feat: Add OIDC authentication (#3314)

* feat: Add OIDC authentication * Extract username into a separate package and add OIDC tests * Add test case for invalid tokens * Add test case for username as email * Add OIDC to the frontend * Improve comments from self-review * Add authentication docs * Add telemetry * Update docs/install/auth.md Co-authored-by: Ammar Bandukwala <ammar@ammar.io> * Update docs/install/auth.md Co-authored-by: Ammar Bandukwala <ammar@ammar.io> * Remove username package Co-authored-by: Ammar Bandukwala <ammar@ammar.io>
2025-07-06 15:41:45 +00:00 · 2022-07-31 23:05:35 -05:00
parent 8b17bf98ea
commit 3d0febdd90
28 changed files with 733 additions and 137 deletions
--- a/coderd/httpapi/username.go
+++ b/coderd/httpapi/username.go
@ -0,0 +1,45 @@
+package httpapi
+
+import (
+	"regexp"
+	"strings"
+
+	"github.com/moby/moby/pkg/namesgenerator"
+)
+
+var (
+	usernameValid   = regexp.MustCompile("^[a-zA-Z0-9]+(?:-[a-zA-Z0-9]+)*$")
+	usernameReplace = regexp.MustCompile("[^a-zA-Z0-9-]*")
+)
+
+// UsernameValid returns whether the input string is a valid username.
+func UsernameValid(str string) bool {
+	if len(str) > 32 {
+		return false
+	}
+	if len(str) < 1 {
+		return false
+	}
+	return usernameValid.MatchString(str)
+}
+
+// UsernameFrom returns a best-effort username from the provided string.
+//
+// It first attempts to validate the incoming string, which will
+// be returned if it is valid. It then will attempt to extract
+// the username from an email address. If no success happens during
+// these steps, a random username will be returned.
+func UsernameFrom(str string) string {
+	if UsernameValid(str) {
+		return str
+	}
+	emailAt := strings.LastIndex(str, "@")
+	if emailAt >= 0 {
+		str = str[:emailAt]
+	}
+	str = usernameReplace.ReplaceAllString(str, "")
+	if UsernameValid(str) {
+		return str
+	}
+	return strings.ReplaceAll(namesgenerator.GetRandomName(1), "_", "-")
+}