Merge remote-tracking branch 'origin/main' into stevenmasley/soft_del…

…ete_versions
coder · Emyrk · Oct 5, 2023 · Oct 5, 2023 · Oct 5, 2023 · Oct 5, 2023
commit f0294c30d1ca36f6aa6bf5778bd361723eb5fd60
diff --git a/cli/externalauth.go b/cli/externalauth.go
@@ -1,10 +1,13 @@
 package cli
 
 import (
+	"encoding/json"
 	"os/signal"
 
 	"golang.org/x/xerrors"
 
+	"github.com/tidwall/gjson"
+
 	"github.com/coder/coder/v2/cli/clibase"
 	"github.com/coder/coder/v2/cli/cliui"
 	"github.com/coder/coder/v2/codersdk/agentsdk"
@@ -25,7 +28,7 @@ func (r *RootCmd) externalAuth() *clibase.Cmd {
 }
 
 func (r *RootCmd) externalAuthAccessToken() *clibase.Cmd {
-	var silent bool
+	var extra string
 	return &clibase.Cmd{
 		Use:   "access-token <provider>",
 		Short: "Print auth for an external provider",
@@ -45,12 +48,16 @@ else
 fi
 `,
 			},
+			example{
+				Description: "Obtain an extra property of an access token for additional metadata.",
+				Command:     "coder external-auth access-token slack --extra \"authed_user.id\"",
+			},
 		),
 		Options: clibase.OptionSet{{
-			Name:        "Silent",
-			Flag:        "s",
-			Description: "Do not print the URL or access token.",
-			Value:       clibase.BoolOf(&silent),
+			Name:        "Extra",
+			Flag:        "extra",
+			Description: "Extract a field from the \"extra\" properties of the OAuth token.",
+			Value:       clibase.StringOf(&extra),
 		}},
 
 		Handler: func(inv *clibase.Invocation) error {
@@ -64,26 +71,37 @@ fi
 				return xerrors.Errorf("create agent client: %w", err)
 			}
 
-			token, err := client.ExternalAuth(ctx, agentsdk.ExternalAuthRequest{
+			extAuth, err := client.ExternalAuth(ctx, agentsdk.ExternalAuthRequest{
 				ID: inv.Args[0],
 			})
 			if err != nil {
 				return xerrors.Errorf("get external auth token: %w", err)
 			}
-
-			if !silent {
-				if token.URL != "" {
-					_, err = inv.Stdout.Write([]byte(token.URL))
-				} else {
-					_, err = inv.Stdout.Write([]byte(token.AccessToken))
+			if extAuth.URL != "" {
+				_, err = inv.Stdout.Write([]byte(extAuth.URL))
+				if err != nil {
+					return err
+				}
+				return cliui.Canceled
+			}
+			if extra != "" {
+				if extAuth.TokenExtra == nil {
+					return xerrors.Errorf("no extra properties found for token")
+				}
+				data, err := json.Marshal(extAuth.TokenExtra)
+				if err != nil {
+					return xerrors.Errorf("marshal extra properties: %w", err)
 				}
+				result := gjson.GetBytes(data, extra)
+				_, err = inv.Stdout.Write([]byte(result.String()))
 				if err != nil {
 					return err
 				}
+				return nil
 			}
-
-			if token.URL != "" {
-				return cliui.Canceled
+			_, err = inv.Stdout.Write([]byte(extAuth.AccessToken))
+			if err != nil {
+				return err
 			}
 			return nil
 		},

diff --git a/cli/externalauth_test.go b/cli/externalauth_test.go
@@ -46,4 +46,22 @@ func TestExternalAuth(t *testing.T) {
 		clitest.Start(t, inv)
 		pty.ExpectMatch("bananas")
 	})
+	t.Run("SuccessWithExtra", func(t *testing.T) {
+		t.Parallel()
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			httpapi.Write(context.Background(), w, http.StatusOK, agentsdk.ExternalAuthResponse{
+				AccessToken: "bananas",
+				TokenExtra: map[string]interface{}{
+					"hey": "there",
+				},
+			})
+		}))
+		t.Cleanup(srv.Close)
+		url := srv.URL
+		inv, _ := clitest.New(t, "--agent-url", url, "external-auth", "access-token", "github", "--extra", "hey")
+		pty := ptytest.New(t)
+		inv.Stdout = pty.Output()
+		clitest.Start(t, inv)
+		pty.ExpectMatch("there")
+	})
 }
diff --git a/cli/testdata/coder_external-auth_access-token_--help.golden b/cli/testdata/coder_external-auth_access-token_--help.golden
@@ -19,10 +19,14 @@ USAGE:
     echo "Please authenticate with GitHub:"
     echo $OUTPUT
   fi
+
+      - Obtain an extra property of an access token for additional metadata.:
+
+       $ coder external-auth access-token slack --extra "authed_user.id"
 
 OPTIONS:
-      --s bool
-          Do not print the URL or access token.
+      --extra string
+          Extract a field from the "extra" properties of the OAuth token.
 
