mirror of https://github.com/coder/coder.git
chore: remove autocreate orgs on CreateUser (#12434)
New users must be explictly given an organization to join. Organizations should not be auto created as a side effect of creating a new user.
This commit is contained in:
parent
842799847a
commit
23ff807a27
|
@ -1351,20 +1351,16 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
|
|||
// This can happen if a user is a built-in user but is signing in
|
||||
// with OIDC for the first time.
|
||||
if user.ID == uuid.Nil {
|
||||
var organizationID uuid.UUID
|
||||
// Ignoring this error is a product of our unit tests. In prod this should never
|
||||
// happen. Unit tests use this as a shortcut to making a new organization. We
|
||||
// should really fix our unit tests and remove this.
|
||||
// Until proper multi-org support, all users will be added to the default organization.
|
||||
// The default organization should always be present.
|
||||
//nolint:gocritic
|
||||
organization, _ := tx.GetDefaultOrganization(dbauthz.AsSystemRestricted(ctx))
|
||||
|
||||
// Add the user to the default organization.
|
||||
// Once multi-organization we should check some configuration to see
|
||||
// if we should add the user to a different organization.
|
||||
organizationID = organization.ID
|
||||
defaultOrganization, err := tx.GetDefaultOrganization(dbauthz.AsSystemRestricted(ctx))
|
||||
if err != nil {
|
||||
return xerrors.Errorf("unable to fetch default organization: %w", err)
|
||||
}
|
||||
|
||||
//nolint:gocritic
|
||||
_, err := tx.GetUserByEmailOrUsername(dbauthz.AsSystemRestricted(ctx), database.GetUserByEmailOrUsernameParams{
|
||||
_, err = tx.GetUserByEmailOrUsername(dbauthz.AsSystemRestricted(ctx), database.GetUserByEmailOrUsernameParams{
|
||||
Username: params.Username,
|
||||
})
|
||||
if err == nil {
|
||||
|
@ -1402,13 +1398,9 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
|
|||
CreateUserRequest: codersdk.CreateUserRequest{
|
||||
Email: params.Email,
|
||||
Username: params.Username,
|
||||
OrganizationID: organizationID,
|
||||
OrganizationID: defaultOrganization.ID,
|
||||
},
|
||||
// All of the userauth tests depend on this being able to create
|
||||
// the first organization. It shouldn't be possible in normal
|
||||
// operation.
|
||||
CreateOrganization: organizationID == uuid.Nil,
|
||||
LoginType: params.LoginType,
|
||||
LoginType: params.LoginType,
|
||||
})
|
||||
if err != nil {
|
||||
return xerrors.Errorf("create user: %w", err)
|
||||
|
|
|
@ -201,8 +201,7 @@ func (api *API) postFirstUser(rw http.ResponseWriter, r *http.Request) {
|
|||
Password: createUser.Password,
|
||||
OrganizationID: defaultOrg.ID,
|
||||
},
|
||||
CreateOrganization: false,
|
||||
LoginType: database.LoginTypePassword,
|
||||
LoginType: database.LoginTypePassword,
|
||||
})
|
||||
if err != nil {
|
||||
httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
|
||||
|
@ -1231,8 +1230,7 @@ func (api *API) organizationByUserAndName(rw http.ResponseWriter, r *http.Reques
|
|||
|
||||
type CreateUserRequest struct {
|
||||
codersdk.CreateUserRequest
|
||||
CreateOrganization bool
|
||||
LoginType database.LoginType
|
||||
LoginType database.LoginType
|
||||
}
|
||||
|
||||
func (api *API) CreateUser(ctx context.Context, store database.Store, req CreateUserRequest) (database.User, uuid.UUID, error) {
|
||||
|
@ -1245,32 +1243,9 @@ func (api *API) CreateUser(ctx context.Context, store database.Store, req Create
|
|||
var user database.User
|
||||
return user, req.OrganizationID, store.InTx(func(tx database.Store) error {
|
||||
orgRoles := make([]string, 0)
|
||||
// If no organization is provided, create a new one for the user.
|
||||
// Organization is required to know where to allocate the user.
|
||||
if req.OrganizationID == uuid.Nil {
|
||||
if !req.CreateOrganization {
|
||||
return xerrors.Errorf("organization ID must be provided")
|
||||
}
|
||||
|
||||
organization, err := tx.InsertOrganization(ctx, database.InsertOrganizationParams{
|
||||
ID: uuid.New(),
|
||||
Name: req.Username,
|
||||
CreatedAt: dbtime.Now(),
|
||||
UpdatedAt: dbtime.Now(),
|
||||
Description: "",
|
||||
})
|
||||
if err != nil {
|
||||
return xerrors.Errorf("create organization: %w", err)
|
||||
}
|
||||
req.OrganizationID = organization.ID
|
||||
// TODO: When organizations are allowed to be created, we should
|
||||
// come back to determining the default role of the person who
|
||||
// creates the org. Until that happens, all users in an organization
|
||||
// should be just regular members. Membership role is implied, and
|
||||
// not required to be explicit.
|
||||
_, err = tx.InsertAllUsersGroup(ctx, organization.ID)
|
||||
if err != nil {
|
||||
return xerrors.Errorf("create %q group: %w", database.EveryoneGroup, err)
|
||||
}
|
||||
return xerrors.Errorf("organization ID must be provided")
|
||||
}
|
||||
|
||||
params := database.InsertUserParams{
|
||||
|
|
Loading…
Reference in New Issue