mirror of https://github.com/coder/coder.git
chore: remove autocreate orgs on CreateUser (#12434)
New users must be explictly given an organization to join. Organizations should not be auto created as a side effect of creating a new user.
This commit is contained in:
parent
842799847a
commit
23ff807a27
|
@ -1351,20 +1351,16 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
|
||||||
// This can happen if a user is a built-in user but is signing in
|
// This can happen if a user is a built-in user but is signing in
|
||||||
// with OIDC for the first time.
|
// with OIDC for the first time.
|
||||||
if user.ID == uuid.Nil {
|
if user.ID == uuid.Nil {
|
||||||
var organizationID uuid.UUID
|
// Until proper multi-org support, all users will be added to the default organization.
|
||||||
// Ignoring this error is a product of our unit tests. In prod this should never
|
// The default organization should always be present.
|
||||||
// happen. Unit tests use this as a shortcut to making a new organization. We
|
|
||||||
// should really fix our unit tests and remove this.
|
|
||||||
//nolint:gocritic
|
//nolint:gocritic
|
||||||
organization, _ := tx.GetDefaultOrganization(dbauthz.AsSystemRestricted(ctx))
|
defaultOrganization, err := tx.GetDefaultOrganization(dbauthz.AsSystemRestricted(ctx))
|
||||||
|
if err != nil {
|
||||||
// Add the user to the default organization.
|
return xerrors.Errorf("unable to fetch default organization: %w", err)
|
||||||
// Once multi-organization we should check some configuration to see
|
}
|
||||||
// if we should add the user to a different organization.
|
|
||||||
organizationID = organization.ID
|
|
||||||
|
|
||||||
//nolint:gocritic
|
//nolint:gocritic
|
||||||
_, err := tx.GetUserByEmailOrUsername(dbauthz.AsSystemRestricted(ctx), database.GetUserByEmailOrUsernameParams{
|
_, err = tx.GetUserByEmailOrUsername(dbauthz.AsSystemRestricted(ctx), database.GetUserByEmailOrUsernameParams{
|
||||||
Username: params.Username,
|
Username: params.Username,
|
||||||
})
|
})
|
||||||
if err == nil {
|
if err == nil {
|
||||||
|
@ -1402,13 +1398,9 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
|
||||||
CreateUserRequest: codersdk.CreateUserRequest{
|
CreateUserRequest: codersdk.CreateUserRequest{
|
||||||
Email: params.Email,
|
Email: params.Email,
|
||||||
Username: params.Username,
|
Username: params.Username,
|
||||||
OrganizationID: organizationID,
|
OrganizationID: defaultOrganization.ID,
|
||||||
},
|
},
|
||||||
// All of the userauth tests depend on this being able to create
|
LoginType: params.LoginType,
|
||||||
// the first organization. It shouldn't be possible in normal
|
|
||||||
// operation.
|
|
||||||
CreateOrganization: organizationID == uuid.Nil,
|
|
||||||
LoginType: params.LoginType,
|
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return xerrors.Errorf("create user: %w", err)
|
return xerrors.Errorf("create user: %w", err)
|
||||||
|
|
|
@ -201,8 +201,7 @@ func (api *API) postFirstUser(rw http.ResponseWriter, r *http.Request) {
|
||||||
Password: createUser.Password,
|
Password: createUser.Password,
|
||||||
OrganizationID: defaultOrg.ID,
|
OrganizationID: defaultOrg.ID,
|
||||||
},
|
},
|
||||||
CreateOrganization: false,
|
LoginType: database.LoginTypePassword,
|
||||||
LoginType: database.LoginTypePassword,
|
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
|
httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
|
||||||
|
@ -1231,8 +1230,7 @@ func (api *API) organizationByUserAndName(rw http.ResponseWriter, r *http.Reques
|
||||||
|
|
||||||
type CreateUserRequest struct {
|
type CreateUserRequest struct {
|
||||||
codersdk.CreateUserRequest
|
codersdk.CreateUserRequest
|
||||||
CreateOrganization bool
|
LoginType database.LoginType
|
||||||
LoginType database.LoginType
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (api *API) CreateUser(ctx context.Context, store database.Store, req CreateUserRequest) (database.User, uuid.UUID, error) {
|
func (api *API) CreateUser(ctx context.Context, store database.Store, req CreateUserRequest) (database.User, uuid.UUID, error) {
|
||||||
|
@ -1245,32 +1243,9 @@ func (api *API) CreateUser(ctx context.Context, store database.Store, req Create
|
||||||
var user database.User
|
var user database.User
|
||||||
return user, req.OrganizationID, store.InTx(func(tx database.Store) error {
|
return user, req.OrganizationID, store.InTx(func(tx database.Store) error {
|
||||||
orgRoles := make([]string, 0)
|
orgRoles := make([]string, 0)
|
||||||
// If no organization is provided, create a new one for the user.
|
// Organization is required to know where to allocate the user.
|
||||||
if req.OrganizationID == uuid.Nil {
|
if req.OrganizationID == uuid.Nil {
|
||||||
if !req.CreateOrganization {
|
return xerrors.Errorf("organization ID must be provided")
|
||||||
return xerrors.Errorf("organization ID must be provided")
|
|
||||||
}
|
|
||||||
|
|
||||||
organization, err := tx.InsertOrganization(ctx, database.InsertOrganizationParams{
|
|
||||||
ID: uuid.New(),
|
|
||||||
Name: req.Username,
|
|
||||||
CreatedAt: dbtime.Now(),
|
|
||||||
UpdatedAt: dbtime.Now(),
|
|
||||||
Description: "",
|
|
||||||
})
|
|
||||||
if err != nil {
|
|
||||||
return xerrors.Errorf("create organization: %w", err)
|
|
||||||
}
|
|
||||||
req.OrganizationID = organization.ID
|
|
||||||
// TODO: When organizations are allowed to be created, we should
|
|
||||||
// come back to determining the default role of the person who
|
|
||||||
// creates the org. Until that happens, all users in an organization
|
|
||||||
// should be just regular members. Membership role is implied, and
|
|
||||||
// not required to be explicit.
|
|
||||||
_, err = tx.InsertAllUsersGroup(ctx, organization.ID)
|
|
||||||
if err != nil {
|
|
||||||
return xerrors.Errorf("create %q group: %w", database.EveryoneGroup, err)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
params := database.InsertUserParams{
|
params := database.InsertUserParams{
|
||||||
|
|
Loading…
Reference in New Issue