 ———
 Run `coder --help` for a list of global options.
diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go
diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json
diff --git a/coderd/workspaceagents.go b/coderd/workspaceagents.go
@@ -2178,13 +2178,14 @@ func (api *API) postWorkspaceAppHealth(rw http.ResponseWriter, r *http.Request)
 // @Router /workspaceagents/me/external-auth [get]
 func (api *API) workspaceAgentsExternalAuth(rw http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
+	query := r.URL.Query()
 	// Either match or configID must be provided!
-	match := r.URL.Query().Get("match")
+	match := query.Get("match")
 	if match == "" {
 		// Support legacy agents!
-		match = r.URL.Query().Get("url")
+		match = query.Get("url")
 	}
-	id := chi.URLParam(r, "id")
+	id := query.Get("id")
 	if match == "" && id == "" {
 		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
 			Message: "'url' or 'id' must be provided!",
@@ -2306,7 +2307,15 @@ func (api *API) workspaceAgentsExternalAuth(rw http.ResponseWriter, r *http.Requ
 			if !valid {
 				continue
 			}
-			httpapi.Write(ctx, rw, http.StatusOK, createExternalAuthResponse(externalAuthConfig.Type, externalAuthLink.OAuthAccessToken))
+			resp, err := createExternalAuthResponse(externalAuthConfig.Type, externalAuthLink.OAuthAccessToken, externalAuthLink.OAuthExtra)
+			if err != nil {
+				httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+					Message: "Failed to create external auth response.",
+					Detail:  err.Error(),
+				})
+				return
+			}
+			httpapi.Write(ctx, rw, http.StatusOK, resp)
 			return
 		}
 	}
@@ -2354,13 +2363,21 @@ func (api *API) workspaceAgentsExternalAuth(rw http.ResponseWriter, r *http.Requ
 		})
 		return
 	}
-	httpapi.Write(ctx, rw, http.StatusOK, createExternalAuthResponse(externalAuthConfig.Type, externalAuthLink.OAuthAccessToken))
+	resp, err := createExternalAuthResponse(externalAuthConfig.Type, externalAuthLink.OAuthAccessToken, externalAuthLink.OAuthExtra)
+	if err != nil {
+		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+			Message: "Failed to create external auth response.",
+			Detail:  err.Error(),
+		})
+		return
+	}
+	httpapi.Write(ctx, rw, http.StatusOK, resp)
 }
 
 // createExternalAuthResponse creates an ExternalAuthResponse based on the
 // provider type. This is to support legacy `/workspaceagents/me/gitauth`
 // which uses `Username` and `Password`.
-func createExternalAuthResponse(typ, token string) agentsdk.ExternalAuthResponse {
+func createExternalAuthResponse(typ, token string, extra pqtype.NullRawMessage) (agentsdk.ExternalAuthResponse, error) {
 	var resp agentsdk.ExternalAuthResponse
 	switch typ {
 	case string(codersdk.EnhancedExternalAuthProviderGitLab):
@@ -2382,7 +2399,12 @@ func createExternalAuthResponse(typ, token string) agentsdk.ExternalAuthResponse
 	}
 	resp.AccessToken = token
 	resp.Type = typ
-	return resp
+
+	var err error
+	if extra.Valid {
+		err = json.Unmarshal(extra.RawMessage, &resp.TokenExtra)
+	}
+	return resp, err
 }
 
 // wsNetConn wraps net.Conn created by websocket.NetConn(). Cancel func

diff --git a/codersdk/agentsdk/agentsdk.go b/codersdk/agentsdk/agentsdk.go
@@ -711,9 +711,10 @@ func (c *Client) GetServiceBanner(ctx context.Context) (codersdk.ServiceBannerCo
 }
 
 type ExternalAuthResponse struct {
-	AccessToken string `json:"access_token"`
-	URL         string `json:"url"`
-	Type        string `json:"type"`
+	AccessToken string                 `json:"access_token"`
+	TokenExtra  map[string]interface{} `json:"token_extra"`
+	URL         string                 `json:"url"`
+	Type        string                 `json:"type"`
 
 	// Deprecated: Only supported on `/workspaceagents/me/gitauth`
 	// for backwards compatibility.

diff --git a/docs/api/agents.md b/docs/api/agents.md
diff --git a/docs/api/schemas.md b/docs/api/schemas.md
diff --git a/docs/cli/external-auth_access-token.md b/docs/cli/external-auth_access-token.md