Skip to content

Commit bd93ef9

Browse files
EmyrkEmyrk
committed
add migration to add a table for tracking oidc state
1 parent a746952 commit bd93ef9

File tree

7 files changed

+72
-0
lines changed

7 files changed

+72
-0
lines changed

coderd/coderd.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -603,6 +603,7 @@ func New(options *Options) *API {
603603
// This value is intentionally increased during tests.
604604
r.Use(httpmw.RateLimit(options.LoginRateLimit, time.Minute))
605605
r.Post("/login", api.postLogin)
606+
r.Post("/upgrade-to-oidc", api.postUpgradeToOIDC)
606607
r.Route("/oauth2", func(r chi.Router) {
607608
r.Route("/github", func(r chi.Router) {
608609
r.Use(httpmw.ExtractOAuth2(options.GithubOAuth2Config, options.HTTPClient, nil))

coderd/database/dump.sql

Lines changed: 17 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/migrations/000126_merge_oidc_account.down.sql

Whitespace-only changes.

coderd/database/migrations/000126_merge_oidc_account.up.sql

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
BEGIN;
2+
3+
CREATE TABLE IF NOT EXISTS oidc_merge_state (
4+
state_string text NOT NULL,
5+
created_at timestamptz NOT NULL,
6+
expires_at timestamptz NOT NULL,
7+
user_id uuid NOT NULL
8+
REFERENCES users (id) ON DELETE CASCADE,
9+
PRIMARY KEY (state_string)
10+
);
11+
12+
COMMENT ON TABLE oidc_merge_state IS 'Stores the state string for OIDC merge requests. If an OIDC state string is found in this table, '
13+
'it is assumed the user had a LoginType "password" and is switching to an OIDC based authentication.';
14+
15+
COMMENT ON COLUMN oidc_merge_state.expires_at IS 'The time at which the state string expires, a merge request times out if the user does not perform it quick enough.';
16+
17+
COMMIT;

coderd/database/models.go

Lines changed: 9 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries/users.sql

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,23 @@
1+
-- name: GetUserOIDCMergeState :one
2+
SELECT
3+
*
4+
FROM
5+
oidc_merge_state
6+
WHERE
7+
user_id = @user_id AND
8+
state_string = @state_string;
9+
10+
-- name: InsertUserOIDCMergeState :one
11+
INSERT INTO
12+
oidc_merge_state (
13+
user_id,
14+
state_string,
15+
created_at,
16+
updated_at
17+
)
18+
VALUES
19+
($1, $2, $3, $4) RETURNING *;
20+
121
-- name: GetUserByID :one
222
SELECT
323
*

coderd/httpmw/oauth2.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,14 @@ func ExtractOAuth2(config OAuth2Config, client *http.Client, authURLOpts map[str
9090
state := r.URL.Query().Get("state")
9191

9292
if code == "" {
93+
// If this url param is provided, then a user is trying to merge
94+
// their account with an OIDC account. Their password would have
95+
// been required to get to this point, so we do not need to verify
96+
// their password again.
97+
// TODO: @emyrk should we check their api key here?
98+
oidcMergeState := r.URL.Query().Get("oidc_merge_state")
99+
var _ = oidcMergeState
100+
93101
// If the code isn't provided, we'll redirect!
94102
state, err := cryptorand.String(32)
95103
if err != nil {

0 commit comments

Comments
 (0)