coder
diff --git a/‎.eslintrc.yaml
Lines changed: 1 addition & 0 deletions b/‎.eslintrc.yaml
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/coder.yaml
Lines changed: 9 additions & 1 deletion b/‎.github/workflows/coder.yaml
Lines changed: 9 additions & 1 deletion
diff --git a/‎codecov.yml
Lines changed: 2 additions & 0 deletions b/‎codecov.yml
Lines changed: 2 additions & 0 deletions
diff --git a/‎coderd/coderd.go
Lines changed: 12 additions & 9 deletions b/‎coderd/coderd.go
Lines changed: 12 additions & 9 deletions
diff --git a/‎coderd/coderdtest/coderdtest.go
Lines changed: 51 additions & 18 deletions b/‎coderd/coderdtest/coderdtest.go
Lines changed: 51 additions & 18 deletions
diff --git a/‎coderd/coderdtest/coderdtest_test.go
Lines changed: 2 additions & 1 deletion b/‎coderd/coderdtest/coderdtest_test.go
Lines changed: 2 additions & 1 deletion
diff --git a/‎coderd/organizations.go
Lines changed: 25 additions & 0 deletions b/‎coderd/organizations.go
Lines changed: 25 additions & 0 deletions
diff --git a/‎coderd/users.go
Lines changed: 71 additions & 33 deletions b/‎coderd/users.go
Lines changed: 71 additions & 33 deletions
@@ -38,6 +38,7 @@ rules:
   "@typescript-eslint/explicit-function-return-type": "off"
   "@typescript-eslint/explicit-module-boundary-types": "error"
   "@typescript-eslint/method-signature-style": ["error", "property"]
+  "@typescript-eslint/no-floating-promises": error
   "@typescript-eslint/no-invalid-void-type": error
   # We're disabling the `no-namespace` rule to use a pattern of defining an interface,
   # and then defining functions that operate on that data via namespace. This is helpful for
 
@@ -149,11 +149,19 @@ jobs:
 
       - run: go install gotest.tools/gotestsum@latest
 
-      - run:
+      - name: Test with Mock Database
+        run:
           gotestsum --jsonfile="gotests.json" --packages="./..." --
           -covermode=atomic -coverprofile="gotests.coverage" -timeout=3m
           -count=3 -race -parallel=2
 
+      - name: Test with PostgreSQL Database
+        if: runner.os == 'Linux'
+        run:
+          DB=true gotestsum --jsonfile="gotests.json" --packages="./..." --
+          -covermode=atomic -coverprofile="gotests.coverage" -timeout=3m
+          -count=1 -race -parallel=2
+
       - uses: codecov/codecov-action@v2
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
 
@@ -23,5 +23,7 @@ ignore:
   # This is generated code.
   - database/models.go
   - database/query.sql.go
+  # All coderd tests fail if this doesn't work.
+  - database/databasefake
   - peerbroker/proto
   - provisionersdk/proto
@@ -31,16 +31,19 @@ func New(options *Options) http.Handler {
 				Message: "👋",
 			})
 		})
-		r.Post("/user", users.createInitialUser)
 		r.Post("/login", users.loginWithPassword)
-		r.Post("/logout", logout)
-		// Require an API key and authenticated user for this group.
-		r.Group(func(r chi.Router) {
-			r.Use(
-				httpmw.ExtractAPIKey(options.Database, nil),
-				httpmw.ExtractUser(options.Database),
-			)
-			r.Get("/user", users.authenticatedUser)
+		r.Post("/logout", users.logout)
+		r.Route("/users", func(r chi.Router) {
+			r.Post("/", users.createInitialUser)
+
+			r.Group(func(r chi.Router) {
+				r.Use(
+					httpmw.ExtractAPIKey(options.Database, nil),
+					httpmw.ExtractUserParam(options.Database),
+				)
+				r.Get("/{user}", users.user)
+				r.Get("/{user}/organizations", users.userOrganizations)
+			})
 		})
 	})
 	r.NotFound(site.Handler().ServeHTTP)
 
@@ -2,16 +2,21 @@ package coderdtest
 
 import (
 	"context"
+	"database/sql"
 	"net/http/httptest"
 	"net/url"
+	"os"
 	"testing"
 
 	"github.com/stretchr/testify/require"
 
 	"cdr.dev/slog/sloggers/slogtest"
 	"github.com/coder/coder/coderd"
 	"github.com/coder/coder/codersdk"
+	"github.com/coder/coder/cryptorand"
+	"github.com/coder/coder/database"
 	"github.com/coder/coder/database/databasefake"
+	"github.com/coder/coder/database/postgres"
 )
 
 // Server represents a test instance of coderd.
@@ -23,10 +28,54 @@ type Server struct {
 	URL    *url.URL
 }
 
