- move OAuth-related fields off of api_keys into a new user_links table
- restrict users to single form of login
- process updates to user email/usernames for OIDC
- added a login_type column to users
* feat: Add anonymized telemetry to report product usage
This adds a background service to report telemetry to a Coder
server for usage data. There will be realtime event data sent
in the future, but for now usage will report on a CRON.
* Fix flake and requested changes
* Add reporting options for setup
* Add reporting for workspaces
* Add resources as they are reported
* Track API key usage
* Ensure telemetry is tracked prior to exit
* feat: Member roles are implied and never exlpicitly added
* Rename "GetAllUserRoles" to "GetAuthorizationRoles"
* feat: Add migration to remove implied roles
* rename user auth role middleware
* delete API token in logout api
* add deleteapikeybyid to databasefake
* set blank cookie on logout always
* refactor logout flow, add unit tests
* update logout messsage
* use read-only file mode for windows
* fix file mode on windows for cleanup
* change file permissions on windows
* assert error is not nil
* refactor cli
* try different file mode on windows
* try different file mode on windows
* try keeping the files open on Windows
* fix the error message on Windows
Abstracting coderd into an interface added misdirection because
the interface was never intended to be fulfilled outside of a single
implementation.
This lifts the abstraction, and attaches all handlers to a root struct
named `*coderd.API`.
* feat: Implement pagination for template versions
* feat: Use unified pagination between users and template versions
* Sync codepaths between users and template versions
* Create requestOption type in codersdk and add test
* Fix created_at edge case for pagination cursor in queries
* feat: Add support for json omitempty and embedded structs in apitypings (#1318)
* Add scripts/apitypings/main.go to Makefile
1. Adds benchmarks comparing bcrypt and our pbkdf2 settings
1. Changes the pbkdf2 hash iterations back to 65k. 1024 is insecure
1. Gets rid of the short circuit when the user isn't found, preventing
timing attacks which can reveal which emails exist on a deployment
```
$ go test -bench .
goos: linux
goarch: amd64
pkg: github.com/coder/coder/coderd/userpassword
cpu: Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz
BenchmarkBcryptMinCost-16 1651 702727 ns/op 5165 B/op 10 allocs/op
BenchmarkPbkdf2MinCost-16 1669 714843 ns/op 804 B/op 10 allocs/op
BenchmarkBcryptDefaultCost-16 27 42676316 ns/op 5246 B/op 10 allocs/op
BenchmarkPbkdf2-16 26 45902236 ns/op 804 B/op 10 allocs/op
PASS
ok github.com/coder/coder/coderd/userpassword 5.036s
```
This removes split ownership for workspaces. They are now
a resource of organizations and have a designated owner,
which is a user.
This enables simple administration for commands like:
- `coder stop ben/dev`
- `coder build logs colin/arch`
or if we decide to allow administrators to access workspaces,
they could even SSH using this syntax: `coder ssh colin/dev`.
