04c33968cf
refactor: replace golang.org/x/exp/slices with slices ( #16772 )
...
The experimental functions in `golang.org/x/exp/slices` are now
available in the standard library since Go 1.21.
Reference: https://go.dev/doc/go1.21#slices
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com >
2025-03-04 00:46:49 +11:00
546a549dcf
feat: enable soft delete for organizations ( #16584 )
...
- Add deleted column to organizations table
- Add trigger to check for existing workspaces, templates, groups and
members in a org before allowing the soft delete
---------
Co-authored-by: Steven Masley <stevenmasley@gmail.com >
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com >
2025-02-24 12:59:41 -05:00
8c5e7007cd
feat: support the OAuth2 device flow with GitHub for signing in ( #16585 )
...
First PR in a series to address
https://github.com/coder/coder/issues/16230 .
Introduces support for logging in via the [GitHub OAuth2 Device
Flow](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow ).
It's previously been possible to configure external auth with the device
flow, but it's not been possible to use it for logging in. This PR
builds on the existing support we had to extend it to sign ins.
When a user clicks "sign in with GitHub" when device auth is configured,
they are redirected to the new `/login/device` page, which makes the
flow possible from the client's side. The recording below shows the full
flow.
https://github.com/user-attachments/assets/90c06f1f-e42f-43e9-a128-462270c80fdd
I've also manually tested that it works for converting from
password-based auth to oauth.
Device auth can be enabled by a deployment's admin by setting the
`CODER_OAUTH2_GITHUB_DEVICE_FLOW` env variable or a corresponding config
setting.
2025-02-21 18:42:16 +01:00
5841c0aacb
fix: fetch custom roles from workspace agent context ( #16237 )
2025-01-23 12:57:09 -06:00
60ddcf5de2
chore: improve testing coverage on ExtractProvisionerDaemonAuthenticated middleware ( #15622 )
...
This one aims to resolve #15604
Created some table tests for the main cases -
also preferred to create two isolated cases for the most complicated
cases in order to keep table tests simple enough.
Give us full coverage on the middleware logic, for both optional and non
optional cases - PSK and ProvisionerKey.
2024-11-26 04:02:20 +01:00
5b7fa78676
chore: add deployment config option to append custom csp directives ( #15596 )
...
Allows adding custom static CSP directives to Coder. Niche use case but
makes this easier then creating a reverse proxy that has to replace the
header. We want to preserve our directives, so having an append option
is preferred to a "replace" option via a reverse proxy.
Closes https://github.com/coder/coder/issues/15118
2024-11-21 11:53:53 -06:00
5861e516b9
chore: add standard test logger ignoring db canceled ( #15556 )
...
Refactors our use of `slogtest` to instantiate a "standard logger" across most of our tests. This standard logger incorporates https://github.com/coder/slog/pull/217 to also ignore database query canceled errors by default, which are a source of low-severity flakes.
Any test that has set non-default `slogtest.Options` is left alone. In particular, `coderdtest` defaults to ignoring all errors. We might consider revisiting that decision now that we have better tools to target the really common flaky Error logs on shutdown.
2024-11-18 14:09:22 +04:00
b6d0b7713a
chore: implement user link claims as a typed golang object ( #15502 )
...
Move claims from a `debug` column to an actual typed column to be used.
This does not functionally change anything, it just adds some Go typing to build
on.
2024-11-14 10:05:44 -06:00
765314ce18
ci: bump the github-actions group with 4 updates ( #15359 )
...
Bumps the github-actions group with 4 updates:
[crate-ci/typos](https://github.com/crate-ci/typos ),
[google-github-actions/auth](https://github.com/google-github-actions/auth ),
[google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud )
and
[google-github-actions/get-gke-credentials](https://github.com/google-github-actions/get-gke-credentials ).
