mirror of https://github.com/coder/coder.git
feat: convert to oidc out of experimental (#8742)
This commit is contained in:
parent
ed82b864d0
commit
cb36783e8c
|
@ -7078,9 +7078,6 @@ const docTemplate = `{
|
|||
"codersdk.AuthMethods": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"convert_to_oidc_enabled": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"github": {
|
||||
"$ref": "#/definitions/codersdk.AuthMethod"
|
||||
},
|
||||
|
@ -8022,7 +8019,6 @@ const docTemplate = `{
|
|||
"moons",
|
||||
"workspace_actions",
|
||||
"tailnet_pg_coordinator",
|
||||
"convert-to-oidc",
|
||||
"single_tailnet",
|
||||
"template_restart_requirement",
|
||||
"template_insights_page"
|
||||
|
@ -8031,7 +8027,6 @@ const docTemplate = `{
|
|||
"ExperimentMoons",
|
||||
"ExperimentWorkspaceActions",
|
||||
"ExperimentTailnetPGCoordinator",
|
||||
"ExperimentConvertToOIDC",
|
||||
"ExperimentSingleTailnet",
|
||||
"ExperimentTemplateRestartRequirement",
|
||||
"ExperimentTemplateInsightsPage"
|
||||
|
|
|
@ -6302,9 +6302,6 @@
|
|||
"codersdk.AuthMethods": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"convert_to_oidc_enabled": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"github": {
|
||||
"$ref": "#/definitions/codersdk.AuthMethod"
|
||||
},
|
||||
|
@ -7183,7 +7180,6 @@
|
|||
"moons",
|
||||
"workspace_actions",
|
||||
"tailnet_pg_coordinator",
|
||||
"convert-to-oidc",
|
||||
"single_tailnet",
|
||||
"template_restart_requirement",
|
||||
"template_insights_page"
|
||||
|
@ -7192,7 +7188,6 @@
|
|||
"ExperimentMoons",
|
||||
"ExperimentWorkspaceActions",
|
||||
"ExperimentTailnetPGCoordinator",
|
||||
"ExperimentConvertToOIDC",
|
||||
"ExperimentSingleTailnet",
|
||||
"ExperimentTemplateRestartRequirement",
|
||||
"ExperimentTemplateInsightsPage"
|
||||
|
|
|
@ -64,13 +64,6 @@ type OAuthConvertStateClaims struct {
|
|||
// @Success 201 {object} codersdk.OAuthConversionResponse
|
||||
// @Router /users/{user}/convert-login [post]
|
||||
func (api *API) postConvertLoginType(rw http.ResponseWriter, r *http.Request) {
|
||||
if !api.Experiments.Enabled(codersdk.ExperimentConvertToOIDC) {
|
||||
httpapi.Write(r.Context(), rw, http.StatusForbidden, codersdk.Response{
|
||||
Message: "Oauth conversion is not allowed, contact an administrator to turn on this feature.",
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
var (
|
||||
user = httpmw.UserParam(r)
|
||||
ctx = r.Context()
|
||||
|
@ -455,7 +448,6 @@ func (api *API) userAuthMethods(rw http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
httpapi.Write(r.Context(), rw, http.StatusOK, codersdk.AuthMethods{
|
||||
ConvertToOIDCEnabled: api.Experiments.Enabled(codersdk.ExperimentConvertToOIDC),
|
||||
Password: codersdk.AuthMethod{
|
||||
Enabled: !api.DeploymentValues.DisablePasswordAuth.Value(),
|
||||
},
|
||||
|
@ -1499,11 +1491,6 @@ func (api *API) convertUserToOauth(ctx context.Context, r *http.Request, db data
|
|||
oauthConvertAudit.UserID = claims.UserID
|
||||
oauthConvertAudit.Old = user
|
||||
|
||||
// If we do not allow converting to oauth, return an error.
|
||||
if !api.Experiments.Enabled(codersdk.ExperimentConvertToOIDC) {
|
||||
return database.User{}, wrongLoginTypeHTTPError(user.LoginType, params.LoginType)
|
||||
}
|
||||
|
||||
if claims.RegisteredClaims.Issuer != api.DeploymentID {
|
||||
return database.User{}, httpError{
|
||||
code: http.StatusForbidden,
|
||||
|
|
|
@ -20,7 +20,6 @@ import (
|
|||
"golang.org/x/xerrors"
|
||||
|
||||
"cdr.dev/slog/sloggers/slogtest"
|
||||
"github.com/coder/coder/cli/clibase"
|
||||
"github.com/coder/coder/coderd"
|
||||
"github.com/coder/coder/coderd/audit"
|
||||
"github.com/coder/coder/coderd/coderdtest"
|
||||
|
@ -796,7 +795,6 @@ func TestUserOIDC(t *testing.T) {
|
|||
config.AllowSignups = true
|
||||
|
||||
cfg := coderdtest.DeploymentValues(t)
|
||||
cfg.Experiments = clibase.StringArray{string(codersdk.ExperimentConvertToOIDC)}
|
||||
client := coderdtest.New(t, &coderdtest.Options{
|
||||
Auditor: auditor,
|
||||
OIDCConfig: config,
|
||||
|
|
|
@ -1850,10 +1850,6 @@ const (
|
|||
// only Coordinator
|
||||
ExperimentTailnetPGCoordinator Experiment = "tailnet_pg_coordinator"
|
||||
|
||||
// ExperimentConvertToOIDC enables users to convert from password to
|
||||
// oidc.
