From 8c920a9bcb546f2c38873726482a20f41417a9a1 Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Wed, 26 Jul 2023 13:13:20 -0400 Subject: [PATCH] feat: convert to oidc out of experimental --- coderd/apidoc/docs.go | 5 ----- coderd/apidoc/swagger.json | 5 ----- coderd/userauth.go | 13 ------------- coderd/userauth_test.go | 2 -- codersdk/deployment.go | 4 ---- codersdk/users.go | 7 +++---- docs/api/schemas.md | 13 +++++-------- docs/api/users.md | 1 - site/src/api/typesGenerated.ts | 3 --- .../SignInForm/SignInForm.stories.tsx | 6 ------ site/src/pages/LoginPage/LoginPage.test.tsx | 2 -- .../SecurityPage/SecurityPage.tsx | 18 +++++++----------- site/src/testHelpers/entities.ts | 1 - 13 files changed, 15 insertions(+), 65 deletions(-) diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go index 5c8a81385eb4d..a9a2dd2f2e8b5 100644 --- a/coderd/apidoc/docs.go +++ b/coderd/apidoc/docs.go @@ -6974,9 +6974,6 @@ const docTemplate = `{ "codersdk.AuthMethods": { "type": "object", "properties": { - "convert_to_oidc_enabled": { - "type": "boolean" - }, "github": { "$ref": "#/definitions/codersdk.AuthMethod" }, @@ -7918,7 +7915,6 @@ const docTemplate = `{ "moons", "workspace_actions", "tailnet_ha_coordinator", - "convert-to-oidc", "single_tailnet", "template_restart_requirement", "template_insights_page" @@ -7927,7 +7923,6 @@ const docTemplate = `{ "ExperimentMoons", "ExperimentWorkspaceActions", "ExperimentTailnetHACoordinator", - "ExperimentConvertToOIDC", "ExperimentSingleTailnet", "ExperimentTemplateRestartRequirement", "ExperimentTemplateInsightsPage" diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json index de119075e17ec..343a48c09df78 100644 --- a/coderd/apidoc/swagger.json +++ b/coderd/apidoc/swagger.json @@ -6208,9 +6208,6 @@ "codersdk.AuthMethods": { "type": "object", "properties": { - "convert_to_oidc_enabled": { - "type": "boolean" - }, "github": { "$ref": "#/definitions/codersdk.AuthMethod" }, @@ -7089,7 +7086,6 @@ "moons", "workspace_actions", "tailnet_ha_coordinator", - "convert-to-oidc", "single_tailnet", "template_restart_requirement", "template_insights_page" @@ -7098,7 +7094,6 @@ "ExperimentMoons", "ExperimentWorkspaceActions", "ExperimentTailnetHACoordinator", - "ExperimentConvertToOIDC", "ExperimentSingleTailnet", "ExperimentTemplateRestartRequirement", "ExperimentTemplateInsightsPage" diff --git a/coderd/userauth.go b/coderd/userauth.go index a53127ee91fb0..dea87821a3444 100644 --- a/coderd/userauth.go +++ b/coderd/userauth.go @@ -64,13 +64,6 @@ type OAuthConvertStateClaims struct { // @Success 201 {object} codersdk.OAuthConversionResponse // @Router /users/{user}/convert-login [post] func (api *API) postConvertLoginType(rw http.ResponseWriter, r *http.Request) { - if !api.Experiments.Enabled(codersdk.ExperimentConvertToOIDC) { - httpapi.Write(r.Context(), rw, http.StatusForbidden, codersdk.Response{ - Message: "Oauth conversion is not allowed, contact an administrator to turn on this feature.", - }) - return - } - var ( user = httpmw.UserParam(r) ctx = r.Context() @@ -455,7 +448,6 @@ func (api *API) userAuthMethods(rw http.ResponseWriter, r *http.Request) { } httpapi.Write(r.Context(), rw, http.StatusOK, codersdk.AuthMethods{ - ConvertToOIDCEnabled: api.Experiments.Enabled(codersdk.ExperimentConvertToOIDC), Password: codersdk.AuthMethod{ Enabled: !api.DeploymentValues.DisablePasswordAuth.Value(), }, @@ -1499,11 +1491,6 @@ func (api *API) convertUserToOauth(ctx context.Context, r *http.Request, db data oauthConvertAudit.UserID = claims.UserID oauthConvertAudit.Old = user - // If we do not allow converting to oauth, return an error. - if !api.Experiments.Enabled(codersdk.ExperimentConvertToOIDC) { - return database.User{}, wrongLoginTypeHTTPError(user.LoginType, params.LoginType) - } - if claims.RegisteredClaims.Issuer != api.DeploymentID { return database.User{}, httpError{ code: http.StatusForbidden, diff --git a/coderd/userauth_test.go b/coderd/userauth_test.go index 3873ebdee807d..6f49222ff8764 100644 --- a/coderd/userauth_test.go +++ b/coderd/userauth_test.go @@ -20,7 +20,6 @@ import ( "golang.org/x/xerrors" "cdr.dev/slog/sloggers/slogtest" - "github.com/coder/coder/cli/clibase" "github.com/coder/coder/coderd" "github.com/coder/coder/coderd/audit" "github.com/coder/coder/coderd/coderdtest" @@ -796,7 +795,6 @@ func TestUserOIDC(t *testing.T) { config.AllowSignups = true cfg := coderdtest.DeploymentValues(t) - cfg.Experiments = clibase.StringArray{string(codersdk.ExperimentConvertToOIDC)} client := coderdtest.New(t, &coderdtest.Options{ Auditor: auditor, OIDCConfig: config, diff --git a/codersdk/deployment.go b/codersdk/deployment.go index f9350f2cf0875..71a7767b792fb 100644 --- a/codersdk/deployment.go +++ b/codersdk/deployment.go @@ -1838,10 +1838,6 @@ const ( // which is now the default. ExperimentTailnetHACoordinator Experiment = "tailnet_ha_coordinator" - // ExperimentConvertToOIDC enables users to convert from password to - // oidc. - ExperimentConvertToOIDC Experiment = "convert-to-oidc" - // ExperimentSingleTailnet replaces workspace connections inside coderd to // all use a single tailnet, instead of the previous behavior of creating a // single tailnet for each agent. diff --git a/codersdk/users.go b/codersdk/users.go index 913f5490584de..57d6162a2459a 100644 --- a/codersdk/users.go +++ b/codersdk/users.go @@ -160,10 +160,9 @@ type CreateOrganizationRequest struct { // AuthMethods contains authentication method information like whether they are enabled or not or custom text, etc. type AuthMethods struct { - ConvertToOIDCEnabled bool `json:"convert_to_oidc_enabled"` - Password AuthMethod `json:"password"` - Github AuthMethod `json:"github"` - OIDC OIDCAuthMethod `json:"oidc"` + Password AuthMethod `json:"password"` + Github AuthMethod `json:"github"` + OIDC OIDCAuthMethod `json:"oidc"` } type AuthMethod struct { diff --git a/docs/api/schemas.md b/docs/api/schemas.md index d2947563290df..83e6be1bf12ab 100644 --- a/docs/api/schemas.md +++ b/docs/api/schemas.md @@ -1181,7 +1181,6 @@ ```json { - "convert_to_oidc_enabled": true, "github": { "enabled": true }, @@ -1198,12 +1197,11 @@ ### Properties -| Name | Type | Required | Restrictions | Description | -| ------------------------- | -------------------------------------------------- | -------- | ------------ | ----------- | -| `convert_to_oidc_enabled` | boolean | false | | | -| `github` | [codersdk.AuthMethod](#codersdkauthmethod) | false | | | -| `oidc` | [codersdk.OIDCAuthMethod](#codersdkoidcauthmethod) | false | | | -| `password` | [codersdk.AuthMethod](#codersdkauthmethod) | false | | | +| Name | Type | Required | Restrictions | Description | +| ---------- | -------------------------------------------------- | -------- | ------------ | ----------- | +| `github` | [codersdk.AuthMethod](#codersdkauthmethod) | false | | | +| `oidc` | [codersdk.OIDCAuthMethod](#codersdkoidcauthmethod) | false | | | +| `password` | [codersdk.AuthMethod](#codersdkauthmethod) | false | | | ## codersdk.AuthorizationCheck @@ -2668,7 +2666,6 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in | `moons` | | `workspace_actions` | | `tailnet_ha_coordinator` | -| `convert-to-oidc` | | `single_tailnet` | | `template_restart_requirement` | | `template_insights_page` | diff --git a/docs/api/users.md b/docs/api/users.md index f22f97adb4ab8..3c583e15787db 100644 --- a/docs/api/users.md +++ b/docs/api/users.md @@ -142,7 +142,6 @@ curl -X GET http://coder-server:8080/api/v2/users/authmethods \ ```json { - "convert_to_oidc_enabled": true, "github": { "enabled": true }, diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts index d5eeae2e93697..b967c12872eaa 100644 --- a/site/src/api/typesGenerated.ts +++ b/site/src/api/typesGenerated.ts @@ -110,7 +110,6 @@ export interface AuthMethod { // From codersdk/users.go export interface AuthMethods { - readonly convert_to_oidc_enabled: boolean readonly password: AuthMethod readonly github: AuthMethod readonly oidc: OIDCAuthMethod @@ -1558,7 +1557,6 @@ export const Entitlements: Entitlement[] = [ // From codersdk/deployment.go export type Experiment = - | "convert-to-oidc" | "moons" | "single_tailnet" | "tailnet_ha_coordinator" @@ -1566,7 +1564,6 @@ export type Experiment = | "template_restart_requirement" | "workspace_actions" export const Experiments: Experiment[] = [ - "convert-to-oidc", "moons", "single_tailnet", "tailnet_ha_coordinator", diff --git a/site/src/components/SignInForm/SignInForm.stories.tsx b/site/src/components/SignInForm/SignInForm.stories.tsx index fb49792dc99de..ea3610e7ba49d 100644 --- a/site/src/components/SignInForm/SignInForm.stories.tsx +++ b/site/src/components/SignInForm/SignInForm.stories.tsx @@ -28,7 +28,6 @@ SigningIn.args = { ...SignedOut.args, isSigningIn: true, authMethods: { - convert_to_oidc_enabled: false, password: { enabled: true }, github: { enabled: true }, oidc: { enabled: false, signInText: "", iconUrl: "" }, @@ -56,7 +55,6 @@ export const WithGithub = Template.bind({}) WithGithub.args = { ...SignedOut.args, authMethods: { - convert_to_oidc_enabled: false, password: { enabled: true }, github: { enabled: true }, oidc: { enabled: false, signInText: "", iconUrl: "" }, @@ -67,7 +65,6 @@ export const WithOIDC = Template.bind({}) WithOIDC.args = { ...SignedOut.args, authMethods: { - convert_to_oidc_enabled: false, password: { enabled: true }, github: { enabled: false }, oidc: { enabled: true, signInText: "", iconUrl: "" }, @@ -78,7 +75,6 @@ export const WithOIDCWithoutPassword = Template.bind({}) WithOIDCWithoutPassword.args = { ...SignedOut.args, authMethods: { - convert_to_oidc_enabled: false, password: { enabled: false }, github: { enabled: false }, oidc: { enabled: true, signInText: "", iconUrl: "" }, @@ -89,7 +85,6 @@ export const WithoutAny = Template.bind({}) WithoutAny.args = { ...SignedOut.args, authMethods: { - convert_to_oidc_enabled: false, password: { enabled: false }, github: { enabled: false }, oidc: { enabled: false, signInText: "", iconUrl: "" }, @@ -100,7 +95,6 @@ export const WithGithubAndOIDC = Template.bind({}) WithGithubAndOIDC.args = { ...SignedOut.args, authMethods: { - convert_to_oidc_enabled: false, password: { enabled: true }, github: { enabled: true }, oidc: { enabled: true, signInText: "", iconUrl: "" }, diff --git a/site/src/pages/LoginPage/LoginPage.test.tsx b/site/src/pages/LoginPage/LoginPage.test.tsx index 3fc3ad1369874..e7dcd782fcfa5 100644 --- a/site/src/pages/LoginPage/LoginPage.test.tsx +++ b/site/src/pages/LoginPage/LoginPage.test.tsx @@ -61,7 +61,6 @@ describe("LoginPage", () => { it("shows github authentication when enabled", async () => { const authMethods: TypesGen.AuthMethods = { - convert_to_oidc_enabled: false, password: { enabled: true }, github: { enabled: true }, oidc: { enabled: true, signInText: "", iconUrl: "" }, @@ -113,7 +112,6 @@ describe("LoginPage", () => { it("hides password authentication if OIDC/GitHub is enabled and displays on click", async () => { const authMethods: TypesGen.AuthMethods = { - convert_to_oidc_enabled: false, password: { enabled: true }, github: { enabled: true }, oidc: { enabled: true, signInText: "", iconUrl: "" }, diff --git a/site/src/pages/UserSettingsPage/SecurityPage/SecurityPage.tsx b/site/src/pages/UserSettingsPage/SecurityPage/SecurityPage.tsx index 6a0e9853f6e30..36f0db6f38c63 100644 --- a/site/src/pages/UserSettingsPage/SecurityPage/SecurityPage.tsx +++ b/site/src/pages/UserSettingsPage/SecurityPage/SecurityPage.tsx @@ -53,17 +53,13 @@ export const SecurityPage: FC = () => { }, }, }} - oidc={ - authMethods.convert_to_oidc_enabled - ? { - section: { - authMethods, - userLoginType, - ...singleSignOnSection, - }, - } - : undefined - } + oidc={{ + section: { + authMethods, + userLoginType, + ...singleSignOnSection, + }, + }} /> ) } diff --git a/site/src/testHelpers/entities.ts b/site/src/testHelpers/entities.ts index a8e1baaf0056f..271453131f486 100644 --- a/site/src/testHelpers/entities.ts +++ b/site/src/testHelpers/entities.ts @@ -1113,7 +1113,6 @@ export const MockAuthMethods: TypesGen.AuthMethods = { password: { enabled: true }, github: { enabled: false }, oidc: { enabled: false, signInText: "", iconUrl: "" }, - convert_to_oidc_enabled: true, } export const MockAuthMethodsWithPasswordType: TypesGen.AuthMethods = {