Updates `crate-ci/typos` from 1.26.8 to 1.27.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases ">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.27.0</h2>
<h2>[1.27.0] - 2024-11-01</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1106 ">October
2024</a> changes</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md ">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="http://keepachangelog.com/ ">Keep a
Changelog</a>
and this project adheres to <a href="http://semver.org/ ">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.27.0] - 2024-11-01</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1106 ">October
2024</a> changes</li>
</ul>
<h2>[1.26.8] - 2024-10-24</h2>
<h2>[1.26.7] - 2024-10-24</h2>
<h2>[1.26.6] - 2024-10-24</h2>
<h2>[1.26.5] - 2024-10-24</h2>
<h2>[1.26.4] - 2024-10-24</h2>
<h2>[1.26.3] - 2024-10-24</h2>
<h3>Fixes</h3>
<ul>
<li>Accept <code>additionals</code></li>
</ul>
<h2>[1.26.2] - 2024-10-24</h2>
<h3>Fixes</h3>
<ul>
<li>Accept <code>tesselate</code> variants</li>
</ul>
<h2>[1.26.1] - 2024-10-23</h2>
<h3>Fixes</h3>
<ul>
<li>Respect <code>--force-exclude</code> for binary files</li>
</ul>
<h2>[1.26.0] - 2024-10-07</h2>
<h3>Compatibility</h3>
<ul>
<li><em>(pre-commit)</em> Requires 3.2+</li>
</ul>
<h3>Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d01f29c66d52e950bb1319cfc03ea4f80b1564bdhttps://redirect.github.com/crate-ci/typos/issues/1140 ">#1140</a>
from epage/oct</li>
<li><a
href="6b5c8079a9d64f202a88https://redirect.github.com/crate-ci/typos/issues/1137 ">#1137</a>)</li>
<li><a
href="e903c46287https://redirect.github.com/crate-ci/typos/issues/1136 ">#1136</a>
from PigeonF/PigeonF/push-mlqnlvmswwmp</li>
<li><a
href="b994765ef90d9e0c2c1b...d01f29c66dhttps://github.com/google-github-actions/auth/releases ">google-github-actions/auth's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.7</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: update relase workflows by <a
href="https://github.com/verbanicm "><code>@verbanicm</code></a> in <a
href="https://redirect.github.com/google-github-actions/auth/pull/452 ">google-github-actions/auth#452</a></li>
<li>Release: v2.1.7 by <a
href="https://github.com/google-github-actions-bot "><code>@google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/auth/pull/453 ">google-github-actions/auth#453</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/auth/compare/v2.1.6...v2.1.7 ">https://github.com/google-github-actions/auth/compare/v2.1.6...v2.1.7 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6fc4af4b14https://redirect.github.com/google-github-actions/auth/issues/453 ">#453</a>)</li>
<li><a
href="212f83afe8https://redirect.github.com/google-github-actions/auth/issues/452 ">#452</a>)</li>
<li>See full diff in <a
href="8254fb75a3...6fc4af4b14https://github.com/google-github-actions/setup-gcloud/releases ">google-github-actions/setup-gcloud's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.2</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: update release workflows by <a
href="https://github.com/verbanicm "><code>@verbanicm</code></a> in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/698 ">google-github-actions/setup-gcloud#698</a></li>
<li>Release: v2.1.2 by <a
href="https://github.com/google-github-actions-bot "><code>@google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/699 ">google-github-actions/setup-gcloud#699</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/setup-gcloud/compare/v2.1.1...v2.1.2 ">https://github.com/google-github-actions/setup-gcloud/compare/v2.1.1...v2.1.2 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6189d56e40https://redirect.github.com/google-github-actions/setup-gcloud/issues/699 ">#699</a>)</li>
<li><a
href="413dc083ddhttps://redirect.github.com/google-github-actions/setup-gcloud/issues/698 ">#698</a>)</li>
<li>See full diff in <a
href="f0990588f1...6189d56e40https://github.com/google-github-actions/get-gke-credentials/releases ">google-github-actions/get-gke-credentials's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix package name by <a
href="https://github.com/sethvargo "><code>@sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/pull/312 ">google-github-actions/get-gke-credentials#312</a></li>
<li>fix: update release workflows by <a
href="https://github.com/verbanicm "><code>@verbanicm</code></a> in <a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/pull/313 ">google-github-actions/get-gke-credentials#313</a></li>
<li>Release: v2.2.2 by <a
href="https://github.com/google-github-actions-bot "><code>@google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/pull/315 ">google-github-actions/get-gke-credentials#315</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/get-gke-credentials/compare/v2.2.1...v2.2.2 ">https://github.com/google-github-actions/get-gke-credentials/compare/v2.2.1...v2.2.2 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="206d64b64bhttps://redirect.github.com/google-github-actions/get-gke-credentials/issues/315 ">#315</a>)</li>
<li><a
href="0fead37d80https://redirect.github.com/google-github-actions/get-gke-credentials/issues/313 ">#313</a>)</li>
<li><a
href="d7d8311fd5https://redirect.github.com/google-github-actions/get-gke-credentials/issues/312 ">#312</a>)</li>
<li>See full diff in <a
href="6051de21ad...206d64b64bsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Muhammad Atif Ali <me@matifali.dev >
2024-11-05 19:43:41 +11:00
088f21965b
feat: add audit logs for dormancy events ( #15298 )
2024-10-31 17:55:42 -05:00
343f8ec9ab
chore: join owner, template, and org in new workspace view ( #15116 )
...
