Skip to content

fix: use unique ID for linked accounts #3441

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 35 commits into from
Aug 17, 2022
Merged

fix: use unique ID for linked accounts #3441

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
305f696
fix: use unique ID for linked accounts
sreya Aug 9, 2022
b4ab301
fixup a bunch of stuff
sreya Aug 9, 2022
dd2df9c
gofmt
sreya Aug 9, 2022
0356f46
make fake db happy
sreya Aug 9, 2022
6b1b900
make audit happy
sreya Aug 9, 2022
8f63d5c
fix some tests
sreya Aug 10, 2022
de7db33
make gen
sreya Aug 10, 2022
5fdf899
fix tests
sreya Aug 10, 2022
3a4d049
fmt
sreya Aug 10, 2022
4108ece
begin refactoring PR
sreya Aug 11, 2022
14b5382
finish migration
sreya Aug 12, 2022
8553501
use main sql.dump
sreya Aug 12, 2022
f748d3d
lift error
sreya Aug 12, 2022
c1b9871
new migration
sreya Aug 12, 2022
e41c103
more rewriting
sreya Aug 12, 2022
bb9b777
even more rewriting
sreya Aug 12, 2022
d940dae
finish up some test fixing
sreya Aug 12, 2022
c97d572
typos
sreya Aug 12, 2022
10bfe77
Merge branch 'main' into jon/userauth
sreya Aug 12, 2022
28a37f1
fix some remaining tests
sreya Aug 12, 2022
c889bf0
fix a gnarly bug
sreya Aug 12, 2022
0196a49
add a down migration
sreya Aug 12, 2022
b5dc95b
add fkey on user_links, fix tests, add comments
sreya Aug 12, 2022
f2f76e9
add login_type to users table
sreya Aug 12, 2022
940ced4
Merge branch 'main' into jon/userauth
sreya Aug 12, 2022
eb266db
fix login_type query
sreya Aug 13, 2022
4671bf6
fix tests
sreya Aug 13, 2022
c41f4e6
fix audit
sreya Aug 13, 2022
f3d8392
fix down
sreya Aug 13, 2022
cc8400b
fix one more test
sreya Aug 13, 2022
5c7cbae
Merge branch 'main' into jon/userauth
sreya Aug 17, 2022
083d256
pr comments
sreya Aug 17, 2022
92c185d
fix conflicting migration file
sreya Aug 17, 2022
05595d8
generate.sh
sreya Aug 17, 2022
aa90148
butcher the english language to appease colin
sreya Aug 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix tests
  • Loading branch information
@sreya
sreya committed Aug 13, 2022
commit 4671bf66e3a420633fc474cd83dbbc908e9c1945
1 change: 1 addition & 0 deletions coderd/database/databasefake/databasefake.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1740,6 +1740,7 @@ func (q *fakeQuerier) InsertUser(_ context.Context, arg database.InsertUserParam
Username: arg.Username,
Status: database.UserStatusActive,
RBACRoles: arg.RBACRoles,
LoginType: arg.LoginType,
}
q.users = append(q.users, user)
return user, nil
Expand Down
4 changes: 3 additions & 1 deletion coderd/userauth_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,8 +201,10 @@ func TestUserOAuth2Github(t *testing.T) {
})
// Creates the first user with login_type 'password'.
_ = coderdtest.CreateFirstUser(t, client)
// Attempting to login should give us a 403 since the user
// already has a login_type of 'password'.
resp := oauth2Callback(t, client)
require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
require.Equal(t, http.StatusForbidden, resp.StatusCode)
})
t.Run("Signup", func(t *testing.T) {
t.Parallel()
Expand Down
14 changes: 7 additions & 7 deletions coderd/users.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -690,13 +690,6 @@ func (api *API) postLogin(rw http.ResponseWriter, r *http.Request) {
return
}

if user.LoginType != database.LoginTypePassword {
httpapi.Write(rw, http.StatusForbidden, codersdk.Response{
Message: fmt.Sprintf("Incorrect login type, attempting to use %q but user is of login type %q", database.LoginTypeOIDC, user.LoginType),
})
return
}

// If the user doesn't exist, it will be a default struct.
equal, err := userpassword.Compare(string(user.HashedPassword), loginWithPassword.Password)
if err != nil {
Expand All @@ -714,6 +707,13 @@ func (api *API) postLogin(rw http.ResponseWriter, r *http.Request) {
return
}

if user.LoginType != database.LoginTypePassword {
httpapi.Write(rw, http.StatusForbidden, codersdk.Response{
Message: fmt.Sprintf("Incorrect login type, attempting to use %q but user is of login type %q", database.LoginTypePassword, user.LoginType),
})
return
}

// If the user logged into a suspended account, reject the login request.
if user.Status != database.UserStatusActive {
httpapi.Write(rw, http.StatusUnauthorized, codersdk.Response{
Expand Down