4fe221a700
feat: add flag to disable password auth ( #5991 )
...
Adds a flag --disable-password-auth that prevents the password login
endpoint from working unless the user has the "owner" (aka. site admin)
role.
Adds a subcommand `coder server create-admin-user` which creates a user
directly in the database with the "owner" role, the "admin" role in
every organization, and password auth. This is to avoid lock-out
situations where all accounts have the login type set to an identity
provider and nobody can login.
2023-02-06 14:58:21 +00:00
496138b086
feat: assign users to groups returned by OIDC provider ( #5965 )
2023-02-02 19:53:48 +00:00
69fce0488e
feat: Allow hiding password auth, changing OpenID Connect text and OpenID Connect icon ( #5101 )
...
* Allow hiding password entry, changing OpenID Connect text and OpenID Connect icon
* Docs
* Cleaning
* Fix Prettier and Go test and TS compile error
* Fix LoginPage test
* Prettier
* Fix storybook
* Add query param to un-hide password auth
* Cleaning
* Hide password by default when OIDC enabled
* Ran prettier, updated goldenfiles and ran "make gen"
* Fixed and added LoginPage test
* Ran prettier
* PR Feedback and split up SignInForm.tsx
* Updated golden files
* Fix auto-genned-files
* make gen -B
* Revert provisioner files?
* Fix lint error
---------
Co-authored-by: Kyle Carberry <kyle@coder.com >
2023-01-31 18:33:25 +00:00
bbc1a9a1d8
fix: use UserInfo endpoint with OIDC ( #5735 )
...
This resolves a user issue surfaced in Discord:
https://discord.com/channels/747933592273027093/1064566338875576361/1064566338875576361
Both methods of obtaining claims need to be used according
to the OIDC specification.
2023-01-16 16:06:39 -06:00
54cc587dad
Updated PreconditionFailed status occurences to more appropriate statuses. ( #5513 )
2023-01-13 08:30:48 -06:00
deebfcbd53
feat: Validate swagger definitions ( #5694 )
...
* docs: audit, deploymentconfig, files, parameters
* Swagger comments in workspacebuilds.go
* structs in workspacebuilds.go
* workspaceagents: instance identity
* workspaceagents.go in progress
* workspaceagents.go in progress
* Agents
* workspacebuilds.go
* /workspaces
* templates.go, templateversions.go
* templateversion.go in progress
* cancel
* templateversions
* wip
* Merge
* x-apidocgen
* NullTime hack not needed anymore
* Fix: x-apidocgen
* Members
* Fixes
* Fix
* WIP
* WIP
* Users
* Logout
* User profile
* Status suspend activate
* User roles
* User tokens
* Keys
* SSH key
* All
* Typo
* Fix
* Entitlements
* Groups
* SCIM
* Fix
* Fix
* Clean templates
* Sort API pages
* Fix: HashedSecret
* WIP
* WIP
* WIP
* Fix: cover workspaceagents
* Assert: consistent ID and summary
* Assert: success or failure defined
* Fix: parallel
* Refactor
* Support enterprise
* Go comment goes to top
* Security
* assertPathParametersDefined
* assertUniqueRoutes
* assertRequestBody
* More fixes
* Fix: exceptions
* Fix field format
* Address PR comments
* Refactor
2023-01-13 12:27:21 +01:00
8e9cbdd71b
docs: API users ( #5620 )
...
* docs: audit, deploymentconfig, files, parameters
* Swagger comments in workspacebuilds.go
* structs in workspacebuilds.go
* workspaceagents: instance identity
* workspaceagents.go in progress
* workspaceagents.go in progress
* Agents
* workspacebuilds.go
* /workspaces
* templates.go, templateversions.go
* templateversion.go in progress
* cancel
* templateversions
* wip
* Merge
* x-apidocgen
* NullTime hack not needed anymore
* Fix: x-apidocgen
* Members
* Fixes
* Fix
* WIP
* WIP
* Users
* Logout
* User profile
* Status suspend activate
* User roles
* User tokens
* Keys
* SSH key
* All
* Typo
* Fix
* Fix
* Fix: LoginWithPasswordRequest
2023-01-11 14:08:04 +01:00
de0601d611
feat: allow configurable username claim field in OIDC ( #5507 )
...
Co-authored-by: Colin Adler <colin1adler@gmail.com >
2023-01-04 15:16:31 -06:00
061635c36d
feat: Allow multiple OIDC domains ( #5210 )
...
