synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-13 21:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(enterprise): ensure SCIM create user can unsuspend (#8916)

Browse Source
This commit is contained in:
Colin Adler
2023-08-04 17:03:21 -05:00
committed by GitHub
parent 8f7b6a2936
commit 0c7ff4fb8a
2 changed files with 79 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
enterprise/coderd/scim.go
View File

@ -155,7 +155,7 @@ func (api *API) scimPostUser(rw http.ResponseWriter, r *http.Request) {
} }
//nolint:gocritic //nolint:gocritic
user, err := api.Database.GetUserByEmailOrUsername(dbauthz.AsSystemRestricted(ctx), database.GetUserByEmailOrUsernameParams{ dbUser, err := api.Database.GetUserByEmailOrUsername(dbauthz.AsSystemRestricted(ctx), database.GetUserByEmailOrUsernameParams{
Email: email, Email: email,
Username: sUser.UserName, Username: sUser.UserName,
}) })
@ -164,8 +164,22 @@ func (api *API) scimPostUser(rw http.ResponseWriter, r *http.Request) {
return return
} }
if err == nil { if err == nil {
sUser.ID = user.ID.String() sUser.ID = dbUser.ID.String()
sUser.UserName = user.Username sUser.UserName = dbUser.Username
if sUser.Active && dbUser.Status == database.UserStatusSuspended {
//nolint:gocritic
_, err = api.Database.UpdateUserStatus(dbauthz.AsSystemRestricted(r.Context()), database.UpdateUserStatusParams{
ID: dbUser.ID,
// The user will get transitioned to Active after logging in.
Status: database.UserStatusDormant,
UpdatedAt: database.Now(),
})
if err != nil {
_ = handlerutil.WriteError(rw, err)
return
}
}
httpapi.Write(ctx, rw, http.StatusOK, sUser) httpapi.Write(ctx, rw, http.StatusOK, sUser)
return return
@ -201,7 +215,7 @@ func (api *API) scimPostUser(rw http.ResponseWriter, r *http.Request) {
} }
//nolint:gocritic // needed for SCIM //nolint:gocritic // needed for SCIM
user, _, err = api.AGPL.CreateUser(dbauthz.AsSystemRestricted(ctx), api.Database, agpl.CreateUserRequest{ dbUser, _, err = api.AGPL.CreateUser(dbauthz.AsSystemRestricted(ctx), api.Database, agpl.CreateUserRequest{
CreateUserRequest: codersdk.CreateUserRequest{ CreateUserRequest: codersdk.CreateUserRequest{
Username: sUser.UserName, Username: sUser.UserName,
Email: email, Email: email,
@ -214,8 +228,8 @@ func (api *API) scimPostUser(rw http.ResponseWriter, r *http.Request) {
return return
} }
sUser.ID = user.ID.String() sUser.ID = dbUser.ID.String()
sUser.UserName = user.Username sUser.UserName = dbUser.Username
httpapi.Write(ctx, rw, http.StatusOK, sUser) httpapi.Write(ctx, rw, http.StatusOK, sUser)
} }
@ -263,7 +277,8 @@ func (api *API) scimPatchUser(rw http.ResponseWriter, r *http.Request) {
var status database.UserStatus var status database.UserStatus
if sUser.Active { if sUser.Active {
status = database.UserStatusActive // The user will get transitioned to Active after logging in.
status = database.UserStatusDormant
} else { } else {
status = database.UserStatusSuspended status = database.UserStatusSuspended
} }

