MCPcopy Index your code
hub / github.com/coder/coder / oauthLogin

Method oauthLogin

coderd/userauth.go:1720–2060  ·  view source on GitHub ↗
(r *http.Request, params *oauthLoginParams)

Source from the content-addressed store, hash-verified

1718}
1719
1720func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.Cookie, database.User, database.APIKey, error) {
1721 var (
1722 ctx = r.Context()
1723 user database.User
1724 cookies []*http.Cookie
1725 logger = api.Logger.Named(userAuthLoggerName)
1726 auditor = *api.Auditor.Load()
1727 dormantConvertAudit *audit.Request[database.User]
1728 initDormantAuditOnce = sync.OnceFunc(func() {
1729 dormantConvertAudit = params.initAuditRequest(&audit.RequestParams{
1730 Audit: auditor,
1731 Log: api.Logger,
1732 Request: r,
1733 Action: database.AuditActionWrite,
1734 OrganizationID: uuid.Nil,
1735 AdditionalFields: audit.BackgroundTaskFields(audit.BackgroundSubsystemDormancy),
1736 })
1737 })
1738 )
1739
1740 var isConvertLoginType bool
1741 err := api.Database.InTx(func(tx database.Store) error {
1742 var (
1743 link database.UserLink
1744 err error
1745 )
1746 user = params.User
1747 link = params.Link
1748
1749 // If you do a convert to OIDC and your email does not match, we need to
1750 // catch this and not make a new account.
1751 if isMergeStateString(params.State.StateString) {
1752 // Always clear this cookie. If it succeeds, we no longer need it.
1753 // If it fails, we no longer care about it.
1754 cookies = append(cookies, clearOAuthConvertCookie())
1755 user, err = api.convertUserToOauth(ctx, r, tx, params)
1756 if err != nil {
1757 return err
1758 }
1759 params.User = user
1760 isConvertLoginType = true
1761 }
1762
1763 // nolint:gocritic // Getting user count is a system function.
1764 userCount, err := tx.GetUserCount(dbauthz.AsSystemRestricted(ctx), false)
1765 if err != nil {
1766 return xerrors.Errorf("unable to fetch user count: %w", err)
1767 }
1768
1769 // Allow the first user to sign up with OIDC, regardless of
1770 // whether signups are enabled or not.
1771 allowSignup := userCount == 0 || params.AllowSignups
1772
1773 if user.ID == uuid.Nil && !allowSignup {
1774 signupsDisabledText := "Please contact your Coder administrator to request access."
1775 if api.OIDCConfig != nil && api.OIDCConfig.SignupsDisabledText != "" {
1776 signupsDisabledText = render.HTMLFromMarkdown(api.OIDCConfig.SignupsDisabledText)
1777 }

Callers 2

userOAuth2GithubMethod · 0.95
userOIDCMethod · 0.95

Calls 15

convertUserToOauthMethod · 0.95
CreateUserMethod · 0.95
createAPIKeyMethod · 0.95
BackgroundTaskFieldsFunction · 0.92
AsSystemRestrictedFunction · 0.92
HTMLFromMarkdownFunction · 0.92
NameDigitWithFunction · 0.92
UsernameFromFunction · 0.92
RoleOwnerFunction · 0.92
RefFunction · 0.92
ConvertUserFunction · 0.92
NowFunction · 0.92

Tested by

no test coverage detected