create a new route for user login type

Emyrk · Emyrk · commit 68977f5d0b08 · 2023-06-28T12:36:21.000-04:00
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -593,10 +593,6 @@ func New(options *Options) *API {
 			r.Get("/first", api.firstUser)
 			r.Post("/first", api.postFirstUser)
 			r.Route("/authmethods", func(r chi.Router) {
-				// The API Key allows this method to return the auth method
-				// for the logged-in user. This information is useful for the
-				// caller. If not authenticated, this information is omitted.
-				r.Use(apiKeyMiddlewareOptional)
 				r.Get("/", api.userAuthMethods)
 			})
 
@@ -642,6 +638,7 @@ func New(options *Options) *API {
 					r.Use(httpmw.ExtractUserParam(options.Database, false))
 					r.Delete("/", api.deleteUser)
 					r.Get("/", api.userByName)
+					r.Get("/login-type", api.userLoginType)
 					r.Put("/profile", api.putUserProfile)
 					r.Route("/status", func(r chi.Router) {
 						r.Put("/suspend", api.putSuspendUserAccount())
diff --git a/coderd/userauth.go b/coderd/userauth.go
@@ -407,19 +407,6 @@ type GithubOAuth2Config struct {
 // @Success 200 {object} codersdk.AuthMethods
 // @Router /users/authmethods [get]
 func (api *API) userAuthMethods(rw http.ResponseWriter, r *http.Request) {
-	key, ok := httpmw.APIKeyOptional(r)
-	var currentUserLoginType codersdk.LoginType
-	if ok {
-		user, err := api.Database.GetUserByID(r.Context(), key.UserID)
-		if err != nil {
-			httpapi.Write(r.Context(), rw, http.StatusInternalServerError, codersdk.Response{
-				Message: "Internal error.",
-				Detail:  err.Error(),
-			})
-			return
-		}
-		currentUserLoginType = codersdk.LoginType(user.LoginType)
-	}
 	var signInText string
 	var iconURL string
 
@@ -431,8 +418,7 @@ func (api *API) userAuthMethods(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	httpapi.Write(r.Context(), rw, http.StatusOK, codersdk.AuthMethods{
-		UserAuthenticationType: currentUserLoginType,
-		ConvertToOIDCEnabled:   api.Options.DeploymentValues.EnableOauthAccountConversion.Value(),
+		ConvertToOIDCEnabled: api.Options.DeploymentValues.EnableOauthAccountConversion.Value(),
 		Password: codersdk.AuthMethod{
 			Enabled: !api.DeploymentValues.DisablePasswordAuth.Value(),
 		},
diff --git a/coderd/users.go b/coderd/users.go
@@ -501,6 +501,37 @@ func (api *API) userByName(rw http.ResponseWriter, r *http.Request) {
 	httpapi.Write(ctx, rw, http.StatusOK, db2sdk.User(user, organizationIDs))
 }
 
+// Returns the user's login type. This only works if the api key for authorization
+// and the requested user match. Eg: 'me'
+//
+// @Summary Get user login type
+// @ID get-user-login-type
+// @Security CoderSessionToken
+// @Produce json
+// @Tags Users
+// @Param user path string true "User ID, name, or me"
+// @Success 200 {object} codersdk.UserAuth
+// @Router /users/{user}/login-type [get]
+func (api *API) userLoginType(rw http.ResponseWriter, r *http.Request) {
+	var (
+		ctx  = r.Context()
+		user = httpmw.UserParam(r)
+		key  = httpmw.APIKey(r)
+	)
+
+	if key.UserID != user.ID {
+		// Currently this is only valid for querying yourself.
+		httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{
+			Message: "You are not authorized to view this user's login type.",
+		})
+		return
+	}
+
+	httpapi.Write(ctx, rw, http.StatusOK, codersdk.UserAuth{
+		LoginType: codersdk.LoginType(user.LoginType),
+	})
+}
+
 // @Summary Update user profile
 // @ID update-user-profile
 // @Security CoderSessionToken
diff --git a/codersdk/users.go b/codersdk/users.go
@@ -123,19 +123,20 @@ type CreateOrganizationRequest struct {
 
 // AuthMethods contains authentication method information like whether they are enabled or not or custom text, etc.
 type AuthMethods struct {
-	// UserAuthenticationType returns the authentication method for the given
-	// caller if the request is an authenticated request. Otherwise it is empty.
-	UserAuthenticationType LoginType      `json:"me_login_type,omitempty"`
-	ConvertToOIDCEnabled   bool           `json:"convert_to_oidc_enabled"`
-	Password               AuthMethod     `json:"password"`
-	Github                 AuthMethod     `json:"github"`
-	OIDC                   OIDCAuthMethod `json:"oidc"`
+	ConvertToOIDCEnabled bool           `json:"convert_to_oidc_enabled"`
+	Password             AuthMethod     `json:"password"`
+	Github               AuthMethod     `json:"github"`
+	OIDC                 OIDCAuthMethod `json:"oidc"`
 }
 
 type AuthMethod struct {
 	Enabled bool `json:"enabled"`
 }
 
+type UserAuth struct {
+	LoginType LoginType `json:"login_type"`
+}
+
 type OIDCAuthMethod struct {
 	AuthMethod
 	SignInText string `json:"signInText"`
