Skip to content

Commit b3607bf

Browse files
cursoragentcursoragent
committed
Fix MFA option resolution priority by match type first
1 parent 3c45ed6 commit b3607bf

File tree

2 files changed

+49
-8
lines changed

2 files changed

+49
-8
lines changed

cmd/auth_connections.go

Lines changed: 27 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -460,24 +460,43 @@ func (c AuthConnectionCmd) Submit(ctx context.Context, in AuthConnectionSubmitIn
460460
return util.CleanedUpSdkError{Err: fmt.Errorf("failed to fetch connection for MFA option resolution: %w", err)}
461461
}
462462
if len(conn.MfaOptions) > 0 {
463-
resolved := false
463+
resolvedType := ""
464+
inputOption := in.MfaOptionID
465+
466+
// Match by type first across all options, then label, then display string.
467+
// This ensures an exact type match is never shadowed by an earlier label match.
464468
for _, opt := range conn.MfaOptions {
465-
displayName := fmt.Sprintf("%s (%s)", opt.Label, opt.Type)
466-
if strings.EqualFold(in.MfaOptionID, opt.Type) ||
467-
strings.EqualFold(in.MfaOptionID, opt.Label) ||
468-
strings.EqualFold(in.MfaOptionID, displayName) {
469-
in.MfaOptionID = opt.Type
470-
resolved = true
469+
if strings.EqualFold(inputOption, opt.Type) {
470+
resolvedType = opt.Type
471471
break
472472
}
473473
}
474-
if !resolved {
474+
if resolvedType == "" {
475+
for _, opt := range conn.MfaOptions {
476+
if strings.EqualFold(inputOption, opt.Label) {
477+
resolvedType = opt.Type
478+
break
479+
}
480+
}
481+
}
482+
if resolvedType == "" {
483+
for _, opt := range conn.MfaOptions {
484+
displayName := fmt.Sprintf("%s (%s)", opt.Label, opt.Type)
485+
if strings.EqualFold(inputOption, displayName) {
486+
resolvedType = opt.Type
487+
break
488+
}
489+
}
490+
}
491+
if resolvedType == "" {
475492
available := make([]string, 0, len(conn.MfaOptions))
476493
for _, opt := range conn.MfaOptions {
477494
available = append(available, fmt.Sprintf("%s (%s)", opt.Label, opt.Type))
478495
}
479496
return fmt.Errorf("unknown MFA option %q; available: %s", in.MfaOptionID, strings.Join(available, ", "))
480497
}
498+
499+
in.MfaOptionID = resolvedType
481500
}
482501
}
483502

cmd/auth_connections_test.go

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -233,6 +233,28 @@ func TestSubmit_MfaOptionResolvesType(t *testing.T) {
233233
assert.Equal(t, "sms", submittedID)
234234
}
235235

236+
func TestSubmit_MfaOptionResolvesTypeBeforeEarlierLabel(t *testing.T) {
237+
fake := newFakeWithMfaOptions([]kernel.ManagedAuthMfaOption{
238+
{Label: "call", Type: "phone"},
239+
{Label: "Get a text", Type: "call"},
240+
})
241+
242+
var submittedID string
243+
fake.SubmitFunc = func(ctx context.Context, id string, body kernel.AuthConnectionSubmitParams, opts ...option.RequestOption) (*kernel.SubmitFieldsResponse, error) {
244+
submittedID = body.SubmitFieldsRequest.MfaOptionID.Value
245+
return &kernel.SubmitFieldsResponse{Accepted: true}, nil
246+
}
247+
248+
c := AuthConnectionCmd{svc: fake}
249+
err := c.Submit(context.Background(), AuthConnectionSubmitInput{
250+
ID: "conn-1",
251+
MfaOptionID: "call",
252+
Output: "json",
253+
})
254+
require.NoError(t, err)
255+
assert.Equal(t, "call", submittedID)
256+
}
257+
236258
func TestSubmit_MfaOptionResolvesLabel(t *testing.T) {
237259
fake := newFakeWithMfaOptions([]kernel.ManagedAuthMfaOption{
238260
{Label: "Get a text", Type: "sms"},

0 commit comments

Comments
 (0)