Skip to content

feat: allow external services to be authable #9996

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 21 commits into from
Oct 3, 2023
Merged

feat: allow external services to be authable #9996

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
a2ccfb0
feat: allow external services to be authable
kylecarbs Sep 30, 2023
614313b
Refactor external auth config structure for defaults
kylecarbs Oct 2, 2023
c4b0fa0
Add support for new config properties
kylecarbs Oct 2, 2023
e6c047c
Change the name of external auth
kylecarbs Oct 2, 2023
9ad24b6
Move externalauth -> external-auth
kylecarbs Oct 2, 2023
7937b0e
Run gen
kylecarbs Oct 2, 2023
ec7a7a0
Fix tests
kylecarbs Oct 2, 2023
c4a3dba
Fix MW tests
kylecarbs Oct 2, 2023
c4931b6
Fix git auth redirect
kylecarbs Oct 2, 2023
dbb1471
Fix lint
kylecarbs Oct 2, 2023
4fbc086
Fix name
kylecarbs Oct 2, 2023
02718dd
Allow any ID
kylecarbs Oct 2, 2023
6d75621
Fix invalid type test
kylecarbs Oct 2, 2023
291e61e
Fix e2e tests
kylecarbs Oct 2, 2023
386dc9c
Fix comments
kylecarbs Oct 2, 2023
0b409f3
Fix colors
kylecarbs Oct 2, 2023
0fd1f7a
Allow accepting any type as string
kylecarbs Oct 2, 2023
c1c4786
Run gen
kylecarbs Oct 2, 2023
edea1da
Merge branch 'main' into extauthprovider
kylecarbs Oct 2, 2023
0acc3a7
Fix href
kylecarbs Oct 2, 2023
4a101ea
Merge branch 'main' into extauthprovider
kylecarbs Oct 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Move externalauth -> external-auth
  • Loading branch information
@kylecarbs
kylecarbs committed Oct 2, 2023
commit 9ad24b68c434335677fdd797e79bebd43a6a7cc0
6 changes: 3 additions & 3 deletions coderd/coderd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -547,7 +547,7 @@ func New(options *Options) *API {

// Register callback handlers for each OAuth2 provider.
// We must support gitauth and externalauth for backwards compatibility.
for _, route := range []string{"gitauth", "externalauth"} {
for _, route := range []string{"gitauth", "external-auth"} {
r.Route("/"+route, func(r chi.Router) {
for _, externalAuthConfig := range options.ExternalAuthConfigs {
// We don't need to register a callback handler for device auth.
Expand Down Expand Up @@ -616,7 +616,7 @@ func New(options *Options) *API {
r.Get("/{fileID}", api.fileByID)
r.Post("/", api.postFile)
})
r.Route("/externalauth/{externalauth}", func(r chi.Router) {
r.Route("/external-auth/{externalauth}", func(r chi.Router) {
r.Use(
apiKeyMiddleware,
httpmw.ExtractExternalAuthParam(options.ExternalAuthConfigs),
Expand Down Expand Up @@ -689,7 +689,7 @@ func New(options *Options) *API {
r.Get("/schema", templateVersionSchemaDeprecated)
r.Get("/parameters", templateVersionParametersDeprecated)
r.Get("/rich-parameters", api.templateVersionRichParameters)
r.Get("/externalauth", api.templateVersionExternalAuth)
r.Get("/external-auth", api.templateVersionExternalAuth)
r.Get("/variables", api.templateVersionVariables)
r.Get("/resources", api.templateVersionResources)
r.Get("/logs", api.templateVersionLogs)
Expand Down
8 changes: 4 additions & 4 deletions coderd/externalauth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ import (
// @Tags Git
// @Param externalauth path string true "Git Provider ID" format(string)
// @Success 200 {object} codersdk.ExternalAuth
// @Router /externalauth/{externalauth} [get]
// @Router /external-auth/{externalauth} [get]
func (api *API) externalAuthByID(w http.ResponseWriter, r *http.Request) {
config := httpmw.ExternalAuthParam(r)
apiKey := httpmw.APIKey(r)
Expand Down Expand Up @@ -82,7 +82,7 @@ func (api *API) externalAuthByID(w http.ResponseWriter, r *http.Request) {
// @Tags Git
// @Param externalauth path string true "External Provider ID" format(string)
// @Success 204
// @Router /externalauth/{externalauth}/device [post]
// @Router /external-auth/{externalauth}/device [post]
func (api *API) postExternalAuthDeviceByID(rw http.ResponseWriter, r *http.Request) {
ctx := r.Context()
apiKey := httpmw.APIKey(r)
Expand Down Expand Up @@ -165,7 +165,7 @@ func (api *API) postExternalAuthDeviceByID(rw http.ResponseWriter, r *http.Reque
// @Tags Git
// @Param externalauth path string true "Git Provider ID" format(string)
// @Success 200 {object} codersdk.ExternalAuthDevice
// @Router /externalauth/{externalauth}/device [get]
// @Router /external-auth/{externalauth}/device [get]
func (*API) externalAuthDeviceByID(rw http.ResponseWriter, r *http.Request) {
config := httpmw.ExternalAuthParam(r)
ctx := r.Context()
Expand Down Expand Up @@ -247,7 +247,7 @@ func (api *API) externalAuthCallback(externalAuthConfig *externalauth.Config) ht
redirect := state.Redirect
if redirect == "" {
// This is a nicely rendered screen on the frontend
redirect = fmt.Sprintf("/externalauth/%s", externalAuthConfig.ID)
redirect = fmt.Sprintf("/external-auth/%s", externalAuthConfig.ID)
}
http.Redirect(rw, r, redirect, http.StatusTemporaryRedirect)
}
Expand Down
4 changes: 2 additions & 2 deletions coderd/externalauth/externalauth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -407,9 +407,9 @@ func ConvertConfig(entries []codersdk.ExternalAuthConfig, accessURL *url.URL) ([
}
ids[entry.ID] = struct{}{}

authRedirect, err := accessURL.Parse(fmt.Sprintf("/externalauth/%s/callback", entry.ID))
authRedirect, err := accessURL.Parse(fmt.Sprintf("/external-auth/%s/callback", entry.ID))
if err != nil {
return nil, xerrors.Errorf("parse externalauth callback url: %w", err)
return nil, xerrors.Errorf("parse external auth callback url: %w", err)
}

var regex *regexp.Regexp
Expand Down
4 changes: 2 additions & 2 deletions coderd/externalauth_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -268,7 +268,7 @@ func TestGitAuthCallback(t *testing.T) {
agentClient.SetSessionToken(authToken)
token, err := agentClient.GitAuth(context.Background(), "github.com/asd/asd", false)
require.NoError(t, err)
require.True(t, strings.HasSuffix(token.URL, fmt.Sprintf("/externalauth/%s", "github")))
require.True(t, strings.HasSuffix(token.URL, fmt.Sprintf("/external-auth/%s", "github")))
})
t.Run("UnauthorizedCallback", func(t *testing.T) {
t.Parallel()
Expand Down Expand Up @@ -300,7 +300,7 @@ func TestGitAuthCallback(t *testing.T) {
require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
location, err := resp.Location()
require.NoError(t, err)
require.Equal(t, "/externalauth/github", location.Path)
require.Equal(t, "/external-auth/github", location.Path)

// Callback again to simulate updating the token.
resp = coderdtest.RequestExternalAuthCallback(t, "github", client)
Expand Down
4 changes: 2 additions & 2 deletions coderd/httpmw/patternmatcher/routepatterns_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,9 +65,9 @@ func Test_RoutePatterns(t *testing.T) {
"/api/**",
"/@*/*/apps/**",
"/%40*/*/apps/**",
"/externalauth/*/callback",
"/external-auth/*/callback",
},
output: "^(/api/?|/api/.+/?|/@[^/]+/[^/]+/apps/.+/?|/%40[^/]+/[^/]+/apps/.+/?|/externalauth/[^/]+/callback/?)$",
output: "^(/api/?|/api/.+/?|/@[^/]+/[^/]+/apps/.+/?|/%40[^/]+/[^/]+/apps/.+/?|/external-auth/[^/]+/callback/?)$",
},
{
name: "Slash",
Expand Down
4 changes: 2 additions & 2 deletions coderd/templateversions.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -280,7 +280,7 @@ func (api *API) templateVersionRichParameters(rw http.ResponseWriter, r *http.Re
// @Tags Templates
// @Param templateversion path string true "Template version ID" format(uuid)
// @Success 200 {array} codersdk.TemplateVersionExternalAuth
// @Router /templateversions/{templateversion}/externalauth [get]
// @Router /templateversions/{templateversion}/external-auth [get]
func (api *API) templateVersionExternalAuth(rw http.ResponseWriter, r *http.Request) {
ctx := r.Context()
var (
Expand All @@ -307,7 +307,7 @@ func (api *API) templateVersionExternalAuth(rw http.ResponseWriter, r *http.Requ
}

// This is the URL that will redirect the user with a state token.
redirectURL, err := api.AccessURL.Parse(fmt.Sprintf("/externalauth/%s", config.ID))
redirectURL, err := api.AccessURL.Parse(fmt.Sprintf("/external-auth/%s", config.ID))
if err != nil {
httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
Message: "Failed to parse access URL.",
Expand Down
2 changes: 1 addition & 1 deletion coderd/tracing/httpmw.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ func Middleware(tracerProvider trace.TracerProvider) func(http.Handler) http.Han
"/api/**",
"/@*/*/apps/**",
"/%40*/*/apps/**",
"/externalauth/*/callback",
"/external-auth/*/callback",
}.MustCompile()

var tracer trace.Tracer
Expand Down
2 changes: 1 addition & 1 deletion coderd/tracing/httpmw_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ func Test_Middleware(t *testing.T) {
{"/%40hi/hi/apps/hi", true},
{"/%40hi/hi/apps/hi/hi", true},
{"/%40hi/hi/apps/hi/hi", true},
{"/externalauth/hi/callback", true},
{"/external=auth/hi/callback", true},

// Other routes that should not be collected.
{"/index.html", false},
Expand Down
6 changes: 3 additions & 3 deletions codersdk/externalauth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ type ExternalAuthDeviceExchange struct {
}

func (c *Client) ExternalAuthDeviceByID(ctx context.Context, provider string) (ExternalAuthDevice, error) {
res, err := c.Request(ctx, http.MethodGet, fmt.Sprintf("/api/v2/externalauth/%s/device", provider), nil)
res, err := c.Request(ctx, http.MethodGet, fmt.Sprintf("/api/v2/external-auth/%s/device", provider), nil)
if err != nil {
return ExternalAuthDevice{}, err
}
Expand All @@ -64,7 +64,7 @@ func (c *Client) ExternalAuthDeviceByID(ctx context.Context, provider string) (E

// ExchangeGitAuth exchanges a device code for an external auth token.
func (c *Client) ExternalAuthDeviceExchange(ctx context.Context, provider string, req ExternalAuthDeviceExchange) error {
res, err := c.Request(ctx, http.MethodPost, fmt.Sprintf("/api/v2/externalauth/%s/device", provider), req)
res, err := c.Request(ctx, http.MethodPost, fmt.Sprintf("/api/v2/external-auth/%s/device", provider), req)
if err != nil {
return err
}
Expand All @@ -77,7 +77,7 @@ func (c *Client) ExternalAuthDeviceExchange(ctx context.Context, provider string

// ExternalAuthByID returns the external auth for the given provider by ID.
func (c *Client) ExternalAuthByID(ctx context.Context, provider string) (ExternalAuth, error) {
res, err := c.Request(ctx, http.MethodGet, fmt.Sprintf("/api/v2/externalauth/%s", provider), nil)
res, err := c.Request(ctx, http.MethodGet, fmt.Sprintf("/api/v2/external-auth/%s", provider), nil)
if err != nil {
return ExternalAuth{}, err
}
Expand Down
2 changes: 1 addition & 1 deletion codersdk/templateversions.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ func (c *Client) TemplateVersionRichParameters(ctx context.Context, version uuid

// TemplateVersionExternalAuth returns authentication providers for the requested template version.
func (c *Client) TemplateVersionExternalAuth(ctx context.Context, version uuid.UUID) ([]TemplateVersionExternalAuth, error) {
res, err := c.Request(ctx, http.MethodGet, fmt.Sprintf("/api/v2/templateversions/%s/externalauth", version), nil)
res, err := c.Request(ctx, http.MethodGet, fmt.Sprintf("/api/v2/templateversions/%s/external-auth", version), nil)
if err != nil {
return nil, err
}
Expand Down
6 changes: 3 additions & 3 deletions site/e2e/tests/externalAuth.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ test("external auth device", async ({ page }) => {
sentPending.done();
});

