feat: convert to oidc out of experimental (#8742)

2023-07-31 11:30:34 -04:00 · 2023-07-31 11:30:34 -04:00 · cb36783e8c
parent ed82b864d0
commit cb36783e8c
13 changed files with 15 additions and 65 deletions
--- a/coderd/apidoc/docs.go
+++ b/coderd/apidoc/docs.go
@ -7078,9 +7078,6 @@ const docTemplate = `{
        "codersdk.AuthMethods": {
            "type": "object",
            "properties": {
-                "convert_to_oidc_enabled": {
-                    "type": "boolean"
-                },
                "github": {
                    "$ref": "#/definitions/codersdk.AuthMethod"
                },
@ -8022,7 +8019,6 @@ const docTemplate = `{
                "moons",
                "workspace_actions",
                "tailnet_pg_coordinator",
-                "convert-to-oidc",
                "single_tailnet",
                "template_restart_requirement",
                "template_insights_page"
@ -8031,7 +8027,6 @@ const docTemplate = `{
                "ExperimentMoons",
                "ExperimentWorkspaceActions",
                "ExperimentTailnetPGCoordinator",
-                "ExperimentConvertToOIDC",
                "ExperimentSingleTailnet",
                "ExperimentTemplateRestartRequirement",
                "ExperimentTemplateInsightsPage"
--- a/coderd/apidoc/swagger.json
+++ b/coderd/apidoc/swagger.json
@ -6302,9 +6302,6 @@
    "codersdk.AuthMethods": {
      "type": "object",
      "properties": {
-        "convert_to_oidc_enabled": {
-          "type": "boolean"
-        },
        "github": {
          "$ref": "#/definitions/codersdk.AuthMethod"
        },
@ -7183,7 +7180,6 @@
        "moons",
        "workspace_actions",
        "tailnet_pg_coordinator",
-        "convert-to-oidc",
        "single_tailnet",
        "template_restart_requirement",
        "template_insights_page"
@ -7192,7 +7188,6 @@
        "ExperimentMoons",
        "ExperimentWorkspaceActions",
        "ExperimentTailnetPGCoordinator",
-        "ExperimentConvertToOIDC",
        "ExperimentSingleTailnet",
        "ExperimentTemplateRestartRequirement",
        "ExperimentTemplateInsightsPage"
--- a/coderd/userauth.go
+++ b/coderd/userauth.go
@ -64,13 +64,6 @@ type OAuthConvertStateClaims struct {
 // @Success 201 {object} codersdk.OAuthConversionResponse
 // @Router /users/{user}/convert-login [post]
 func (api *API) postConvertLoginType(rw http.ResponseWriter, r *http.Request) {
-	if !api.Experiments.Enabled(codersdk.ExperimentConvertToOIDC) {
-		httpapi.Write(r.Context(), rw, http.StatusForbidden, codersdk.Response{
-			Message: "Oauth conversion is not allowed, contact an administrator to turn on this feature.",
-		})
-		return
-	}
-
 	var (
 		user              = httpmw.UserParam(r)
 		ctx               = r.Context()
@ -455,7 +448,6 @@ func (api *API) userAuthMethods(rw http.ResponseWriter, r *http.Request) {
 	}

 	httpapi.Write(r.Context(), rw, http.StatusOK, codersdk.AuthMethods{
-		ConvertToOIDCEnabled: api.Experiments.Enabled(codersdk.ExperimentConvertToOIDC),
 		Password: codersdk.AuthMethod{
 			Enabled: !api.DeploymentValues.DisablePasswordAuth.Value(),
 		},
@ -1499,11 +1491,6 @@ func (api *API) convertUserToOauth(ctx context.Context, r *http.Request, db data
 	oauthConvertAudit.UserID = claims.UserID
 	oauthConvertAudit.Old = user

-	// If we do not allow converting to oauth, return an error.
-	if !api.Experiments.Enabled(codersdk.ExperimentConvertToOIDC) {
-		return database.User{}, wrongLoginTypeHTTPError(user.LoginType, params.LoginType)
-	}
-
 	if claims.RegisteredClaims.Issuer != api.DeploymentID {
 		return database.User{}, httpError{
 			code: http.StatusForbidden,
--- a/coderd/userauth_test.go
+++ b/coderd/userauth_test.go
@ -20,7 +20,6 @@ import (
 	"golang.org/x/xerrors"

