54cc587dad
Updated PreconditionFailed status occurences to more appropriate statuses. ( #5513 )
2023-01-13 08:30:48 -06:00
061635c36d
feat: Allow multiple OIDC domains ( #5210 )
...
Co-authored-by: Mathias Fredriksson <mafredri@gmail.com >
2022-12-05 20:20:53 +02:00
a4a319a76e
feat: add CODER_OIDC_IGNORE_EMAIL_VERIFIED config knob ( #5165 )
...
* Adds a configuration knob CODER_OIDC_IGNORE_EMAIL_VERIFIED that allows
ignoring the email_verified OIDC claim
* Adds warning message at startup if CODER_OIDC_IGNORE_EMAIL_VERIFIED=true
* Adds warning whenever an unverified OIDC email is let through
* Skips flaky test on non-linux platforms
Co-authored-by: Mathias Fredriksson <mafredri@gmail.com >
2022-11-25 10:10:09 +00:00
9fb710a04f
feat: Add allow everyone option to GitHub OAuth2 logins ( #5086 )
...
* feat: Add allow everyone option for GitHub OAuth
* fix: Detect team when multiple orgs are present
Co-authored-by: 李董睿煊 <dongruixuan@hotmail.com >
2022-11-15 18:56:46 +02:00
26ab0d37c1
fix: Protect codersdk.Client SessionToken so it can be updated ( #4965 )
...
This feature is used by the coder agent to exchange a new token. By
protecting the SessionToken via mutex we ensure there are no data races
when accessing it.
2022-11-09 15:31:24 +02:00
eec406b739
feat: Add Git auth for GitHub, GitLab, Azure DevOps, and BitBucket ( #4670 )
...
* Add scaffolding
* Move migration
* Add endpoints for gitauth
* Add configuration files and tests!
* Update typesgen
* Convert configuration format for git auth
* Fix unclosed database conn
* Add overriding VS Code configuration
* Fix Git screen
* Write VS Code special configuration if providers exist
* Enable automatic cloning from VS Code
* Add tests for gitaskpass
* Fix feature visibiliy
* Add banner for too many configurations
* Fix update loop for oauth token
* Jon comments
* Add deployment config page
2022-10-24 19:46:24 -05:00
61683f1961
fix: allow for alternate usernames on conflict ( #4614 )
2022-10-17 22:07:11 -05:00
618c6dcaa4
fix: Allow OIDC with the username as email ( #4594 )
...
Fixes #4472 .
2022-10-17 14:14:49 -05:00
574e5d37c7
fix: Remove case sensitivity check in OIDC email domain ( #4534 )
...
Fixes #4533 .
2022-10-13 15:51:54 +00:00
adcf8838d2
fix: Ensure GitHub OAuth2 users are active in organization ( #4416 )
2022-10-07 19:53:58 +03:00
9b5ee8f267
feat: Implement (but not enforce) CSRF for FE requests ( #3786 )
...
Future work is to enforce CSRF
Co-authored-by: Presley Pizzo <presley@coder.com >
2022-09-13 15:26:46 -04:00
e1afec6db4
fix: Optionally consume email_verified if it's provided ( #3957 )
...
This reduces our OIDC requirement claims to only `email`. If `email_verified`
is provided and is `false`, we will block authentication.
Fixes #3954 .
2022-09-08 14:06:00 +00:00
05e2806ff3
feat: Add profile pictures to OAuth users ( #3855 )
...
This supports GitHub and OIDC login for profile pictures!
2022-09-04 11:44:27 -05:00
a7b49788f5
chore: deduplicate OAuth login code ( #3575 )
2022-08-22 18:13:46 -05:00
b0fe9bcdd1
chore: Upgrade to Go 1.19 ( #3617 )
...
This is required as part of #3505 .
2022-08-21 22:32:53 +00:00
c3eea98db0
fix: use unique ID for linked accounts ( #3441 )
...
- move OAuth-related fields off of api_keys into a new user_links table
- restrict users to single form of login
- process updates to user email/usernames for OIDC
- added a login_type column to users
2022-08-17 18:00:53 -05:00
c3f946737c
fix: Strip session_token cookie from app proxy requests ( #3528 )
...
Fixes coder/security#1 .
2022-08-17 17:09:45 +00:00
ccf6f4e7ed
chore: Use contexts with timeout in coderd tests ( #3381 )
2022-08-09 20:17:00 +03:00
3d0febdd90
feat: Add OIDC authentication ( #3314 )
...
* feat: Add OIDC authentication
* Extract username into a separate package and add OIDC tests
* Add test case for invalid tokens
* Add test case for username as email
* Add OIDC to the frontend
* Improve comments from self-review
* Add authentication docs
* Add telemetry
* Update docs/install/auth.md
Co-authored-by: Ammar Bandukwala <ammar@ammar.io >
* Update docs/install/auth.md
Co-authored-by: Ammar Bandukwala <ammar@ammar.io >
* Remove username package
Co-authored-by: Ammar Bandukwala <ammar@ammar.io >
2022-07-31 23:05:35 -05:00
fd4954b4e5
fix: Use membership endpoint to ensure user exists in team ( #3129 )
...
This was using the incorrect GitHub endpoint prior, which fetched a team
by slug. Any user in a GitHub organization can view all teams, so this
didn't block signups like intended.
I've verified this API returns an error when the calling user is not a
member of the team requested.
Fixes #3105 .
2022-07-22 13:54:08 -05:00
8b76e40629
fix: Fetch GitHub teams by name for performance ( #2955 )
...
In large organizations with thousands of teams, looping took >5s.
This fetches organizations by team name, which should be very fast!
2022-07-13 00:45:43 +00:00
dff6e97f83
feat: Add allowlist of GitHub teams for OAuth ( #2849 )
...
Fixes #2848 .
2022-07-08 21:37:18 -05:00
23e5636dd0
fix: Use verified and primary email for GitHub signup ( #1230 )
...
This was causing a panic due to nil pointer dereference.
It required all users signing up had a public email,
which is an unreasonable requirement!
2022-04-29 15:13:35 -05:00
7496c3da81
feat: Add GitHub OAuth ( #1050 )
...
* Initial oauth
* Add Github authentication
* Add AuthMethods endpoint
* Add frontend
* Rename basic authentication to password
* Add flags for configuring GitHub auth
* Remove name from API keys
* Fix authmethods in test
* Add stories and display auth methods error
2022-04-23 22:58:57 +00:00
