synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: remove autocreate orgs on CreateUser (#12434)

Browse Source 
New users must be explictly given an organization to join.
Organizations should not be auto created as a side effect of
creating a new user.
This commit is contained in:
Steven Masley
2024-03-06 07:29:28 -06:00
committed by GitHub
parent 842799847a
commit 23ff807a27
2 changed files with 13 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
coderd/userauth.go
View File

@ -1351,20 +1351,16 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
// This can happen if a user is a built-in user but is signing in
// with OIDC for the first time.
if user.ID == uuid.Nil {
var organizationID uuid.UUID
// Ignoring this error is a product of our unit tests. In prod this should never
// happen. Unit tests use this as a shortcut to making a new organization. We
// should really fix our unit tests and remove this.
// Until proper multi-org support, all users will be added to the default organization.
// The default organization should always be present.
//nolint:gocritic
organization, _ := tx.GetDefaultOrganization(dbauthz.AsSystemRestricted(ctx))
// Add the user to the default organization.
// Once multi-organization we should check some configuration to see
// if we should add the user to a different organization.
organizationID = organization.ID
defaultOrganization, err := tx.GetDefaultOrganization(dbauthz.AsSystemRestricted(ctx))
if err != nil {
return xerrors.Errorf("unable to fetch default organization: %w", err)
}
//nolint:gocritic
_, err := tx.GetUserByEmailOrUsername(dbauthz.AsSystemRestricted(ctx), database.GetUserByEmailOrUsernameParams{
_, err = tx.GetUserByEmailOrUsername(dbauthz.AsSystemRestricted(ctx), database.GetUserByEmailOrUsernameParams{
Username: params.Username,
})
if err == nil {
@ -1402,13 +1398,9 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
CreateUserRequest: codersdk.CreateUserRequest{
Email: params.Email,
Username: params.Username,
OrganizationID: organizationID,
OrganizationID: defaultOrganization.ID,
},
// All of the userauth tests depend on this being able to create
// the first organization. It shouldn't be possible in normal
// operation.
CreateOrganization: organizationID == uuid.Nil,
LoginType: params.LoginType,
LoginType: params.LoginType,
})
if err != nil {
return xerrors.Errorf("create user: %w", err)