|
||||
ExperimentConvertToOIDC Experiment = "convert-to-oidc"
|
||||
|
||||
// ExperimentSingleTailnet replaces workspace connections inside coderd to
|
||||
// all use a single tailnet, instead of the previous behavior of creating a
|
||||
// single tailnet for each agent.
|
||||
|
|
|
@ -160,10 +160,9 @@ type CreateOrganizationRequest struct {
|
|||
|
||||
// AuthMethods contains authentication method information like whether they are enabled or not or custom text, etc.
|
||||
type AuthMethods struct {
|
||||
ConvertToOIDCEnabled bool `json:"convert_to_oidc_enabled"`
|
||||
Password AuthMethod `json:"password"`
|
||||
Github AuthMethod `json:"github"`
|
||||
OIDC OIDCAuthMethod `json:"oidc"`
|
||||
Password AuthMethod `json:"password"`
|
||||
Github AuthMethod `json:"github"`
|
||||
OIDC OIDCAuthMethod `json:"oidc"`
|
||||
}
|
||||
|
||||
type AuthMethod struct {
|
||||
|
|
|
@ -1184,7 +1184,6 @@
|
|||
|
||||
```json
|
||||
{
|
||||
"convert_to_oidc_enabled": true,
|
||||
"github": {
|
||||
"enabled": true
|
||||
},
|
||||
|
@ -1201,12 +1200,11 @@
|
|||
|
||||
### Properties
|
||||
|
||||
| Name | Type | Required | Restrictions | Description |
|
||||
| ------------------------- | -------------------------------------------------- | -------- | ------------ | ----------- |
|
||||
| `convert_to_oidc_enabled` | boolean | false | | |
|
||||
| `github` | [codersdk.AuthMethod](#codersdkauthmethod) | false | | |
|
||||
| `oidc` | [codersdk.OIDCAuthMethod](#codersdkoidcauthmethod) | false | | |
|
||||
| `password` | [codersdk.AuthMethod](#codersdkauthmethod) | false | | |
|
||||
| Name | Type | Required | Restrictions | Description |
|
||||
| ---------- | -------------------------------------------------- | -------- | ------------ | ----------- |
|
||||
| `github` | [codersdk.AuthMethod](#codersdkauthmethod) | false | | |
|
||||
| `oidc` | [codersdk.OIDCAuthMethod](#codersdkoidcauthmethod) | false | | |
|
||||
| `password` | [codersdk.AuthMethod](#codersdkauthmethod) | false | | |
|
||||
|
||||
## codersdk.AuthorizationCheck
|
||||
|
||||
|
@ -2673,7 +2671,6 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in
|
|||
| `moons` |
|
||||
| `workspace_actions` |
|
||||
| `tailnet_pg_coordinator` |
|
||||
| `convert-to-oidc` |
|
||||
| `single_tailnet` |
|
||||
| `template_restart_requirement` |
|
||||
| `template_insights_page` |
|
||||
|
|
|
@ -142,7 +142,6 @@ curl -X GET http://coder-server:8080/api/v2/users/authmethods \
|
|||
|
||||
```json
|
||||
{
|
||||
"convert_to_oidc_enabled": true,
|
||||
"github": {
|
||||
"enabled": true
|
||||
},
|
||||
|
|
|
@ -110,7 +110,6 @@ export interface AuthMethod {
|
|||
|
||||
// From codersdk/users.go
|
||||
export interface AuthMethods {
|
||||
readonly convert_to_oidc_enabled: boolean
|
||||
readonly password: AuthMethod
|
||||
readonly github: AuthMethod
|
||||
readonly oidc: OIDCAuthMethod
|
||||
|
@ -1560,7 +1559,6 @@ export const Entitlements: Entitlement[] = [
|
|||
|
||||
// From codersdk/deployment.go
|
||||
export type Experiment =
|
||||
| "convert-to-oidc"
|
||||
| "moons"
|
||||
| "single_tailnet"
|
||||
| "tailnet_pg_coordinator"
|
||||
|
@ -1568,7 +1566,6 @@ export type Experiment =
|
|||
| "template_restart_requirement"
|
||||
| "workspace_actions"
|
||||
export const Experiments: Experiment[] = [
|
||||
"convert-to-oidc",
|
||||
"moons",
|
||||
"single_tailnet",
|
||||
"tailnet_pg_coordinator",
|
||||
|
|
|
@ -28,7 +28,6 @@ SigningIn.args = {
|
