Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 18ab14b

Browse files
EmyrkEmyrk
committed
Actually enable org sync in the oidc flow
1 parent 9702243 commit 18ab14b

File tree

2 files changed

+25
-6
lines changed

2 files changed

+25
-6
lines changed

coderd/idpsync/organization.go

+3-1
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,9 @@ func (s AGPLIDPSync) ParseOrganizationClaims(ctx context.Context, _ map[string]i
2929

3030
type OrganizationParams struct {
3131
// SyncEnabled if false will skip syncing the user's organizations.
32-
SyncEnabled bool
32+
SyncEnabled bool
33+
// IncludeDefault is primarily for single org deployments. It will ensure
34+
// a user is always inserted into the default org.
3335
IncludeDefault bool
3436
// Organizations is the list of organizations the user should be a member of
3537
// assuming syncing is turned on.

coderd/userauth.go

+22-5
Original file line numberDiff line numberDiff line change
@@ -659,6 +659,11 @@ func (api *API) userOAuth2Github(rw http.ResponseWriter, r *http.Request) {
659659
AvatarURL: ghUser.GetAvatarURL(),
660660
Name: normName,
661661
DebugContext: OauthDebugContext{},
662+
OrganizationSync: idpsync.OrganizationParams{
663+
SyncEnabled: false,
664+
IncludeDefault: true,
665+
Organizations: []uuid.UUID{},
666+
},
662667
}).SetInitAuditRequest(func(params *audit.RequestParams) (*audit.Request[database.User], func()) {
663668
return audit.InitRequest[database.User](rw, params)
664669
})
@@ -1411,14 +1416,19 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
14111416
}
14121417
}
14131418

1419+
// Even if org sync is disabled, single org deployments will always
1420+
// have this set to true.
1421+
orgIDs := []uuid.UUID{}
1422+
if params.OrganizationSync.IncludeDefault {
1423+
orgIDs = append(orgIDs, defaultOrganization.ID)
1424+
}
1425+
14141426
//nolint:gocritic
14151427
user, err = api.CreateUser(dbauthz.AsSystemRestricted(ctx), tx, CreateUserRequest{
14161428
CreateUserRequestWithOrgs: codersdk.CreateUserRequestWithOrgs{
1417-
Email: params.Email,
1418-
Username: params.Username,
1419-
// TODO: Remove this, and only use organization sync from
1420-
// params
1421-
OrganizationIDs: []uuid.UUID{defaultOrganization.ID},
1429+
Email: params.Email,
1430+
Username: params.Username,
1431+
OrganizationIDs: orgIDs,
14221432
},
14231433
LoginType: params.LoginType,
14241434
})
@@ -1481,6 +1491,13 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
14811491
}
14821492
}
14831493

1494+
// Only OIDC really supports syncing like this. At some point, we might
1495+
// want to move this configuration and allow github to allow do org syncing.
1496+
err = api.OIDCConfig.IDPSync.SyncOrganizations(ctx, tx, user, params.OrganizationSync)
1497+
if err != nil {
1498+
return xerrors.Errorf("sync organizations: %w", err)
1499+
}
1500+
14841501
// Ensure groups are correct.
14851502
// This places all groups into the default organization.
14861503
// To go multi-org, we need to add a mapping feature here to know which

0 commit comments

Comments
 (0)