Skip to content

/setup endpoint available when owner existing #9157

Closed
@Alexsaphir

Description

@Alexsaphir

When opening for the first time coder deployed using helm, I'm redirected to https://coder.../setup, to create an account. Without a message to inform me of the success, I looked inside the database, saw a new user with owner permission, and copy the change to my logged user with oidc.

Moreover, I had set CODER_DISABLE_PASSWORD_AUTH to true.

Now I deleted the local user from the web interface.

My issue is that /setup is still available, asking to create a user. It does not seem to work, so no party can steal ownership but should be disabled fully.

Finally, allowing to set a user from an oidc provider could be a nice feature to remove the need to create the first account manually.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions