Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ab9c049

Browse files
johnstcnjohnstcn
committed
use systemCtx in API.oauthLogin()
1 parent 11983ab commit ab9c049

File tree

1 file changed

+15
-12
lines changed

1 file changed

+15
-12
lines changed

coderd/userauth.go

Lines changed: 15 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,11 @@ import (
1717
"golang.org/x/oauth2"
1818
"golang.org/x/xerrors"
1919

20+
"github.com/coder/coder/coderd/authzquery"
2021
"github.com/coder/coder/coderd/database"
2122
"github.com/coder/coder/coderd/httpapi"
2223
"github.com/coder/coder/coderd/httpmw"
24+
"github.com/coder/coder/coderd/rbac"
2325
"github.com/coder/coder/codersdk"
2426
)
2527

@@ -425,8 +427,9 @@ func (e httpError) Error() string {
425427

426428
func (api *API) oauthLogin(r *http.Request, params oauthLoginParams) (*http.Cookie, error) {
427429
var (
428-
ctx = r.Context()
429-
user database.User
430+
ctx = r.Context()
431+
systemCtx = authzquery.WithAuthorizeSystemContext(ctx, rbac.RolesAdminSystem())
432+
user database.User
430433
)
431434

432435
err := api.Database.InTx(func(tx database.Store) error {
@@ -435,7 +438,7 @@ func (api *API) oauthLogin(r *http.Request, params oauthLoginParams) (*http.Cook
435438
err error
436439
)
437440

438-
user, link, err = findLinkedUser(ctx, tx, params.LinkedID, params.Email)
441+
user, link, err = findLinkedUser(systemCtx, tx, params.LinkedID, params.Email)
439442
if err != nil {
440443
return xerrors.Errorf("find linked user: %w", err)
441444
}
@@ -461,15 +464,15 @@ func (api *API) oauthLogin(r *http.Request, params oauthLoginParams) (*http.Cook
461464
// with OIDC for the first time.
462465
if user.ID == uuid.Nil {
463466
var organizationID uuid.UUID
464-
organizations, _ := tx.GetOrganizations(ctx)
467+
organizations, _ := tx.GetOrganizations(systemCtx)
465468
if len(organizations) > 0 {
466469
// Add the user to the first organization. Once multi-organization
467470
// support is added, we should enable a configuration map of user
468471
// email to organization.
469472
organizationID = organizations[0].ID
470473
}
471474

472-
_, err := tx.GetUserByEmailOrUsername(ctx, database.GetUserByEmailOrUsernameParams{
475+
_, err := tx.GetUserByEmailOrUsername(systemCtx, database.GetUserByEmailOrUsernameParams{
473476
Username: params.Username,
474477
})
475478
if err == nil {
@@ -482,7 +485,7 @@ func (api *API) oauthLogin(r *http.Request, params oauthLoginParams) (*http.Cook
482485

483486
params.Username = httpapi.UsernameFrom(alternate)
484487

485-
_, err := tx.GetUserByEmailOrUsername(ctx, database.GetUserByEmailOrUsernameParams{
488+
_, err := tx.GetUserByEmailOrUsername(systemCtx, database.GetUserByEmailOrUsernameParams{
486489
Username: params.Username,
487490
})
488491
if xerrors.Is(err, sql.ErrNoRows) {
@@ -501,7 +504,7 @@ func (api *API) oauthLogin(r *http.Request, params oauthLoginParams) (*http.Cook
501504
}
502505
}
503506

504-
user, _, err = api.CreateUser(ctx, tx, CreateUserRequest{
507+
user, _, err = api.CreateUser(systemCtx, tx, CreateUserRequest{
505508
CreateUserRequest: codersdk.CreateUserRequest{
506509
Email: params.Email,
507510
Username: params.Username,
@@ -515,7 +518,7 @@ func (api *API) oauthLogin(r *http.Request, params oauthLoginParams) (*http.Cook
515518
}
516519

517520
if link.UserID == uuid.Nil {
518-
link, err = tx.InsertUserLink(ctx, database.InsertUserLinkParams{
521+
link, err = tx.InsertUserLink(systemCtx, database.InsertUserLinkParams{
519522
UserID: user.ID,
520523
LoginType: params.LoginType,
521524
LinkedID: params.LinkedID,
@@ -534,7 +537,7 @@ func (api *API) oauthLogin(r *http.Request, params oauthLoginParams) (*http.Cook
534537
// The migration that added the user_links table could not populate
535538
// the 'linked_id' field since it requires fields off the access token.
536539
if link.LinkedID == "" {
537-
link, err = tx.UpdateUserLinkedID(ctx, database.UpdateUserLinkedIDParams{
540+
link, err = tx.UpdateUserLinkedID(systemCtx, database.UpdateUserLinkedIDParams{
538541
UserID: user.ID,
539542
LoginType: params.LoginType,
540543
LinkedID: params.LinkedID,
@@ -545,7 +548,7 @@ func (api *API) oauthLogin(r *http.Request, params oauthLoginParams) (*http.Cook
545548
}
546549

547550
if link.UserID != uuid.Nil {
548-
link, err = tx.UpdateUserLink(ctx, database.UpdateUserLinkParams{
551+
link, err = tx.UpdateUserLink(systemCtx, database.UpdateUserLinkParams{
549552
UserID: user.ID,
550553
LoginType: params.LoginType,
551554
OAuthAccessToken: params.State.Token.AccessToken,
@@ -584,7 +587,7 @@ func (api *API) oauthLogin(r *http.Request, params oauthLoginParams) (*http.Cook
584587
// In such cases in the current implementation this user can now no
585588
// longer sign in until an administrator finds the offending built-in
586589
// user and changes their username.
587-
user, err = tx.UpdateUserProfile(ctx, database.UpdateUserProfileParams{
590+
user, err = tx.UpdateUserProfile(systemCtx, database.UpdateUserProfileParams{
588591
ID: user.ID,
589592
Email: user.Email,
590593
Username: user.Username,
@@ -602,7 +605,7 @@ func (api *API) oauthLogin(r *http.Request, params oauthLoginParams) (*http.Cook
602605
return nil, xerrors.Errorf("in tx: %w", err)
603606
}
604607

605-
cookie, err := api.createAPIKey(ctx, createAPIKeyParams{
608+
cookie, err := api.createAPIKey(systemCtx, createAPIKeyParams{
606609
UserID: user.ID,
607610
LoginType: params.LoginType,
608611
RemoteAddr: r.RemoteAddr,

0 commit comments

Comments
 (0)