pam/adapter/model: Start user selection only after has been requested

So we avoid writing at all in the terminal if user selection is not
required, add tests to verify this behavior

examplebroker/broker.go

@@ -89,6 +89,7 @@ var (
 	exampleUsers   = map[string]userInfoBroker{
 		"user1":             {Password: "goodpass"},
 		"user2":             {Password: "goodpass"},
+		"user3":             {Password: "goodpass"},
 		"user-mfa":          {Password: "goodpass"},
 		"user-needs-reset":  {Password: "goodpass"},
 		"user-can-reset":    {Password: "goodpass"},

pam/integration-tests/cli_test.go

@@ -45,6 +45,7 @@ func TestCLIAuthenticate(t *testing.T) {
 		currentUserNotRoot bool
 	}{
 		"Authenticate user successfully":                      {tape: "simple_auth"},
+		"Authenticate user successfully with preset user":     {tape: "simple_auth_with_preset_user"},
 		"Authenticate user with mfa":                          {tape: "mfa_auth"},
 		"Authenticate user with form mode with button":        {tape: "form_with_button"},
 		"Authenticate user with qr code":                      {tape: "qr_code"},
@@ -56,8 +57,9 @@ func TestCLIAuthenticate(t *testing.T) {
 		"Authenticate user and add it to local group":         {tape: "local_group"},
 		"Authenticate with warnings on unsupported arguments": {tape: "simple_auth_with_unsupported_args"},
 
-		"Remember last successful broker and mode": {tape: "remember_broker_and_mode"},
-		"Autoselect local broker for local user":   {tape: "local_user"},
+		"Remember last successful broker and mode":      {tape: "remember_broker_and_mode"},
+		"Autoselect local broker for local user":        {tape: "local_user"},
+		"Autoselect local broker for local user preset": {tape: "local_user_preset"},
 
 		"Deny authentication if current user is not considered as root": {tape: "not_root", currentUserNotRoot: true},
 

pam/integration-tests/testdata/TestCLIAuthenticate/golden/authenticate_user_successfully_with_preset_user

@@ -0,0 +1,132 @@
+> env AUTHD_PAM_CLI_USER=user3 ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOC
+K}
+  Select your provider
+
+> 1. local
+  2. ExampleBroker
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+────────────────────────────────────────────────────────────────────────────────
+> env AUTHD_PAM_CLI_USER=user3 ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOC
+K}
+Gimme your password
+>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+────────────────────────────────────────────────────────────────────────────────
+> env AUTHD_PAM_CLI_USER=user3 ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOC
+K}
+Gimme your password
+PAM Authenticate() for user "user3" exited with success
+PAM AcctMgmt() exited with success
+>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+────────────────────────────────────────────────────────────────────────────────
+> env AUTHD_PAM_CLI_USER=user3 ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOC
+K}
+Gimme your password
+PAM Authenticate() for user "user3" exited with success
+PAM AcctMgmt() exited with success
+>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+────────────────────────────────────────────────────────────────────────────────

pam/integration-tests/testdata/TestCLIAuthenticate/golden/autoselect_local_broker_for_local_user_preset

@@ -0,0 +1,99 @@
+> env AUTHD_PAM_CLI_USER=root ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK
+}
+PAM Info Message: auth=incomplete
+PAM Authenticate() for user "root" exited with error (PAM exit code: 25): The return value shoul
+d be ignored by PAM dispatch
+PAM AcctMgmt() exited with error (PAM exit code: 26): Critical error - immediate abort
+>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+────────────────────────────────────────────────────────────────────────────────
+> env AUTHD_PAM_CLI_USER=root ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK
+}
+PAM Info Message: auth=incomplete
+PAM Authenticate() for user "root" exited with error (PAM exit code: 25): The return value shoul
+d be ignored by PAM dispatch
+PAM AcctMgmt() exited with error (PAM exit code: 26): Critical error - immediate abort
+>
+>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+────────────────────────────────────────────────────────────────────────────────
+> env AUTHD_PAM_CLI_USER=root ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK
+}
+PAM Info Message: auth=incomplete
+PAM Authenticate() for user "root" exited with error (PAM exit code: 25): The return value shoul
+d be ignored by PAM dispatch
+PAM AcctMgmt() exited with error (PAM exit code: 26): Critical error - immediate abort
+>
+>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+────────────────────────────────────────────────────────────────────────────────