Co-authored-by: Mathias Fredriksson <mafredri@gmail.com >
2022-12-05 20:20:53 +02:00
a4a319a76e
feat: add CODER_OIDC_IGNORE_EMAIL_VERIFIED config knob ( #5165 )
...
* Adds a configuration knob CODER_OIDC_IGNORE_EMAIL_VERIFIED that allows
ignoring the email_verified OIDC claim
* Adds warning message at startup if CODER_OIDC_IGNORE_EMAIL_VERIFIED=true
* Adds warning whenever an unverified OIDC email is let through
* Skips flaky test on non-linux platforms
Co-authored-by: Mathias Fredriksson <mafredri@gmail.com >
2022-11-25 10:10:09 +00:00
9fb710a04f
feat: Add allow everyone option to GitHub OAuth2 logins ( #5086 )
...
* feat: Add allow everyone option for GitHub OAuth
* fix: Detect team when multiple orgs are present
Co-authored-by: 李董睿煊 <dongruixuan@hotmail.com >
2022-11-15 18:56:46 +02:00
97dbd4dc5d
Implement Quotas v3 ( #5012 )
...
* provisioner/terraform: add cost to resource_metadata
* provisionerd/runner: use Options struct
* Complete provisionerd implementation
* Add quota_allowance to groups
* Combine Quota and RBAC licenses
* Add Opts to InTx
2022-11-14 17:57:33 +00:00
2042b575dc
feat: Add template display name (backend) ( #4966 )
...
* Rename to nameValidator
* Refactor: NameValid
* Fix: comment
* Define new migration
* Include display_name
* Update typesGenerated.ts
* Update meta
* Adjust tests
* CLI tests
* Fix: audit
* Fix: omitempty
* site: display_name is optional
* unit: TestUsernameValid
* entities.ts: add display_name
* site: TemplateSettingsPage.test.tsx
* Fix: TemplateSettingsForm.tsx
* Adjust tests
* Add comment to display_name column
* Fix: rename
* Fix: make
* Loosen regexp
* Fix: err check
* Fix: template name length
* Allow for whitespaces
* Update migration number
2022-11-10 21:51:09 +01:00
eec406b739
feat: Add Git auth for GitHub, GitLab, Azure DevOps, and BitBucket ( #4670 )
...
* Add scaffolding
* Move migration
* Add endpoints for gitauth
* Add configuration files and tests!
* Update typesgen
* Convert configuration format for git auth
* Fix unclosed database conn
* Add overriding VS Code configuration
* Fix Git screen
* Write VS Code special configuration if providers exist
* Enable automatic cloning from VS Code
* Add tests for gitaskpass
* Fix feature visibiliy
* Add banner for too many configurations
* Fix update loop for oauth token
* Jon comments
* Add deployment config page
2022-10-24 19:46:24 -05:00
61683f1961
fix: allow for alternate usernames on conflict ( #4614 )
2022-10-17 22:07:11 -05:00
618c6dcaa4
fix: Allow OIDC with the username as email ( #4594 )
...
Fixes #4472 .
2022-10-17 14:14:49 -05:00
574e5d37c7
fix: Remove case sensitivity check in OIDC email domain ( #4534 )
...
Fixes #4533 .
2022-10-13 15:51:54 +00:00
adcf8838d2
fix: Ensure GitHub OAuth2 users are active in organization ( #4416 )
2022-10-07 19:53:58 +03:00
6deef06ad2
feat: secure and cross-domain subdomain-based proxying ( #4136 )
...
Co-authored-by: Kyle Carberry <kyle@carberry.com >
2022-09-22 22:30:32 +00:00
5de6f86959
feat: trace httpapi.{Read,Write} ( #4134 )
2022-09-21 17:07:00 -05:00
5e2efb68f1
feat: add SCIM provisioning via Okta ( #4132 )
...
Co-authored-by: Ben Potter <ben@coder.com >
2022-09-20 15:16:26 -05:00
9ab437d6e2
feat: Add serving applications on subdomains and port-based proxying ( #3753 )
...
Co-authored-by: Dean Sheather <dean@deansheather.com >
2022-09-14 03:31:33 +10:00
57c7fcf27f
fix: Ignore deleted users when signing up with OAuth ( #4036 )
...
This prevented a deleted user from signing up again when they
were already linked with a previous account.
2022-09-13 07:33:35 -05:00
e1afec6db4
fix: Optionally consume email_verified if it's provided ( #3957 )
...
