NotificationsYou must be signed in to change notification settings
Fork1.1k
Star11.4k

Commitac559f1

authored

fix: handle omitted role sync claim (#8697)

* fix: handle omitted role sync claim

1 parentac973a4 commitac559f1Copy full SHA for ac559f1

File tree

2 files changed

+41

-1

lines changed

coderd
- userauth.go
enterprise/coderd
- userauth_test.go

2 files changed

+41

-1

lines changed

`‎coderd/userauth.go‎`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -965,7 +965,8 @@ func (api API) userOIDC(rw http.ResponseWriter, r http.Request) {`
`965`	`965`	`// a member. This is because there is no way to tell the difference`
`966`	`966`	`// between []string{} and nil for OIDC claims. IDPs omit claims`
`967`	`967`	`// if they are empty ([]string{}).`
`968`		`-rolesRow= []string{}`
	`968`	`+// Use []interface{}{} so the next typecast works.`
	`969`	`+rolesRow= []interface{}{}`
`969`	`970`	`}`
`970`	`971`
`971`	`972`	`rolesInterface,ok:=rolesRow.([]interface{})`

`‎enterprise/coderd/userauth_test.go‎`

Lines changed: 39 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,45 @@ func TestUserOIDC(t *testing.T) {`
`28`	`28`	`t.Run("RoleSync",func(t*testing.T) {`
`29`	`29`	`t.Parallel()`
`30`	`30`
	`31`	`+t.Run("NoRoles",func(t*testing.T) {`
	`32`	`+t.Parallel()`
	`33`	`+`
	`34`	`+ctx:=testutil.Context(t,testutil.WaitMedium)`
	`35`	`+conf:=coderdtest.NewOIDCConfig(t,"")`
	`36`	`+`
	`37`	`+oidcRoleName:="TemplateAuthor"`
	`38`	`+`
	`39`	`+config:=conf.OIDCConfig(t, jwt.MapClaims{},func(cfg*coderd.OIDCConfig) {`
	`40`	`+cfg.UserRoleMapping=map[string][]string{oidcRoleName: {rbac.RoleTemplateAdmin(),rbac.RoleUserAdmin()}}`
	`41`	`+})`
	`42`	`+config.AllowSignups=true`
	`43`	`+config.UserRoleField="roles"`
	`44`	`+`
	`45`	`+client,_:=coderdenttest.New(t,&coderdenttest.Options{`
	`46`	`+Options:&coderdtest.Options{`
	`47`	`+OIDCConfig:config,`
	`48`	`+},`
	`49`	`+LicenseOptions:&coderdenttest.LicenseOptions{`
	`50`	`+Features: license.Features{codersdk.FeatureUserRoleManagement:1},`
	`51`	`+},`
	`52`	`+})`
	`53`	`+`
	`54`	`+admin,err:=client.User(ctx,"me")`
	`55`	`+require.NoError(t,err)`
	`56`	`+require.Len(t,admin.OrganizationIDs,1)`
	`57`	`+`
	`58`	`+resp:=oidcCallback(t,client,conf.EncodeClaims(t, jwt.MapClaims{`
	`59`	`+"email":"alice@coder.com",`
	`60`	`+}))`
	`61`	`+require.Equal(t,http.StatusTemporaryRedirect,resp.StatusCode)`
	`62`	`+user,err:=client.User(ctx,"alice")`
	`63`	`+require.NoError(t,err)`
	`64`	`+`
	`65`	`+require.Len(t,user.Roles,0)`
	`66`	`+roleNames:= []string{}`
	`67`	`+require.ElementsMatch(t,roleNames, []string{})`
	`68`	`+})`
	`69`	`+`
`31`	`70`	`t.Run("NewUserAndRemoveRoles",func(t*testing.T) {`
`32`	`71`	`t.Parallel()`
`33`	`72`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitac559f1

File tree

2 files changed

2 files changed

`‎coderd/userauth.go‎`

`‎enterprise/coderd/userauth_test.go‎`

0 commit comments