MCPcopy Index your code
hub / github.com/coder/coder / oidcAuthLinks

Function oidcAuthLinks

cli/server.go:121–168  ·  view source on GitHub ↗

oidcAuthLinks validates and can repair any broken OIDC auth links from changes in OIDC providers. This function should avoid returning a fatal error as much as possible. If this function fails, it should just log the error and exit.

(ctx context.Context, logger slog.Logger, cli *http.Client, vals *codersdk.DeploymentValues, db database.Store)

Source from the content-addressed store, hash-verified

119// OIDC providers. This function should avoid returning a fatal error as much as possible.
120// If this function fails, it should just log the error and exit.
121func oidcAuthLinks(ctx context.Context, logger slog.Logger, cli *http.Client, vals *codersdk.DeploymentValues, db database.Store) error {
122 // nolint:gocritic // Requires system privileges
123 ctx = dbauthz.AsSystemRestricted(ctx)
124 expectedIssuer, err := authlink.ResolveIssuer(ctx, cli, vals.OIDC.IssuerURL.String())
125 if err != nil {
126 // Always log if there is a failure here
127 logger.Error(ctx, "unable to resolve OIDC 'issuer'",
128 slog.F("error", err.Error()),
129 slog.F("url", vals.OIDC.IssuerURL.String()),
130 )
131 return nil
132 }
133
134 analysis, err := authlink.AnalyzeOIDCLinks(ctx, db, expectedIssuer)
135 if err != nil {
136 // Do not make this error fatal
137 logger.Error(ctx, "unable to analyze OIDC links, OIDC user links cannot be verified as linked to this issuer",
138 slog.F("error", err.Error()),
139 slog.F("url", vals.OIDC.IssuerURL.String()),
140 slog.F("issuer", expectedIssuer),
141 )
142 return nil
143 }
144
145 if !vals.OIDC.AutoRepairLinks.Value() {
146 return nil
147 }
148
149 // Repair any broken OIDC links
150 if analysis.MismatchedTotal() > 0 {
151 count, err := authlink.ResetMismatchedOIDCLinks(ctx, db, expectedIssuer)
152 if err != nil {
153 logger.Error(ctx, "unable to reset mismatched OIDC links",
154 slog.F("error", err.Error()),
155 slog.F("url", vals.OIDC.IssuerURL.String()),
156 slog.F("issuer", expectedIssuer),
157 )
158 return nil
159 }
160
161 logger.Info(ctx, "oidc users OIDC links reset",
162 slog.F("url", vals.OIDC.IssuerURL.String()),
163 slog.F("issuer", expectedIssuer),
164 slog.F("count", count),
165 )
166 }
167 return nil
168}
169
170func createOIDCConfig(ctx context.Context, logger slog.Logger, vals *codersdk.DeploymentValues) (*coderd.OIDCConfig, error) {
171 if vals.OIDC.ClientID == "" {

Callers 2

ServerMethod · 0.85
TestOIDCAuthLinksFunction · 0.85

Calls 9

AsSystemRestrictedFunction · 0.92
ResolveIssuerFunction · 0.92
AnalyzeOIDCLinksFunction · 0.92
ResetMismatchedOIDCLinksFunction · 0.92
MismatchedTotalMethod · 0.80
StringMethod · 0.45
ErrorMethod · 0.45
ValueMethod · 0.45
InfoMethod · 0.45

Tested by 1

TestOIDCAuthLinksFunction · 0.68