feat: add github device flow for authentication (#8232)

* feat: add github device flow for authentication This will allow us to add a GitHub OAuth provider out-of-the-box to reduce setup requirements. * Improve askpass view * Add routes to improve clarity of git auth * Redesign the git auth page * Refactor to add a page view * Fix sideways layout * Remove legacy notify * Fix git auth redirects * Add E2E tests * Fix route documentation * Fix imports * Remove unused imports * Fix E2E web test * Fix friendly message appearance * Fix layout shifting for full-screen sign-in * Fix height going to 100% * Fix comments
2025-07-15 22:20:27 +00:00 · 2023-06-29 13:58:01 -05:00
parent 7f82eca64a
commit 34467a3289
43 changed files with 2743 additions and 511 deletions
--- a/coderd/httpmw/gitauthparam.go
+++ b/coderd/httpmw/gitauthparam.go
@ -0,0 +1,40 @@
+package httpmw
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/go-chi/chi/v5"
+
+	"github.com/coder/coder/coderd/gitauth"
+	"github.com/coder/coder/coderd/httpapi"
+)
+
+type gitAuthParamContextKey struct{}
+
+func GitAuthParam(r *http.Request) *gitauth.Config {
+	config, ok := r.Context().Value(gitAuthParamContextKey{}).(*gitauth.Config)
+	if !ok {
+		panic("developer error: gitauth param middleware not provided")
+	}
+	return config
+}
+
+func ExtractGitAuthParam(configs []*gitauth.Config) func(next http.Handler) http.Handler {
+	configByID := make(map[string]*gitauth.Config)
+	for _, c := range configs {
+		configByID[c.ID] = c
+	}
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			config, ok := configByID[chi.URLParam(r, "gitauth")]
+			if !ok {
+				httpapi.ResourceNotFound(w)
+				return
+			}
+
+			r = r.WithContext(context.WithValue(r.Context(), gitAuthParamContextKey{}, config))
+			next.ServeHTTP(w, r)
+		})
+	}
+}
--- a/coderd/httpmw/gitauthparam_test.go
+++ b/coderd/httpmw/gitauthparam_test.go
@ -0,0 +1,49 @@
+package httpmw_test
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/stretchr/testify/require"
+
+	"github.com/coder/coder/coderd/gitauth"
+	"github.com/coder/coder/coderd/httpmw"
+)
+
+//nolint:bodyclose
+func TestGitAuthParam(t *testing.T) {
+	t.Parallel()
+	t.Run("Found", func(t *testing.T) {
+		t.Parallel()
+		routeCtx := chi.NewRouteContext()
+		routeCtx.URLParams.Add("gitauth", "my-id")
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		r = r.WithContext(context.WithValue(r.Context(), chi.RouteCtxKey, routeCtx))
+		res := httptest.NewRecorder()
+
+		httpmw.ExtractGitAuthParam([]*gitauth.Config{{
+			ID: "my-id",
+		}})(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			require.Equal(t, "my-id", httpmw.GitAuthParam(r).ID)
+			w.WriteHeader(http.StatusOK)
+		})).ServeHTTP(res, r)
+
+		require.Equal(t, http.StatusOK, res.Result().StatusCode)
+	})
+
+	t.Run("NotFound", func(t *testing.T) {
+		t.Parallel()
+		routeCtx := chi.NewRouteContext()
+		routeCtx.URLParams.Add("gitauth", "my-id")
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		r = r.WithContext(context.WithValue(r.Context(), chi.RouteCtxKey, routeCtx))
+		res := httptest.NewRecorder()
+
+		httpmw.ExtractGitAuthParam([]*gitauth.Config{})(nil).ServeHTTP(res, r)
+
+		require.Equal(t, http.StatusNotFound, res.Result().StatusCode)
+	})
+}
--- a/coderd/httpmw/oauth2.go
+++ b/coderd/httpmw/oauth2.go
@ -67,19 +67,19 @@ func ExtractOAuth2(config OAuth2Config, client *http.Client, authURLOpts map[str
 			// OIDC errors can be returned as query parameters. This can happen
 			// if for example we are providing and invalid scope.
 			// We should terminate the OIDC process if we encounter an error.
-			oidcError := r.URL.Query().Get("error")
+			errorMsg := r.URL.Query().Get("error")
 			errorDescription := r.URL.Query().Get("error_description")
 			errorURI := r.URL.Query().Get("error_uri")
-			if oidcError != "" {
+			if errorMsg != "" {
 				// Combine the errors into a single string if either is provided.
 				if errorDescription == "" && errorURI != "" {
 					errorDescription = fmt.Sprintf("error_uri: %s", errorURI)
 				} else if errorDescription != "" && errorURI != "" {
 					errorDescription = fmt.Sprintf("%s, error_uri: %s", errorDescription, errorURI)
 				}
-				oidcError = fmt.Sprintf("Encountered error in oidc process: %s", oidcError)
+				errorMsg = fmt.Sprintf("Encountered error in oidc process: %s", errorMsg)
 				httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
-					Message: oidcError,
+					Message: errorMsg,
 					// This message might be blank. This is ok.
 					Detail: errorDescription,
 				})