Joins in fields like `username`, `avatar_url`, `organization_name`,
`template_name` to `workspaces` via a **view**.
The view must be maintained moving forward, but this prevents needing to
add RBAC permissions to fetch related workspace fields.
2024-10-22 09:20:54 -05:00
2c8b264d78
chore: remove multi-organization and custom role experiment ( #14862 )
...
Closes https://github.com/coder/coder/issues/14704
---------
Co-authored-by: Kayla Washburn-Love <mckayla@hey.com >
2024-09-27 14:06:16 -05:00
328e69629c
fix: limit OAuth redirects to local paths ( #14585 )
...
- This prevents a malicious user from crafting a redirect
URL to a nefarious site under their control.
2024-09-10 15:58:50 +01:00
b6d35edebd
chore: remove meticulous from CI ( #14369 )
2024-08-20 14:13:13 -04:00
7b09d98238
chore: add /groups endpoint to filter by organization and/or member ( #14260 )
...
* chore: merge get groups sql queries into 1
* Add endpoint for fetching groups with filters
* remove 2 ways to customizing a fake authorizer
2024-08-15 13:40:15 -05:00
e164b1e71c
feat: add notification preferences database & audit support ( #14100 )
2024-08-05 16:18:45 +02:00
37a859f071
chore(testutil): add testutil.GetRandomName that does not return duplicates ( #14020 )
...
Fixes #13910
Adds testutil.GetRandomName that replaces namesgenerator.GetRandomName but instead appends a monotonically increasing integer instead of a number between 1 and 10.
2024-07-26 09:44:34 +01:00
6c2336b8e9
chore: shorten provisioner key ( #14017 )
2024-07-25 16:08:12 -05:00
915f69080a
chore: fix csrf error message on empty session header ( #14018 )
...
* chore: fix csrf error message on empty session header
A more detailed error message was added to catch mismatched
session tokens. This error was mistakenly applying to all CSRF
failures.
2024-07-25 15:58:23 -05:00
ca83017dc1
feat: accept provisioner keys for provisioner auth ( #13972 )
2024-07-25 10:22:55 -04:00
8d4bccc612
feat: add meticulous recorder ( #13886 )
2024-07-18 20:15:07 -05:00
b697c6939a
chore: add provisioner key crud apis ( #13857 )
2024-07-16 13:27:12 -04:00
d50ffa78f6
fix: exit reset password request before passwords are compared ( #13856 )
2024-07-09 14:28:39 -05:00
10c2817f4d
chore: swagger docs omit brower based credentials, rely on swagger auth ( #13742 )
...
* chore: swagger docs omit brower based credentials, rely on swagger auth
Swagger has an "Authorize" button which should be the only
authentication being used in the api requests
2024-07-01 13:44:35 -05:00
5177f366f5
fix: organization 404 write 1 http status ( #13629 )
2024-06-21 13:01:46 -05:00
0e933f0537
chore: refactor user -> rbac.subject into a function ( #13624 )
...
* chore: refactor user subject logic to be in 1 place
* test: implement test to assert deleted custom roles are omitted
* add unit test for deleted role
2024-06-21 11:30:02 -05:00
57b38e5bb8
fix: allow coder.com in CSP if telemetry is enabled ( #13615 )
...
* fix: allow coder.com in CSP if telemetry is enabled
* Fix control couple lint
2024-06-20 16:05:22 -04:00
de9e6889bb
chore: merge organization member db queries ( #13542 )
...
Merge members queries into 1 that also joins in the user table for username.
Required to list organization members on UI/cli
2024-06-12 09:23:48 -10:00
5ccf5084e8
chore: create type for unique role names ( #13506 )
...
* chore: create type for unique role names
Using `string` was confusing when something should be combined with
org context, and when not to. Naming this new name, "RoleIdentifier"
2024-06-11 08:55:28 -05:00
8f62311f00
chore: remove organization_id suffix from org_member roles in database ( #13473 )
...
Organization member's table is already scoped to an organization.
Rolename should avoid having the org_id appended.
Wipes all existing organization role assignments, which should not be used anyway.
