Skip to content

Commit 2ee2d62

Browse files
EmyrkEmyrk
committed
fixup comment
1 parent 2dae39b commit 2ee2d62

File tree

5 files changed

+36
-53
lines changed

5 files changed

+36
-53
lines changed

coderd/database/oidcclaims_test.go

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,10 @@ func TestOIDCClaims(t *testing.T) {
4040
"alice-id": "from-bob",
4141
},
4242
UserInfoClaims: nil,
43+
MergedClaims: map[string]interface{}{
44+
"sub": "alice",
45+
"alice-id": "from-bob",
46+
},
4347
},
4448
// Always should be a no-op
4549
Foo: "bar",
@@ -62,6 +66,20 @@ func TestOIDCClaims(t *testing.T) {
6266
"bob-info": []string{},
6367
"number": 42,
6468
},
69+
MergedClaims: map[string]interface{}{
70+
"sub": "bob",
71+
"bob-info": []string{},
72+
"number": 42,
73+
"bob-id": "from-bob",
74+
"array": []string{
75+
"a", "b", "c",
76+
},
77+
"map": map[string]interface{}{
78+
"key": "value",
79+
"foo": "bar",
80+
},
81+
"nil": nil,
82+
},
6583
}))
6684
charlie := g.withLink(database.LoginTypeOIDC, toJSON(database.UserLinkClaims{
6785
IDTokenClaims: map[string]interface{}{
@@ -72,6 +90,11 @@ func TestOIDCClaims(t *testing.T) {
7290
"sub": "charlie",
7391
"charlie-info": "charlie",
7492
},
93+
MergedClaims: map[string]interface{}{
94+
"sub": "charlie",
95+
"charlie-id": "charlie",
96+
"charlie-info": "charlie",
97+
},
7598
}))
7699

77100
// users that just try to cause problems, but should not affect the output of
@@ -89,6 +112,10 @@ func TestOIDCClaims(t *testing.T) {
89112
UserInfoClaims: map[string]interface{}{
90113
"do-not": "look",
91114
},
115+
MergedClaims: map[string]interface{}{
116+
"not": "allowed",
117+
"do-not": "look",
118+
},
92119
})), // github should be omitted
93120

94121
// extra random users

coderd/database/querier.go

Lines changed: 1 addition & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries.sql.go

Lines changed: 4 additions & 22 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries/user_links.sql

Lines changed: 4 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -60,36 +60,18 @@ WHERE
6060

6161

6262
-- name: OIDCClaimFields :many
63-
-- OIDCClaimFields returns a list of distinct keys in both the id_token_claims and user_info_claims fields.
63+
-- OIDCClaimFields returns a list of distinct keys in the the merged_claims fields.
6464
-- This query is used to generate the list of available sync fields for idp sync settings.
6565
SELECT
66-
DISTINCT jsonb_object_keys(claims->'id_token_claims')
66+
DISTINCT jsonb_object_keys(claims->'merged_claims')
6767
FROM
6868
user_links
6969
WHERE
7070
-- Only return rows where the top level key exists
71-
claims ? 'id_token_claims' AND
71+
claims ? 'merged_claims' AND
7272
-- 'null' is the default value for the id_token_claims field
7373
-- jsonb 'null' is not the same as SQL NULL. Strip these out.
74-
jsonb_typeof(claims->'id_token_claims') != 'null' AND
75-
login_type = 'oidc'
76-
AND CASE WHEN @organization_id :: uuid != '00000000-0000-0000-0000-000000000000'::uuid THEN
77-
user_links.user_id = ANY(SELECT organization_members.user_id FROM organization_members WHERE organization_id = @organization_id)
78-
ELSE true
79-
END
80-
81-
-- Merge with user_info claims.
82-
UNION
83-
84-
-- This query is identical to the one above, except for 'user_info_claims'.
85-
-- There might be some way to do this more concisely at a cost of readability.
86-
SELECT
87-
DISTINCT jsonb_object_keys(claims->'user_info_claims')
88-
FROM
89-
user_links
90-
WHERE
91-
claims ? 'user_info_claims' AND
92-
jsonb_typeof(claims->'user_info_claims') != 'null' AND
74+
jsonb_typeof(claims->'merged_claims') != 'null' AND
9375
login_type = 'oidc'
9476
AND CASE WHEN @organization_id :: uuid != '00000000-0000-0000-0000-000000000000'::uuid THEN
9577
user_links.user_id = ANY(SELECT organization_members.user_id FROM organization_members WHERE organization_id = @organization_id)

coderd/userauth.go

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1395,13 +1395,6 @@ func mergeClaims(a, b map[string]interface{}) map[string]interface{} {
13951395
return c
13961396
}
13971397

1398-
// OauthDebugContext provides helpful information for admins to debug
1399-
// OAuth login issues.
1400-
type OauthDebugContext struct {
1401-
IDTokenClaims map[string]interface{} `json:"id_token_claims"`
1402-
UserInfoClaims map[string]interface{} `json:"user_info_claims"`
1403-
}
1404-
14051398
type oauthLoginParams struct {
14061399
User database.User
14071400
Link database.UserLink

0 commit comments

Comments
 (0)