NotificationsYou must be signed in to change notification settings
Fork913
Star10k

Commite2681d7

committed

fix(scim): ensure scim users aren't created with their own org

1 parent0b15b1b commite2681d7Copy full SHA for e2681d7

File tree

2 files changed

+58

-17

lines changed

coderd
- users.go
enterprise/coderd
- scim.go

2 files changed

+58

-17

lines changed

`‎coderd/users.go`

Lines changed: 40 additions & 15 deletions

Original file line number	Diff line number	Diff line change
`@@ -128,7 +128,8 @@ func (api API) postFirstUser(rw http.ResponseWriter, r http.Request) {`
`128`	`128`	`// Create an org for the first user.`
`129`	`129`	`OrganizationID:uuid.Nil,`
`130`	`130`	`},`
`131`		`-LoginType:database.LoginTypePassword,`
	`131`	`+CreateOrganization:true,`
	`132`	`+LoginType:database.LoginTypePassword,`
`132`	`133`	`})`
`133`	`134`	`iferr!=nil {`
`134`	`135`	`httpapi.Write(ctx,rw,http.StatusInternalServerError, codersdk.Response{`
`@@ -313,19 +314,38 @@ func (api API) postUser(rw http.ResponseWriter, r http.Request) {`
`313`	`314`	`return`
`314`	`315`	`}`
`315`	`316`
`316`		`-_,err=api.Database.GetOrganizationByID(ctx,req.OrganizationID)`
`317`		`-ifhttpapi.Is404Error(err) {`
`318`		`-httpapi.Write(ctx,rw,http.StatusNotFound, codersdk.Response{`
`319`		`-Message:fmt.Sprintf("Organization does not exist with the provided id %q.",req.OrganizationID),`
`320`		`-})`
`321`		`-return`
`322`		`-}`
`323`		`-iferr!=nil {`
`324`		`-httpapi.Write(ctx,rw,http.StatusInternalServerError, codersdk.Response{`
`325`		`-Message:"Internal error fetching organization.",`
`326`		`-Detail:err.Error(),`
`327`		`-})`
`328`		`-return`
	`317`	`+ifreq.OrganizationID!=uuid.Nil {`
	`318`	`+_,err:=api.Database.GetOrganizationByID(ctx,req.OrganizationID)`
	`319`	`+iferr!=nil {`
	`320`	`+ifhttpapi.Is404Error(err) {`
	`321`	`+httpapi.Write(ctx,rw,http.StatusNotFound, codersdk.Response{`
	`322`	`+Message:fmt.Sprintf("Organization does not exist with the provided id %q.",req.OrganizationID),`
	`323`	`+})`
	`324`	`+return`
	`325`	`+}`
	`326`	`+`
	`327`	`+httpapi.Write(ctx,rw,http.StatusInternalServerError, codersdk.Response{`
	`328`	`+Message:"Internal error fetching organization.",`
	`329`	`+Detail:err.Error(),`
	`330`	`+})`
	`331`	`+return`
	`332`	`+}`
	`333`	`+}else {`
	`334`	`+organizations,err:=api.Database.GetOrganizations(ctx)`
	`335`	`+iferr!=nil {`
	`336`	`+httpapi.Write(ctx,rw,http.StatusInternalServerError, codersdk.Response{`
	`337`	`+Message:"Internal error fetching user.",`
	`338`	`+Detail:err.Error(),`
	`339`	`+})`
	`340`	`+return`
	`341`	`+}`
	`342`	`+`
	`343`	`+iflen(organizations)>0 {`
	`344`	`+// Add the user to the first organization. Once multi-organization`
	`345`	`+// support is added, we should enable a configuration map of user`
	`346`	`+// email to organization.`
	`347`	`+req.OrganizationID=organizations[0].ID`
	`348`	`+}`
`329`	`349`	`}`
`330`	`350`
`331`	`351`	`err=userpassword.Validate(req.Password)`
`@@ -955,7 +975,8 @@ func (api API) organizationByUserAndName(rw http.ResponseWriter, r http.Reques`
`955`	`975`
`956`	`976`	`typeCreateUserRequeststruct {`
`957`	`977`	`codersdk.CreateUserRequest`
`958`		`-LoginType database.LoginType`
	`978`	`+CreateOrganizationbool`
	`979`	`+LoginType database.LoginType`
`959`	`980`	`}`
`960`	`981`
`961`	`982`	`func (api*API)CreateUser(ctx context.Context,store database.Store,reqCreateUserRequest) (database.User, uuid.UUID,error) {`
`@@ -964,6 +985,10 @@ func (api *API) CreateUser(ctx context.Context, store database.Store, req Create`
`964`	`985`	`orgRoles:=make([]string,0)`
`965`	`986`	`// If no organization is provided, create a new one for the user.`
`966`	`987`	`ifreq.OrganizationID==uuid.Nil {`
	`988`	`+if!req.CreateOrganization {`
	`989`	`+returnxerrors.Errorf("organization ID must be provided")`
	`990`	`+}`
	`991`	`+`
`967`	`992`	`organization,err:=tx.InsertOrganization(ctx, database.InsertOrganizationParams{`
`968`	`993`	`ID:uuid.New(),`
`969`	`994`	`Name:req.Username,`

`‎enterprise/coderd/scim.go`

Lines changed: 18 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -156,11 +156,27 @@ func (api API) scimPostUser(rw http.ResponseWriter, r http.Request) {`
`156`	`156`	`return`
`157`	`157`	`}`
`158`	`158`
	`159`	`+varorganizationID uuid.UUID`
	`160`	`+//nolint:gocritic`
	`161`	`+organizations,err:=api.Database.GetOrganizations(dbauthz.AsSystemRestricted(ctx))`
	`162`	`+iferr!=nil {`
	`163`	`+_=handlerutil.WriteError(rw,err)`
	`164`	`+return`
	`165`	`+}`
	`166`	`+`
	`167`	`+iflen(organizations)>0 {`
	`168`	`+// Add the user to the first organization. Once multi-organization`
	`169`	`+// support is added, we should enable a configuration map of user`
	`170`	`+// email to organization.`
	`171`	`+organizationID=organizations[0].ID`
	`172`	`+}`
	`173`	`+`
`159`	`174`	`//nolint:gocritic // needed for SCIM`
`160`	`175`	`user,_,err:=api.AGPL.CreateUser(dbauthz.AsSystemRestricted(ctx),api.Database, agpl.CreateUserRequest{`
`161`	`176`	`CreateUserRequest: codersdk.CreateUserRequest{`
`162`		`-Username:sUser.UserName,`
`163`		`-Email:email,`
	`177`	`+Username:sUser.UserName,`
	`178`	`+Email:email,`
	`179`	`+OrganizationID:organizationID,`
`164`	`180`	`},`
`165`	`181`	`LoginType:database.LoginTypeOIDC,`
`166`	`182`	`})`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commite2681d7

File tree

2 files changed

2 files changed

`‎coderd/users.go`

`‎enterprise/coderd/scim.go`

0 commit comments