Skip to content

chore: remove autocreate orgs on CreateUser #12434

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 6, 2024
Merged

chore: remove autocreate orgs on CreateUser #12434

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 9 additions & 17 deletions coderd/userauth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1351,20 +1351,16 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
// This can happen if a user is a built-in user but is signing in
// with OIDC for the first time.
if user.ID == uuid.Nil {
var organizationID uuid.UUID
// Ignoring this error is a product of our unit tests. In prod this should never
// happen. Unit tests use this as a shortcut to making a new organization. We
// should really fix our unit tests and remove this.
// Until proper multi-org support, all users will be added to the default organization.
// The default organization should always be present.
//nolint:gocritic
organization, _ := tx.GetDefaultOrganization(dbauthz.AsSystemRestricted(ctx))

// Add the user to the default organization.
// Once multi-organization we should check some configuration to see
// if we should add the user to a different organization.
organizationID = organization.ID
defaultOrganization, err := tx.GetDefaultOrganization(dbauthz.AsSystemRestricted(ctx))
if err != nil {
return xerrors.Errorf("unable to fetch default organization: %w", err)
}

//nolint:gocritic
_, err := tx.GetUserByEmailOrUsername(dbauthz.AsSystemRestricted(ctx), database.GetUserByEmailOrUsernameParams{
_, err = tx.GetUserByEmailOrUsername(dbauthz.AsSystemRestricted(ctx), database.GetUserByEmailOrUsernameParams{
Username: params.Username,
})
if err == nil {
Expand Down Expand Up @@ -1402,13 +1398,9 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
CreateUserRequest: codersdk.CreateUserRequest{
Email: params.Email,
Username: params.Username,
OrganizationID: organizationID,
OrganizationID: defaultOrganization.ID,
},
// All of the userauth tests depend on this being able to create
// the first organization. It shouldn't be possible in normal
// operation.
CreateOrganization: organizationID == uuid.Nil,
LoginType: params.LoginType,
LoginType: params.LoginType,
})
if err != nil {
return xerrors.Errorf("create user: %w", err)
Expand Down
33 changes: 4 additions & 29 deletions coderd/users.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,8 +201,7 @@ func (api *API) postFirstUser(rw http.ResponseWriter, r *http.Request) {
Password: createUser.Password,
OrganizationID: defaultOrg.ID,
},
CreateOrganization: false,
LoginType: database.LoginTypePassword,
LoginType: database.LoginTypePassword,
})
if err != nil {
httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
Expand Down Expand Up @@ -1231,8 +1230,7 @@ func (api *API) organizationByUserAndName(rw http.ResponseWriter, r *http.Reques

type CreateUserRequest struct {
codersdk.CreateUserRequest
CreateOrganization bool
LoginType database.LoginType
LoginType database.LoginType
}

func (api *API) CreateUser(ctx context.Context, store database.Store, req CreateUserRequest) (database.User, uuid.UUID, error) {
Expand All @@ -1245,32 +1243,9 @@ func (api *API) CreateUser(ctx context.Context, store database.Store, req Create
var user database.User
return user, req.OrganizationID, store.InTx(func(tx database.Store) error {
orgRoles := make([]string, 0)
// If no organization is provided, create a new one for the user.
// Organization is required to know where to allocate the user.
if req.OrganizationID == uuid.Nil {
if !req.CreateOrganization {
return xerrors.Errorf("organization ID must be provided")
}

organization, err := tx.InsertOrganization(ctx, database.InsertOrganizationParams{
ID: uuid.New(),
Name: req.Username,
CreatedAt: dbtime.Now(),
UpdatedAt: dbtime.Now(),
Description: "",
})
if err != nil {
return xerrors.Errorf("create organization: %w", err)
}
req.OrganizationID = organization.ID
// TODO: When organizations are allowed to be created, we should
// come back to determining the default role of the person who
// creates the org. Until that happens, all users in an organization
// should be just regular members. Membership role is implied, and
// not required to be explicit.
_, err = tx.InsertAllUsersGroup(ctx, organization.ID)
if err != nil {
return xerrors.Errorf("create %q group: %w", database.EveryoneGroup, err)
}
return xerrors.Errorf("organization ID must be provided")
}

params := database.InsertUserParams{
Expand Down