Skip to content

Commit 53d528b

Browse files
rgarciaclaude
andcommitted
fix: surface Get error instead of silently skipping MFA resolution
If fetching the connection fails (network error, auth issue, etc.), the MFA resolution was silently skipped, sending the raw user input to the API — reproducing the exact bug this PR fixes. Now the error is returned immediately. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent e6ba11a commit 53d528b

2 files changed

Lines changed: 21 additions & 1 deletion

File tree

cmd/auth_connections.go

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -456,7 +456,10 @@ func (c AuthConnectionCmd) Submit(ctx context.Context, in AuthConnectionSubmitIn
456456
// whatever the user provided to the correct type value.
457457
if hasMfaOption {
458458
conn, err := c.svc.Get(ctx, in.ID)
459-
if err == nil && len(conn.MfaOptions) > 0 {
459+
if err != nil {
460+
return fmt.Errorf("failed to fetch connection for MFA option resolution: %w", err)
461+
}
462+
if len(conn.MfaOptions) > 0 {
460463
resolved := false
461464
for _, opt := range conn.MfaOptions {
462465
displayName := fmt.Sprintf("%s (%s)", opt.Label, opt.Type)

cmd/auth_connections_test.go

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -297,6 +297,23 @@ func TestSubmit_MfaOptionResolvesLabelCaseInsensitive(t *testing.T) {
297297
assert.Equal(t, "sms", submittedID)
298298
}
299299

300+
func TestSubmit_MfaOptionGetErrorSurfaced(t *testing.T) {
301+
fake := &FakeAuthConnectionService{
302+
GetFunc: func(ctx context.Context, id string, opts ...option.RequestOption) (*kernel.ManagedAuth, error) {
303+
return nil, errors.New("connection not found")
304+
},
305+
}
306+
307+
c := AuthConnectionCmd{svc: fake}
308+
err := c.Submit(context.Background(), AuthConnectionSubmitInput{
309+
ID: "conn-1",
310+
MfaOptionID: "sms",
311+
Output: "json",
312+
})
313+
require.Error(t, err)
314+
assert.Contains(t, err.Error(), "failed to fetch connection for MFA option resolution")
315+
}
316+
300317
func TestSubmit_MfaOptionRejectsUnknown(t *testing.T) {
301318
fake := newFakeWithMfaOptions([]kernel.ManagedAuthMfaOption{
302319
{Label: "Get a text", Type: "sms"},

0 commit comments

Comments
 (0)