 	"cdr.dev/slog/sloggers/slogtest"
-	"github.com/coder/coder/cli/clibase"
 	"github.com/coder/coder/coderd"
 	"github.com/coder/coder/coderd/audit"
 	"github.com/coder/coder/coderd/coderdtest"
@ -796,7 +795,6 @@ func TestUserOIDC(t *testing.T) {
 		config.AllowSignups = true

 		cfg := coderdtest.DeploymentValues(t)
-		cfg.Experiments = clibase.StringArray{string(codersdk.ExperimentConvertToOIDC)}
 		client := coderdtest.New(t, &coderdtest.Options{
 			Auditor:          auditor,
 			OIDCConfig:       config,
--- a/codersdk/deployment.go
+++ b/codersdk/deployment.go
@ -1850,10 +1850,6 @@ const (
 	// only Coordinator
 	ExperimentTailnetPGCoordinator Experiment = "tailnet_pg_coordinator"

-	// ExperimentConvertToOIDC enables users to convert from password to
-	// oidc.
-	ExperimentConvertToOIDC Experiment = "convert-to-oidc"
-
 	// ExperimentSingleTailnet replaces workspace connections inside coderd to
 	// all use a single tailnet, instead of the previous behavior of creating a
 	// single tailnet for each agent.
--- a/codersdk/users.go
+++ b/codersdk/users.go
@ -160,10 +160,9 @@ type CreateOrganizationRequest struct {

 // AuthMethods contains authentication method information like whether they are enabled or not or custom text, etc.
 type AuthMethods struct {
-	ConvertToOIDCEnabled bool           `json:"convert_to_oidc_enabled"`
-	Password             AuthMethod     `json:"password"`
-	Github               AuthMethod     `json:"github"`
-	OIDC                 OIDCAuthMethod `json:"oidc"`
+	Password AuthMethod     `json:"password"`
+	Github   AuthMethod     `json:"github"`
+	OIDC     OIDCAuthMethod `json:"oidc"`
 }

 type AuthMethod struct {
--- a/docs/api/schemas.md
+++ b/docs/api/schemas.md
@ -1184,7 +1184,6 @@

 ```json
 {
-  "convert_to_oidc_enabled": true,
  "github": {
    "enabled": true
  },
@ -1201,12 +1200,11 @@

 ### Properties

-| Name                      | Type                                               | Required | Restrictions | Description |
-| ------------------------- | -------------------------------------------------- | -------- | ------------ | ----------- |
-| `convert_to_oidc_enabled` | boolean                                            | false    |              |             |
-| `github`                  | [codersdk.AuthMethod](#codersdkauthmethod)         | false    |              |             |
-| `oidc`                    | [codersdk.OIDCAuthMethod](#codersdkoidcauthmethod) | false    |              |             |
-| `password`                | [codersdk.AuthMethod](#codersdkauthmethod)         | false    |              |             |
+| Name       | Type                                               | Required | Restrictions | Description |
+| ---------- | -------------------------------------------------- | -------- | ------------ | ----------- |
+| `github`   | [codersdk.AuthMethod](#codersdkauthmethod)         | false    |              |             |
+| `oidc`     | [codersdk.OIDCAuthMethod](#codersdkoidcauthmethod) | false    |              |             |
+| `password` | [codersdk.AuthMethod](#codersdkauthmethod)         | false    |              |             |

 ## codersdk.AuthorizationCheck

@ -2673,7 +2671,6 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in
 | `moons`                        |
 | `workspace_actions`            |
 | `tailnet_pg_coordinator`       |
-| `convert-to-oidc`              |
 | `single_tailnet`               |
 | `template_restart_requirement` |
 | `template_insights_page`       |
--- a/docs/api/users.md
+++ b/docs/api/users.md
@ -142,7 +142,6 @@ curl -X GET http://coder-server:8080/api/v2/users/authmethods \

 ```json
 {
-  "convert_to_oidc_enabled": true,
  "github": {
    "enabled": true
  },
--- a/site/src/api/typesGenerated.ts
+++ b/site/src/api/typesGenerated.ts
@ -110,7 +110,6 @@ export interface AuthMethod {

 // From codersdk/users.go
 export interface AuthMethods {
-  readonly convert_to_oidc_enabled: boolean
  readonly password: AuthMethod
  readonly github: AuthMethod
  readonly oidc: OIDCAuthMethod
@ -1560,7 +1559,6 @@ export const Entitlements: Entitlement[] = [