-// New constructs a new coderd test instance.
+// RandomInitialUser generates a random initial user and authenticates
+// it with the client on the Server struct.
+func (s *Server) RandomInitialUser(t *testing.T) coderd.CreateInitialUserRequest {
+	username, err := cryptorand.String(12)
+	require.NoError(t, err)
+	password, err := cryptorand.String(12)
+	require.NoError(t, err)
+	organization, err := cryptorand.String(12)
+	require.NoError(t, err)
+
+	req := coderd.CreateInitialUserRequest{
+		Email:        "testuser@coder.com",
+		Username:     username,
+		Password:     password,
+		Organization: organization,
+	}
+	_, err = s.Client.CreateInitialUser(context.Background(), req)
+	require.NoError(t, err)
+
+	login, err := s.Client.LoginWithPassword(context.Background(), coderd.LoginWithPasswordRequest{
+		Email:    "testuser@coder.com",
+		Password: password,
+	})
+	require.NoError(t, err)
+	err = s.Client.SetSessionToken(login.SessionToken)
+	require.NoError(t, err)
+	return req
+}
+
+// New constructs a new coderd test instance. This returned Server
+// should contain no side-effects.
 func New(t *testing.T) Server {
 	// This can be hotswapped for a live database instance.
 	db := databasefake.New()
+	if os.Getenv("DB") != "" {
+		connectionURL, close, err := postgres.Open()
+		require.NoError(t, err)
+		t.Cleanup(close)
+		sqlDB, err := sql.Open("postgres", connectionURL)
+		require.NoError(t, err)
+		t.Cleanup(func() {
+			_ = sqlDB.Close()
+		})
+		err = database.Migrate(sqlDB)
+		require.NoError(t, err)
+		db = database.New(sqlDB)
+	}
+
 	handler := coderd.New(&coderd.Options{
 		Logger:   slogtest.Make(t, nil),
 		Database: db,
@@ -36,24 +85,8 @@ func New(t *testing.T) Server {
 	require.NoError(t, err)
 	t.Cleanup(srv.Close)
 
-	client := codersdk.New(serverURL)
-	_, err = client.CreateInitialUser(context.Background(), coderd.CreateUserRequest{
-		Email:    "testuser@coder.com",
-		Username: "testuser",
-		Password: "testpassword",
-	})
-	require.NoError(t, err)
-
-	login, err := client.LoginWithPassword(context.Background(), coderd.LoginWithPasswordRequest{
-		Email:    "testuser@coder.com",
-		Password: "testpassword",
-	})
-	require.NoError(t, err)
-	err = client.SetSessionToken(login.SessionToken)
-	require.NoError(t, err)
-
 	return Server{
-		Client: client,
+		Client: codersdk.New(serverURL),
 		URL:    serverURL,
 	}
 }
@@ -13,5 +13,6 @@ func TestMain(m *testing.M) {
 }
 
 func TestNew(t *testing.T) {
-	_ = coderdtest.New(t)
+	server := coderdtest.New(t)
+	_ = server.RandomInitialUser(t)
 }
@@ -0,0 +1,25 @@
+package coderd
+
+import (
+	"time"
+
+	"github.com/coder/coder/database"
+)
+
+// Organization is the JSON representation of a Coder organization.
+type Organization struct {
+	ID        string    `json:"id" validate:"required"`
+	Name      string    `json:"name" validate:"required"`
+	CreatedAt time.Time `json:"created_at" validate:"required"`
+	UpdatedAt time.Time `json:"updated_at" validate:"required"`
+}
+
+// convertOrganization consumes the database representation and outputs an API friendly representation.
+func convertOrganization(organization database.Organization) Organization {
+	return Organization{
+		ID:        organization.ID,
+		Name:      organization.Name,
+		CreatedAt: organization.CreatedAt,
+		UpdatedAt: organization.UpdatedAt,
+	}
+}
@@ -1,7 +1,6 @@
 package coderd
 
 import (
-	"context"
 	"crypto/sha256"
 	"database/sql"
 	"errors"
@@ -11,6 +10,7 @@ import (
 
 	"github.com/go-chi/render"
 	"github.com/google/uuid"
+	"golang.org/x/xerrors"
 
 	"github.com/coder/coder/coderd/userpassword"
 	"github.com/coder/coder/cryptorand"
@@ -27,11 +27,12 @@ type User struct {
 	Username  string    `json:"username" validate:"required"`
 }
 
-// CreateUserRequest enables callers to create a new user.
-type CreateUserRequest struct {
-	Email    string `json:"email" validate:"required,email"`
-	Username string `json:"username" validate:"required,username"`
-	Password string `json:"password" validate:"required"`
+// CreateInitialUserRequest enables callers to create a new user.
+type CreateInitialUserRequest struct {
+	Email        string `json:"email" validate:"required,email"`
+	Username     string `json:"username" validate:"required,username"`
+	Password     string `json:"password" validate:"required"`
+	Organization string `json:"organization" validate:"required,username"`
 }
 
 // LoginWithPasswordRequest enables callers to authenticate with email and password.
@@ -51,7 +52,7 @@ type users struct {
 
