *session) {
     ziti_auth_query_mfa *aq;
     MODEL_LIST_FOREACH(aq, session->auth_queries) {
-        if (strcmp(aq->type_id, AUTH_QUERY_TYPE_MFA) == 0 &&
+        if (aq->type_id == ziti_auth_query_type_MFA &&
             strcmp(aq->provider, MFA_PROVIDER_ZITI) == 0) {
             return aq;
         }

library/ziti.c

@@ -244,7 +244,7 @@ void ziti_set_partially_authenticated(ziti_context ztx, const ziti_auth_query_mf
             .type = ZitiAuthEvent,
             .auth = {
                     .action = ziti_auth_prompt_totp,
-                    .type = mfa_q->type_id,
+                    .type = ziti_auth_query_types.name(mfa_q->type_id),
                     .detail = mfa_q->provider,
             }
     };