|||
...SignedOut.args,
|
||||
isSigningIn: true,
|
||||
authMethods: {
|
||||
convert_to_oidc_enabled: false,
|
||||
password: { enabled: true },
|
||||
github: { enabled: true },
|
||||
oidc: { enabled: false, signInText: "", iconUrl: "" },
|
||||
|
@ -56,7 +55,6 @@ export const WithGithub = Template.bind({})
|
|||
WithGithub.args = {
|
||||
...SignedOut.args,
|
||||
authMethods: {
|
||||
convert_to_oidc_enabled: false,
|
||||
password: { enabled: true },
|
||||
github: { enabled: true },
|
||||
oidc: { enabled: false, signInText: "", iconUrl: "" },
|
||||
|
@ -67,7 +65,6 @@ export const WithOIDC = Template.bind({})
|
|||
WithOIDC.args = {
|
||||
...SignedOut.args,
|
||||
authMethods: {
|
||||
convert_to_oidc_enabled: false,
|
||||
password: { enabled: true },
|
||||
github: { enabled: false },
|
||||
oidc: { enabled: true, signInText: "", iconUrl: "" },
|
||||
|
@ -78,7 +75,6 @@ export const WithOIDCWithoutPassword = Template.bind({})
|
|||
WithOIDCWithoutPassword.args = {
|
||||
...SignedOut.args,
|
||||
authMethods: {
|
||||
convert_to_oidc_enabled: false,
|
||||
password: { enabled: false },
|
||||
github: { enabled: false },
|
||||
oidc: { enabled: true, signInText: "", iconUrl: "" },
|
||||
|
@ -89,7 +85,6 @@ export const WithoutAny = Template.bind({})
|
|||
WithoutAny.args = {
|
||||
...SignedOut.args,
|
||||
authMethods: {
|
||||
convert_to_oidc_enabled: false,
|
||||
password: { enabled: false },
|
||||
github: { enabled: false },
|
||||
oidc: { enabled: false, signInText: "", iconUrl: "" },
|
||||
|
@ -100,7 +95,6 @@ export const WithGithubAndOIDC = Template.bind({})
|
|||
WithGithubAndOIDC.args = {
|
||||
...SignedOut.args,
|
||||
authMethods: {
|
||||
convert_to_oidc_enabled: false,
|
||||
password: { enabled: true },
|
||||
github: { enabled: true },
|
||||
oidc: { enabled: true, signInText: "", iconUrl: "" },
|
||||
|
|
|
@ -61,7 +61,6 @@ describe("LoginPage", () => {
|
|||
|
||||
it("shows github authentication when enabled", async () => {
|
||||
const authMethods: TypesGen.AuthMethods = {
|
||||
convert_to_oidc_enabled: false,
|
||||
password: { enabled: true },
|
||||
github: { enabled: true },
|
||||
oidc: { enabled: true, signInText: "", iconUrl: "" },
|
||||
|
@ -113,7 +112,6 @@ describe("LoginPage", () => {
|
|||
|
||||
it("hides password authentication if OIDC/GitHub is enabled and displays on click", async () => {
|
||||
const authMethods: TypesGen.AuthMethods = {
|
||||
convert_to_oidc_enabled: false,
|
||||
password: { enabled: true },
|
||||
github: { enabled: true },
|
||||
oidc: { enabled: true, signInText: "", iconUrl: "" },
|
||||
|
|
|
@ -53,17 +53,13 @@ export const SecurityPage: FC = () => {
|
|||
},
|
||||
},
|
||||
}}
|
||||
oidc={
|
||||
authMethods.convert_to_oidc_enabled
|
||||
? {
|
||||
section: {
|
||||
authMethods,
|
||||
userLoginType,
|
||||
...singleSignOnSection,
|
||||
},
|
||||
}
|
||||
: undefined
|
||||
}
|
||||
oidc={{
|
||||
section: {
|
||||
authMethods,
|
||||
userLoginType,
|
||||
...singleSignOnSection,
|
||||
},
|
||||
}}
|
||||
/>
|
||||
)
|
||||
}
|
||||
|
|
|
@ -1113,7 +1113,6 @@ export const MockAuthMethods: TypesGen.AuthMethods = {
|
|||
password: { enabled: true },
|
||||
github: { enabled: false },
|
||||
oidc: { enabled: false, signInText: "", iconUrl: "" },
|
||||
convert_to_oidc_enabled: true,
|
||||
}
|
||||
|
||||
export const MockAuthMethodsWithPasswordType: TypesGen.AuthMethods = {
|
||||
|
|
Loading…
Reference in New Issue