2024-06-05 11:25:02 -05:00
ad8c314130
chore: implement api for creating custom roles ( #13298 )
...
api endpoint (gated by experiment) to create custom_roles
2024-05-16 13:47:47 -05:00
eeb3d63be6
chore: merge authorization contexts ( #12816 )
...
* chore: merge authorization contexts
Instead of 2 auth contexts from apikey and dbauthz, merge them to
just use dbauthz. It is annoying to have two.
* fixup authorization reference
2024-03-29 10:14:27 -05:00
03ab37b343
chore: remove middleware to request version and entitlement warnings ( #12750 )
...
This cleans up `root.go` a bit, adds tests for middleware HTTP transport
functions, and removes two HTTP requests we always always performed previously
when executing *any* client command.
It should improve CLI performance (especially for users with higher latency).
2024-03-25 15:01:42 -04:00
0723dd3abf
fix: ensure agent token is from latest build in middleware ( #12443 )
2024-03-14 12:27:32 -04:00
5c6974e55f
feat: implement provisioner auth middleware and proper org params ( #12330 )
...
* feat: provisioner auth in mw to allow ExtractOrg
Step to enable org scoped provisioner daemons
* chore: handle default org handling for provisioner daemons
2024-03-04 15:15:41 -06:00
d2998c6b7b
feat: implement organization context in the cli ( #12259 )
...
* feat: implement organization context in the cli
`coder org show current`
2024-02-26 10:03:49 -06:00
4d39da294e
feat: add oauth2 token exchange ( #12196 )
...
Co-authored-by: Steven Masley <stevenmasley@gmail.com >
2024-02-20 14:58:43 -09:00
3ab3a62bef
feat: add port-sharing backend ( #11939 )
2024-02-13 09:31:20 -05:00
dcab6fa5a4
feat(site): display user avatar ( #11893 )
...
* add owner API to workspace and workspace build responses
* display user avatar in workspace top bar
Co-authored-by: Cian Johnston <cian@coder.com >
2024-01-30 17:07:06 +00:00
b246f08d84
chore: move app URL parsing to its own package ( #11651 )
...
* chore: move app url parsing to it's own package
2024-01-17 10:41:42 -06:00
50b78e3325
chore: instrument external oauth2 requests ( #11519 )
...
* chore: instrument external oauth2 requests
External requests made by oauth2 configs are now instrumented into prometheus metrics.
2024-01-10 09:13:30 -06:00
fb29af664b
fix: relax csrf to exclude path based apps ( #11430 )
...
* fix: relax csrf to exclude path based apps
* add unit test to verify path based apps are not CSRF blocked
2024-01-08 22:33:57 +00:00
5cfa34b31e
feat: add OAuth2 applications ( #11197 )
...
* Add database tables for OAuth2 applications
These are applications that will be able to use OAuth2 to get an API key
from Coder.
* Add endpoints for managing OAuth2 applications
These let you add, update, and remove OAuth2 applications.
* Add frontend for managing OAuth2 applications
2023-12-21 21:38:42 +00:00
fe867d02e0
fix: correct perms for forbidden error in TemplateScheduleStore.Load ( #11286 )
...
* chore: TemplateScheduleStore.Load() throwing forbidden error
* fix: workspace agent scope to include template
2023-12-20 11:38:49 -06:00
24080b121c
feat: enable csrf token header ( #11283 )
...
* feat: enable csrf token header
* Exempt external auth requets
* ensure dev server bypasses CSRF
* external auth is just get requests
* Add some more routes
* Extra assurance nothing breaks
2023-12-19 15:42:05 -06:00
eb81fcf1e1
fix: lower amount of cached timezones for deployment daus ( #11196 )
...
Updates https://github.com/coder/customers/issues/384
This should help alleviate some pressure, but doesn't really fix the
root cause. See above issue for more details.
2023-12-13 16:50:29 -06:00
dba0dfa859
chore: correct 500 -> 404 on workspace agent mw ( #11129 )
...
* chore: correct 500 -> 404
2023-12-12 15:14:32 -06:00
091fdd6761
fix: redirect unauthorized git users to login screen ( #10995 )
...
* fix: redirect to login screen if unauthorized git user
* consolidated language
* fix redirect
2023-12-07 09:19:31 -05:00
abb2c7656a
chore: add claims to oauth link in db for debug ( #10827 )
...
* chore: add claims to oauth link in db for debug
2023-11-27 10:47:23 -06:00
5abfe5afd0
chore: rename dbfake to dbmem ( #10432 )
2023-10-30 17:42:20 +00:00
