synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-13 21:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: implement better 404 for unimplemented scim endpoints (#15232)

Browse Source 
Prior to this, html was returned.
This commit is contained in:
Steven Masley
2024-10-25 13:23:12 -04:00
committed by GitHub
parent 487b37b228
commit 900e2cd39c
3 changed files with 10 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
enterprise/coderd/coderd.go
View File

@ -455,7 +455,7 @@ func New(ctx context.Context, options *Options) (_ *API, err error) {
if len(options.SCIMAPIKey) != 0 { if len(options.SCIMAPIKey) != 0 {
api.AGPL.RootHandler.Route("/scim/v2", func(r chi.Router) { api.AGPL.RootHandler.Route("/scim/v2", func(r chi.Router) {
r.Use( r.Use(
api.scimEnabledMW, api.RequireFeatureMW(codersdk.FeatureSCIM),
) )
r.Post("/Users", api.scimPostUser) r.Post("/Users", api.scimPostUser)
r.Route("/Users", func(r chi.Router) { r.Route("/Users", func(r chi.Router) {
@ -464,6 +464,13 @@ func New(ctx context.Context, options *Options) (_ *API, err error) {
r.Get("/{id}", api.scimGetUser) r.Get("/{id}", api.scimGetUser)
r.Patch("/{id}", api.scimPatchUser) r.Patch("/{id}", api.scimPatchUser)
}) })
r.NotFound(func(w http.ResponseWriter, r *http.Request) {
u := r.URL.String()
httpapi.Write(r.Context(), w, http.StatusNotFound, codersdk.Response{
Message: fmt.Sprintf("SCIM endpoint %s not found", u),
Detail: "This endpoint is not implemented. If it is correct and required, please contact support.",
})
})
}) })
} else { } else {
// Show a helpful 404 error. Because this is not under the /api/v2 routes, // Show a helpful 404 error. Because this is not under the /api/v2 routes,

11
enterprise/coderd/scim.go
View File

@ -23,17 +23,6 @@ import (
"github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/codersdk"
) )
func (api *API) scimEnabledMW(next http.Handler) http.Handler {
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
if !api.Entitlements.Enabled(codersdk.FeatureSCIM) {
httpapi.RouteNotFound(rw)
return
}
next.ServeHTTP(rw, r)
})
}
func (api *API) scimVerifyAuthHeader(r *http.Request) bool { func (api *API) scimVerifyAuthHeader(r *http.Request) bool {
bearer := []byte("Bearer ") bearer := []byte("Bearer ")
hdr := []byte(r.Header.Get("Authorization")) hdr := []byte(r.Header.Get("Authorization"))

4
enterprise/coderd/scim_test.go
View File

@ -88,7 +88,7 @@ func TestScim(t *testing.T) {
res, err := client.Request(ctx, "POST", "/scim/v2/Users", struct{}{}) res, err := client.Request(ctx, "POST", "/scim/v2/Users", struct{}{})
require.NoError(t, err) require.NoError(t, err)
defer res.Body.Close() defer res.Body.Close()
assert.Equal(t, http.StatusNotFound, res.StatusCode) assert.Equal(t, http.StatusForbidden, res.StatusCode)
}) })
t.Run("noAuth", func(t *testing.T) { t.Run("noAuth", func(t *testing.T) {
@ -424,7 +424,7 @@ func TestScim(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
_, _ = io.Copy(io.Discard, res.Body) _, _ = io.Copy(io.Discard, res.Body)
_ = res.Body.Close() _ = res.Body.Close()
assert.Equal(t, http.StatusNotFound, res.StatusCode) assert.Equal(t, http.StatusForbidden, res.StatusCode)
}) })
t.Run("noAuth", func(t *testing.T) { t.Run("noAuth", func(t *testing.T) {