 // Creates the initial user for a Coder deployment.
 func (users *users) createInitialUser(rw http.ResponseWriter, r *http.Request) {
-	var createUser CreateUserRequest
+	var createUser CreateInitialUserRequest
 	if !httpapi.Read(rw, r, &createUser) {
 		return
 	}
@@ -70,19 +71,6 @@ func (users *users) createInitialUser(rw http.ResponseWriter, r *http.Request) {
 		})
 		return
 	}
-	_, err = users.Database.GetUserByEmailOrUsername(r.Context(), database.GetUserByEmailOrUsernameParams{
-		Email:    createUser.Email,
-		Username: createUser.Username,
-	})
-	if errors.Is(err, sql.ErrNoRows) {
-		err = nil
-	}
-	if err != nil {
-		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
-			Message: fmt.Sprintf("get user: %s", err.Error()),
-		})
-		return
-	}
 	hashedPassword, err := userpassword.Hash(createUser.Password)
 	if err != nil {
 		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
@@ -91,28 +79,57 @@ func (users *users) createInitialUser(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	user, err := users.Database.InsertUser(context.Background(), database.InsertUserParams{
-		ID:             uuid.NewString(),
-		Email:          createUser.Email,
-		HashedPassword: []byte(hashedPassword),
-		Username:       createUser.Username,
-		LoginType:      database.LoginTypeBuiltIn,
-		CreatedAt:      database.Now(),
-		UpdatedAt:      database.Now(),
+	// Create the user, organization, and membership to the user.
+	var user database.User
+	err = users.Database.InTx(func(s database.Store) error {
+		user, err = users.Database.InsertUser(r.Context(), database.InsertUserParams{
+			ID:             uuid.NewString(),
+			Email:          createUser.Email,
+			HashedPassword: []byte(hashedPassword),
+			Username:       createUser.Username,
+			LoginType:      database.LoginTypeBuiltIn,
+			CreatedAt:      database.Now(),
+			UpdatedAt:      database.Now(),
+		})
+		if err != nil {
+			return xerrors.Errorf("create user: %w", err)
+		}
+		organization, err := users.Database.InsertOrganization(r.Context(), database.InsertOrganizationParams{
+			ID:        uuid.NewString(),
+			Name:      createUser.Organization,
+			CreatedAt: database.Now(),
+			UpdatedAt: database.Now(),
+		})
+		if err != nil {
+			return xerrors.Errorf("create organization: %w", err)
+		}
+		_, err = users.Database.InsertOrganizationMember(r.Context(), database.InsertOrganizationMemberParams{
+			OrganizationID: organization.ID,
+			UserID:         user.ID,
+			CreatedAt:      database.Now(),
+			UpdatedAt:      database.Now(),
+			Roles:          []string{"organization-admin"},
+		})
+		if err != nil {
+			return xerrors.Errorf("create organization member: %w", err)
+		}
+		return nil
 	})
 	if err != nil {
 		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
-			Message: fmt.Sprintf("create user: %s", err.Error()),
+			Message: err.Error(),
 		})
 		return
 	}
+
 	render.Status(r, http.StatusCreated)
 	render.JSON(rw, r, user)
 }
 
-// Returns the currently authenticated user.
-func (*users) authenticatedUser(rw http.ResponseWriter, r *http.Request) {
-	user := httpmw.User(r)
+// Returns the parameterized user requested. All validation
+// is completed in the middleware for this route.
+func (*users) user(rw http.ResponseWriter, r *http.Request) {
+	user := httpmw.UserParam(r)
 
 	render.JSON(rw, r, User{
 		ID:        user.ID,
@@ -122,6 +139,27 @@ func (*users) authenticatedUser(rw http.ResponseWriter, r *http.Request) {
 	})
 }
 
+// Returns organizations the parameterized user has access to.
+func (users *users) userOrganizations(rw http.ResponseWriter, r *http.Request) {
+	user := httpmw.UserParam(r)
+
+	organizations, err := users.Database.GetOrganizationsByUserID(r.Context(), user.ID)
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("get organizations: %s", err.Error()),
+		})
+		return
+	}
+
+	publicOrganizations := make([]Organization, 0, len(organizations))
+	for _, organization := range organizations {
+		publicOrganizations = append(publicOrganizations, convertOrganization(organization))
+	}
+
+	render.Status(r, http.StatusOK)
+	render.JSON(rw, r, publicOrganizations)
+}
+
 // Authenticates the user with an email and password.
 func (users *users) loginWithPassword(rw http.ResponseWriter, r *http.Request) {
 	var loginWithPassword LoginWithPasswordRequest
@@ -200,7 +238,7 @@ func (users *users) loginWithPassword(rw http.ResponseWriter, r *http.Request) {
 }
 
 // Clear the user's session cookie
-func logout(rw http.ResponseWriter, r *http.Request) {
+func (_ *users) logout(rw http.ResponseWriter, r *http.Request) {
 	// Get a blank token cookie
 	cookie := &http.Cookie{
 		// MaxAge < 0 means to delete the cookie now
Original file line number	Diff line number	Diff line change
`@@ -13,5 +13,6 @@ func TestMain(m *testing.M) {`
`13`	`13`	`}`
`14`	`14`
`15`	`15`	`func TestNew(t *testing.T) {`
`16`		`- _ = coderdtest.New(t)`
	`16`	`+ server := coderdtest.New(t)`
	`17`	`+ _ = server.RandomInitialUser(t)`
`17`	`18`	`}`