From 195748978162954863488ced95f6c68aae4f3b2d Mon Sep 17 00:00:00 2001
From: Brian Joerger <bjoerger@goteleport.com>
Date: Tue, 17 Dec 2024 14:40:17 -0800
Subject: [PATCH] Refactor `Reauthenticate` components - follow up fixes
 (#50355)

* Capitalize MFA in deleteMfaDeviceRequest.

* Fix/add TODOs for new mfa device management endpoints.
---
 lib/web/apiserver.go                                          | 3 ++-
 lib/web/mfa.go                                                | 4 ++--
 .../src/Account/ManageDevices/wizards/AddAuthDeviceWizard.tsx | 2 +-
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/web/apiserver.go b/lib/web/apiserver.go
index 62ecb813a5b6e..a21d165e382de 100644
--- a/lib/web/apiserver.go
+++ b/lib/web/apiserver.go
@@ -917,8 +917,9 @@ func (h *Handler) bindDefaultEndpoints() {
 
 	// MFA private endpoints.
 	h.GET("/webapi/mfa/devices", h.WithAuth(h.getMFADevicesHandle))
-	h.DELETE("/webapi/mfa/devices", h.WithAuth(h.deleteMFADeviceHandle))
 	h.POST("/webapi/mfa/authenticatechallenge", h.WithAuth(h.createAuthenticateChallengeHandle))
+	// TODO(Joerger) v19.0.0: currently unused, WebUI can use these in v19 without backwards compatibility concerns.
+	h.DELETE("/webapi/mfa/devices", h.WithAuth(h.deleteMFADeviceHandle))
 	h.POST("/webapi/mfa/registerchallenge", h.WithAuth(h.createRegisterChallengeHandle))
 
 	h.POST("/webapi/mfa/devices", h.WithAuth(h.addMFADeviceHandle))
diff --git a/lib/web/mfa.go b/lib/web/mfa.go
index 2ab9bfa281636..485a4eff460bc 100644
--- a/lib/web/mfa.go
+++ b/lib/web/mfa.go
@@ -75,7 +75,7 @@ func (h *Handler) deleteMFADeviceWithTokenHandle(w http.ResponseWriter, r *http.
 	return OK(), nil
 }
 
-type deleteMfaDeviceRequest struct {
+type deleteMFADeviceRequest struct {
 	// DeviceName is the name of the device to delete.
 	DeviceName string `json:"deviceName"`
 	// ExistingMFAResponse is an MFA challenge response from an existing device.
@@ -85,7 +85,7 @@ type deleteMfaDeviceRequest struct {
 
 // deleteMFADeviceHandle deletes an mfa device for the user defined in the `token`, given as a query parameter.
 func (h *Handler) deleteMFADeviceHandle(w http.ResponseWriter, r *http.Request, p httprouter.Params, c *SessionContext) (interface{}, error) {
-	var req deleteMfaDeviceRequest
+	var req deleteMFADeviceRequest
 	if err := httplib.ReadJSON(r, &req); err != nil {
 		return nil, trace.Wrap(err)
 	}
diff --git a/web/packages/teleport/src/Account/ManageDevices/wizards/AddAuthDeviceWizard.tsx b/web/packages/teleport/src/Account/ManageDevices/wizards/AddAuthDeviceWizard.tsx
index bbce32df63f98..9633fe814a952 100644
--- a/web/packages/teleport/src/Account/ManageDevices/wizards/AddAuthDeviceWizard.tsx
+++ b/web/packages/teleport/src/Account/ManageDevices/wizards/AddAuthDeviceWizard.tsx
@@ -101,7 +101,7 @@ export function AddAuthDeviceWizard({
   // TODO(Joerger): v19.0.0
   // A user without devices can register their first device without a privilege token
   // too, but the existing web register endpoint requires privilege token.
-  // We have a new endpoint "/v1/webapi/users/devices" which does not
+  // We have a new endpoint "/v1/webapi/mfa/registerchallenge" which does not
   // require token, but can't be used until v19 for backwards compatibility.
   // Once in use, we can leave privilege token empty here.
   useEffect(() => {