pam/integration-tests/testdata/tapes/local_user_preset.tape

@@ -0,0 +1,27 @@
+Output local_user_preset.txt
+Output local_user_preset.gif # If we don't specify a .gif output, it will create a default out.gif file.
+
+# Configuration header to standardize the output.
+# Does not work with the "Source" command.
+Set Width 800
+Set Height 500
+# TODO: Ideally, we should use Ubuntu Mono. However, the github runner is still on Jammy, which does not have it.
+# We should update this to use Ubuntu Mono once the runner is updated.
+Set FontFamily "Monospace"
+Set FontSize 13
+Set Padding 0
+Set Margin 0
+Set Shell bash
+
+Hide
+Type "env AUTHD_PAM_CLI_USER=root ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}"
+Enter
+Sleep 300ms
+Show
+
+Hide
+Enter
+Sleep 300ms
+Show
+
+Sleep 300ms

pam/integration-tests/testdata/tapes/simple_auth_with_preset_user.tape

@@ -0,0 +1,33 @@
+Output simple_auth_with_preset_user.txt
+Output simple_auth_with_preset_user.gif # If we don't specify a .gif output, it will create a default out.gif file.
+
+# Configuration header to standardize the output.
+# Does not work with the "Source" command.
+Set Width 800
+Set Height 500
+# TODO: Ideally, we should use Ubuntu Mono. However, the github runner is still on Jammy, which does not have it.
+# We should update this to use Ubuntu Mono once the runner is updated.
+Set FontFamily "Monospace"
+Set FontSize 13
+Set Padding 0
+Set Margin 0
+Set Shell bash
+
+Hide
+Type "env AUTHD_PAM_CLI_USER=user3 ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}"
+Enter
+Sleep 300ms
+Show
+
+Hide
+Type "2"
+Sleep 300ms
+Show
+
+Hide
+Type "goodpass"
+Enter
+Sleep 2s
+Show
+
+Sleep 300ms

pam/internal/adapter/model.go

@@ -119,7 +119,6 @@ func (m *UIModel) Init() tea.Cmd {
 	m.authenticationModel = newAuthenticationModel(m.Client, m.ClientType)
 	cmds = append(cmds, m.authenticationModel.Init())
 
-	cmds = append(cmds, m.changeStage(pam_proto.Stage_userSelection))
 	return tea.Batch(cmds...)
 }
 

pam/main-cli.go

@@ -22,6 +22,7 @@ func main() {
 	execModule := os.Getenv("AUTHD_PAM_EXEC_MODULE")
 	cliPath := os.Getenv("AUTHD_PAM_CLI_PATH")
 	testName := os.Getenv("AUTHD_PAM_CLI_TEST_NAME")
+	pamUser := os.Getenv("AUTHD_PAM_CLI_USER")
 
 	tmpDir, err := os.MkdirTemp(os.TempDir(), "pam-cli-tester-")
 	if err != nil {
@@ -73,7 +74,7 @@ func main() {
 		log.Fatalf("Can't create service file %s: %v", serviceFile, err)
 	}
 
-	tx, err := pam.StartConfDir(filepath.Base(serviceFile), "", pam.ConversationFunc(
+	tx, err := pam.StartConfDir(filepath.Base(serviceFile), pamUser, pam.ConversationFunc(
 		func(style pam.Style, msg string) (string, error) {
 			switch style {
 			case pam.TextInfo: