(r *http.Request, params *oauthLoginParams)
| 1718 | } |
| 1719 | |
| 1720 | func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.Cookie, database.User, database.APIKey, error) { |
| 1721 | var ( |
| 1722 | ctx = r.Context() |
| 1723 | user database.User |
| 1724 | cookies []*http.Cookie |
| 1725 | logger = api.Logger.Named(userAuthLoggerName) |
| 1726 | auditor = *api.Auditor.Load() |
| 1727 | dormantConvertAudit *audit.Request[database.User] |
| 1728 | initDormantAuditOnce = sync.OnceFunc(func() { |
| 1729 | dormantConvertAudit = params.initAuditRequest(&audit.RequestParams{ |
| 1730 | Audit: auditor, |
| 1731 | Log: api.Logger, |
| 1732 | Request: r, |
| 1733 | Action: database.AuditActionWrite, |
| 1734 | OrganizationID: uuid.Nil, |
| 1735 | AdditionalFields: audit.BackgroundTaskFields(audit.BackgroundSubsystemDormancy), |
| 1736 | }) |
| 1737 | }) |
| 1738 | ) |
| 1739 | |
| 1740 | var isConvertLoginType bool |
| 1741 | err := api.Database.InTx(func(tx database.Store) error { |
| 1742 | var ( |
| 1743 | link database.UserLink |
| 1744 | err error |
| 1745 | ) |
| 1746 | user = params.User |
| 1747 | link = params.Link |
| 1748 | |
| 1749 | // If you do a convert to OIDC and your email does not match, we need to |
| 1750 | // catch this and not make a new account. |
| 1751 | if isMergeStateString(params.State.StateString) { |
| 1752 | // Always clear this cookie. If it succeeds, we no longer need it. |
| 1753 | // If it fails, we no longer care about it. |
| 1754 | cookies = append(cookies, clearOAuthConvertCookie()) |
| 1755 | user, err = api.convertUserToOauth(ctx, r, tx, params) |
| 1756 | if err != nil { |
| 1757 | return err |
| 1758 | } |
| 1759 | params.User = user |
| 1760 | isConvertLoginType = true |
| 1761 | } |
| 1762 | |
| 1763 | // nolint:gocritic // Getting user count is a system function. |
| 1764 | userCount, err := tx.GetUserCount(dbauthz.AsSystemRestricted(ctx), false) |
| 1765 | if err != nil { |
| 1766 | return xerrors.Errorf("unable to fetch user count: %w", err) |
| 1767 | } |
| 1768 | |
| 1769 | // Allow the first user to sign up with OIDC, regardless of |
| 1770 | // whether signups are enabled or not. |
| 1771 | allowSignup := userCount == 0 || params.AllowSignups |
| 1772 | |
| 1773 | if user.ID == uuid.Nil && !allowSignup { |
| 1774 | signupsDisabledText := "Please contact your Coder administrator to request access." |
| 1775 | if api.OIDCConfig != nil && api.OIDCConfig.SignupsDisabledText != "" { |
| 1776 | signupsDisabledText = render.HTMLFromMarkdown(api.OIDCConfig.SignupsDisabledText) |
| 1777 | } |
no test coverage detected