61
enterprise/coderd/scim_test.go
View File

@ -4,6 +4,7 @@ import (
"context" "context"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io"
"net/http" "net/http"
"testing" "testing"
@ -164,6 +165,54 @@ func TestScim(t *testing.T) {
assert.Equal(t, sUser.UserName, userRes.Users[0].Username) assert.Equal(t, sUser.UserName, userRes.Users[0].Username)
}) })
t.Run("Unsuspend", func(t *testing.T) {
t.Parallel()
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
defer cancel()
scimAPIKey := []byte("hi")
client, _ := coderdenttest.New(t, &coderdenttest.Options{
SCIMAPIKey: scimAPIKey,
LicenseOptions: &coderdenttest.LicenseOptions{
AccountID: "coolin",
Features: license.Features{
codersdk.FeatureSCIM: 1,
},
},
})
sUser := makeScimUser(t)
res, err := client.Request(ctx, "POST", "/scim/v2/Users", sUser, setScimAuth(scimAPIKey))
require.NoError(t, err)
defer res.Body.Close()
assert.Equal(t, http.StatusOK, res.StatusCode)
err = json.NewDecoder(res.Body).Decode(&sUser)
require.NoError(t, err)
sUser.Active = false
res, err = client.Request(ctx, "PATCH", "/scim/v2/Users/"+sUser.ID, sUser, setScimAuth(scimAPIKey))
require.NoError(t, err)
_, _ = io.Copy(io.Discard, res.Body)
_ = res.Body.Close()
assert.Equal(t, http.StatusOK, res.StatusCode)
sUser.Active = true
res, err = client.Request(ctx, "POST", "/scim/v2/Users", sUser, setScimAuth(scimAPIKey))
require.NoError(t, err)
_, _ = io.Copy(io.Discard, res.Body)
_ = res.Body.Close()
assert.Equal(t, http.StatusOK, res.StatusCode)
userRes, err := client.Users(ctx, codersdk.UsersRequest{Search: sUser.Emails[0].Value})
require.NoError(t, err)
require.Len(t, userRes.Users, 1)
assert.Equal(t, sUser.Emails[0].Value, userRes.Users[0].Email)
assert.Equal(t, sUser.UserName, userRes.Users[0].Username)
assert.Equal(t, codersdk.UserStatusDormant, userRes.Users[0].Status)
})
t.Run("DomainStrips", func(t *testing.T) { t.Run("DomainStrips", func(t *testing.T) {
t.Parallel() t.Parallel()
@ -185,7 +234,8 @@ func TestScim(t *testing.T) {
sUser.UserName = sUser.UserName + "@coder.com" sUser.UserName = sUser.UserName + "@coder.com"
res, err := client.Request(ctx, "POST", "/scim/v2/Users", sUser, setScimAuth(scimAPIKey)) res, err := client.Request(ctx, "POST", "/scim/v2/Users", sUser, setScimAuth(scimAPIKey))
require.NoError(t, err) require.NoError(t, err)
defer res.Body.Close() _, _ = io.Copy(io.Discard, res.Body)
_ = res.Body.Close()
assert.Equal(t, http.StatusOK, res.StatusCode) assert.Equal(t, http.StatusOK, res.StatusCode)
userRes, err := client.Users(ctx, codersdk.UsersRequest{Search: sUser.Emails[0].Value}) userRes, err := client.Users(ctx, codersdk.UsersRequest{Search: sUser.Emails[0].Value})
@ -220,7 +270,8 @@ func TestScim(t *testing.T) {
res, err := client.Request(ctx, "PATCH", "/scim/v2/Users/bob", struct{}{}) res, err := client.Request(ctx, "PATCH", "/scim/v2/Users/bob", struct{}{})
require.NoError(t, err) require.NoError(t, err)
defer res.Body.Close() _, _ = io.Copy(io.Discard, res.Body)
_ = res.Body.Close()
assert.Equal(t, http.StatusNotFound, res.StatusCode) assert.Equal(t, http.StatusNotFound, res.StatusCode)
}) })
@ -242,7 +293,8 @@ func TestScim(t *testing.T) {
res, err := client.Request(ctx, "PATCH", "/scim/v2/Users/bob", struct{}{}) res, err := client.Request(ctx, "PATCH", "/scim/v2/Users/bob", struct{}{})
require.NoError(t, err) require.NoError(t, err)
defer res.Body.Close() _, _ = io.Copy(io.Discard, res.Body)
_ = res.Body.Close()
assert.Equal(t, http.StatusInternalServerError, res.StatusCode) assert.Equal(t, http.StatusInternalServerError, res.StatusCode)
}) })
@ -276,7 +328,8 @@ func TestScim(t *testing.T) {
res, err = client.Request(ctx, "PATCH", "/scim/v2/Users/"+sUser.ID, sUser, setScimAuth(scimAPIKey)) res, err = client.Request(ctx, "PATCH", "/scim/v2/Users/"+sUser.ID, sUser, setScimAuth(scimAPIKey))
require.NoError(t, err) require.NoError(t, err)
defer res.Body.Close() _, _ = io.Copy(io.Discard, res.Body)
_ = res.Body.Close()
assert.Equal(t, http.StatusOK, res.StatusCode) assert.Equal(t, http.StatusOK, res.StatusCode)
userRes, err := client.Users(ctx, codersdk.UsersRequest{Search: sUser.Emails[0].Value}) userRes, err := client.Users(ctx, codersdk.UsersRequest{Search: sUser.Emails[0].Value})