 // From codersdk/deployment.go
 export type Experiment =
-  | "convert-to-oidc"
  | "moons"
  | "single_tailnet"
  | "tailnet_pg_coordinator"
@ -1568,7 +1566,6 @@ export type Experiment =
  | "template_restart_requirement"
  | "workspace_actions"
 export const Experiments: Experiment[] = [
-  "convert-to-oidc",
  "moons",
  "single_tailnet",
  "tailnet_pg_coordinator",
--- a/site/src/components/SignInForm/SignInForm.stories.tsx
+++ b/site/src/components/SignInForm/SignInForm.stories.tsx
@ -28,7 +28,6 @@ SigningIn.args = {
  ...SignedOut.args,
  isSigningIn: true,
  authMethods: {
-    convert_to_oidc_enabled: false,
    password: { enabled: true },
    github: { enabled: true },
    oidc: { enabled: false, signInText: "", iconUrl: "" },
@ -56,7 +55,6 @@ export const WithGithub = Template.bind({})
 WithGithub.args = {
  ...SignedOut.args,
  authMethods: {
-    convert_to_oidc_enabled: false,
    password: { enabled: true },
    github: { enabled: true },
    oidc: { enabled: false, signInText: "", iconUrl: "" },
@ -67,7 +65,6 @@ export const WithOIDC = Template.bind({})
 WithOIDC.args = {
  ...SignedOut.args,
  authMethods: {
-    convert_to_oidc_enabled: false,
    password: { enabled: true },
    github: { enabled: false },
    oidc: { enabled: true, signInText: "", iconUrl: "" },
@ -78,7 +75,6 @@ export const WithOIDCWithoutPassword = Template.bind({})
 WithOIDCWithoutPassword.args = {
  ...SignedOut.args,
  authMethods: {
-    convert_to_oidc_enabled: false,
    password: { enabled: false },
    github: { enabled: false },
    oidc: { enabled: true, signInText: "", iconUrl: "" },
@ -89,7 +85,6 @@ export const WithoutAny = Template.bind({})
 WithoutAny.args = {
  ...SignedOut.args,
  authMethods: {
-    convert_to_oidc_enabled: false,
    password: { enabled: false },
    github: { enabled: false },
    oidc: { enabled: false, signInText: "", iconUrl: "" },
@ -100,7 +95,6 @@ export const WithGithubAndOIDC = Template.bind({})
 WithGithubAndOIDC.args = {
  ...SignedOut.args,
  authMethods: {
-    convert_to_oidc_enabled: false,
    password: { enabled: true },
    github: { enabled: true },
    oidc: { enabled: true, signInText: "", iconUrl: "" },
--- a/site/src/pages/LoginPage/LoginPage.test.tsx
+++ b/site/src/pages/LoginPage/LoginPage.test.tsx
@ -61,7 +61,6 @@ describe("LoginPage", () => {

  it("shows github authentication when enabled", async () => {
    const authMethods: TypesGen.AuthMethods = {
-      convert_to_oidc_enabled: false,
      password: { enabled: true },
      github: { enabled: true },
      oidc: { enabled: true, signInText: "", iconUrl: "" },
@ -113,7 +112,6 @@ describe("LoginPage", () => {

  it("hides password authentication if OIDC/GitHub is enabled and displays on click", async () => {
    const authMethods: TypesGen.AuthMethods = {
-      convert_to_oidc_enabled: false,
      password: { enabled: true },
      github: { enabled: true },
      oidc: { enabled: true, signInText: "", iconUrl: "" },
--- a/site/src/pages/UserSettingsPage/SecurityPage/SecurityPage.tsx
+++ b/site/src/pages/UserSettingsPage/SecurityPage/SecurityPage.tsx
@ -53,17 +53,13 @@ export const SecurityPage: FC = () => {
          },
        },
      }}
-      oidc={
-        authMethods.convert_to_oidc_enabled
-          ? {
-              section: {
-                authMethods,
-                userLoginType,
-                ...singleSignOnSection,
-              },
-            }
-          : undefined
-      }
+      oidc={{
+        section: {
+          authMethods,
+          userLoginType,
+          ...singleSignOnSection,
+        },
+      }}
    />
  )
 }
--- a/site/src/testHelpers/entities.ts
+++ b/site/src/testHelpers/entities.ts
@ -1113,7 +1113,6 @@ export const MockAuthMethods: TypesGen.AuthMethods = {
  password: { enabled: true },
  github: { enabled: false },
  oidc: { enabled: false, signInText: "", iconUrl: "" },
-  convert_to_oidc_enabled: true,
 }

 export const MockAuthMethodsWithPasswordType: TypesGen.AuthMethods = {