await page.goto(`/externalauth/${gitAuth.deviceProvider}`, {
await page.goto(`/external-auth/${gitAuth.deviceProvider}`, {
waitUntil: "domcontentloaded",
});
await page.getByText(device.user_code).isVisible();
Expand All @@ -70,11 +70,11 @@ test("external auth web", async ({ baseURL, page }) => {
});
srv.use(gitAuth.authPath, (req, res) => {
res.redirect(
`${baseURL}/externalauth/${gitAuth.webProvider}/callback?code=1234&state=` +
`${baseURL}/external-auth/${gitAuth.webProvider}/callback?code=1234&state=` +
req.query.state,
);
});
await page.goto(`/externalauth/${gitAuth.webProvider}`, {
await page.goto(`/external-auth/${gitAuth.webProvider}`, {
waitUntil: "domcontentloaded",
});
// This endpoint doesn't have the installations URL set intentionally!
Expand Down
2 changes: 1 addition & 1 deletion site/src/AppRouter.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,7 @@ export const AppRouter: FC = () => {
<Route path="health" element={<HealthPage />} />

<Route
path="externalauth/:provider"
path="external-auth/:provider"
element={<ExternalAuthPage />}
/>

Expand Down
8 changes: 4 additions & 4 deletions site/src/api/api.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -335,7 +335,7 @@ export const getTemplateVersionExternalAuth = async (
versionId: string,
): Promise<TypesGen.TemplateVersionExternalAuth[]> => {
const response = await axios.get(
`/api/v2/templateversions/${versionId}/externalauth`,
`/api/v2/templateversions/${versionId}/external-auth`,
);
return response.data;
};
Expand Down Expand Up @@ -858,22 +858,22 @@ export const getExperiments = async (): Promise<TypesGen.Experiment[]> => {
export const getExternalAuthProvider = async (
provider: string,
): Promise<TypesGen.ExternalAuth> => {
const resp = await axios.get(`/api/v2/externalauth/${provider}`);
const resp = await axios.get(`/api/v2/external-auth/${provider}`);
return resp.data;
};

export const getExternalAuthDevice = async (
provider: string,
): Promise<TypesGen.ExternalAuthDevice> => {
const resp = await axios.get(`/api/v2/externalauth/${provider}/device`);
const resp = await axios.get(`/api/v2/external-auth/${provider}/device`);
return resp.data;
};

export const exchangeExternalAuthDevice = async (
provider: string,
req: TypesGen.ExternalAuthDeviceExchange,
): Promise<void> => {
const resp = await axios.post(`/api/v2/externalauth/${provider}/device`, req);
const resp = await axios.post(`/api/v2/external-auth/${provider}/device`, req);
return resp.data;
};

Expand Down
2 changes: 1 addition & 1 deletion site/src/pages/ExternalAuthPage/ExternalAuthPage.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ const ExternalAuthPage: FC = () => {
!getExternalAuthProviderQuery.data.authenticated &&
!getExternalAuthProviderQuery.data.device
) {
window.location.href = `/externalauth/${provider}/callback`;
window.location.href = `/external-auth/${provider}/callback`;

return null;
}
Expand Down
4 changes: 2 additions & 2 deletions site/src/testHelpers/entities.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2188,7 +2188,7 @@ export const MockTemplateVersionExternalAuthGithub: TypesGen.TemplateVersionExte
{
id: "github",
type: "github",
authenticate_url: "https://example.com/externalauth/github",
authenticate_url: "https://example.com/external-auth/github",
authenticated: false,
display_icon: "/icon/github.svg",
display_name: "GitHub",
Expand All @@ -2198,7 +2198,7 @@ export const MockTemplateVersionExternalAuthGithubAuthenticated: TypesGen.Templa
{
id: "github",
type: "github",
authenticate_url: "https://example.com/externalauth/github",
authenticate_url: "https://example.com/external-auth/github",
authenticated: true,
display_icon: "/icon/github.svg",
display_name: "GitHub",
Expand Down
2 changes: 1 addition & 1 deletion site/src/testHelpers/handlers.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ export const handlers = [
},
),
rest.get(
"/api/v2/templateversions/:templateVersionId/externalauth",
"/api/v2/templateversions/:templateVersionId/external-auth",
async (req, res, ctx) => {
return res(ctx.status(200), ctx.json([]));
},
Expand Down