This reduces our OIDC requirement claims to only `email`. If `email_verified`
is provided and is `false`, we will block authentication.
Fixes #3954 .
2022-09-08 14:06:00 +00:00
ad24404018
fix: fix creating users with wrong login type ( #3929 )
2022-09-07 10:37:15 -05:00
05e2806ff3
feat: Add profile pictures to OAuth users ( #3855 )
...
This supports GitHub and OIDC login for profile pictures!
2022-09-04 11:44:27 -05:00
a7b49788f5
chore: deduplicate OAuth login code ( #3575 )
2022-08-22 18:13:46 -05:00
f6b0835982
fix: avoid processing updates to usernames ( #3571 )
...
- With the support of OIDC we began processing updates to a user's
email and username to stay in sync with the upstream provider. This
can cause issues in templates that use the user's username as a stable
identifier, potentially causing the deletion of user's home volumes.
- Fix some faulty error wrapping.
2022-08-18 17:56:17 -05:00
380022fe63
fix: update oauth token on each login ( #3542 )
2022-08-17 23:06:03 -05:00
c3eea98db0
fix: use unique ID for linked accounts ( #3441 )
...
- move OAuth-related fields off of api_keys into a new user_links table
- restrict users to single form of login
- process updates to user email/usernames for OIDC
- added a login_type column to users
2022-08-17 18:00:53 -05:00
3d0febdd90
feat: Add OIDC authentication ( #3314 )
...
* feat: Add OIDC authentication
* Extract username into a separate package and add OIDC tests
* Add test case for invalid tokens
* Add test case for username as email
* Add OIDC to the frontend
* Improve comments from self-review
* Add authentication docs
* Add telemetry
* Update docs/install/auth.md
Co-authored-by: Ammar Bandukwala <ammar@ammar.io >
* Update docs/install/auth.md
Co-authored-by: Ammar Bandukwala <ammar@ammar.io >
* Remove username package
Co-authored-by: Ammar Bandukwala <ammar@ammar.io >
2022-07-31 23:05:35 -05:00
fd4954b4e5
fix: Use membership endpoint to ensure user exists in team ( #3129 )
...
This was using the incorrect GitHub endpoint prior, which fetched a team
by slug. Any user in a GitHub organization can view all teams, so this
didn't block signups like intended.
I've verified this API returns an error when the calling user is not a
member of the team requested.
Fixes #3105 .
2022-07-22 13:54:08 -05:00
8b76e40629
fix: Fetch GitHub teams by name for performance ( #2955 )
...
In large organizations with thousands of teams, looping took >5s.
This fetches organizations by team name, which should be very fast!
2022-07-13 00:45:43 +00:00
7e9819f2a8
ref: move httpapi.Reponse into codersdk ( #2954 )
2022-07-12 19:15:02 -05:00
dff6e97f83
feat: Add allowlist of GitHub teams for OAuth ( #2849 )
...
Fixes #2848 .
2022-07-08 21:37:18 -05:00
af401e3fe1
chore: Linter rule for properly formatted api errors ( #2123 )
...
* chore: Linter rule for properly formatted api errors
* Add omitempty to 'Detail' field
2022-06-07 14:33:06 +00:00
c9a4642a12
chore: Update BE http errors to be ui friendly ( #1994 )
...
* chore: More UI friendly errors
Mainly capitlization + messages prefix error
2022-06-03 21:48:09 +00:00
31b819e83f
chore: Remove interface from coderd and lift API surface ( #1772 )
...
Abstracting coderd into an interface added misdirection because
the interface was never intended to be fulfilled outside of a single
implementation.
This lifts the abstraction, and attaches all handlers to a root struct
named `*coderd.API`.
2022-05-26 03:14:08 +00:00
97a95f1377
chore: upgrade golangci-lint to v1.46.0 ( #1373 )
2022-05-10 16:04:23 -05:00
23e5636dd0
fix: Use verified and primary email for GitHub signup ( #1230 )
...
This was causing a panic due to nil pointer dereference.
It required all users signing up had a public email,
which is an unreasonable requirement!
2022-04-29 15:13:35 -05:00
7496c3da81
feat: Add GitHub OAuth ( #1050 )
...
* Initial oauth
* Add Github authentication
* Add AuthMethods endpoint
* Add frontend
* Rename basic authentication to password
* Add flags for configuring GitHub auth
* Remove name from API keys
* Fix authmethods in test
* Add stories and display auth methods error
2022-04-23 22:58:57 +00:00
