scimPostUser creates a new user, or returns the existing user if it exists. @Summary SCIM 2.0: Create new user @ID scim-create-new-user @Security Authorization @Produce json @Tags Enterprise @Param request body coderd.SCIMUser true "New user" @Success 200 {object} coderd.SCIMUser @Router /scim/v2/U
(rw http.ResponseWriter, r *http.Request)
| 197 | // @Success 200 {object} coderd.SCIMUser |
| 198 | // @Router /scim/v2/Users [post] |
| 199 | func (api *API) scimPostUser(rw http.ResponseWriter, r *http.Request) { |
| 200 | ctx := r.Context() |
| 201 | if !api.scimVerifyAuthHeader(r) { |
| 202 | scimUnauthorized(rw) |
| 203 | return |
| 204 | } |
| 205 | |
| 206 | auditor := *api.AGPL.Auditor.Load() |
| 207 | aReq, commitAudit := audit.InitRequest[database.User](rw, &audit.RequestParams{ |
| 208 | Audit: auditor, |
| 209 | Log: api.Logger, |
| 210 | Request: r, |
| 211 | Action: database.AuditActionCreate, |
| 212 | AdditionalFields: SCIMAuditAdditionalFields, |
| 213 | }) |
| 214 | defer commitAudit() |
| 215 | |
| 216 | var sUser SCIMUser |
| 217 | err := json.NewDecoder(r.Body).Decode(&sUser) |
| 218 | if err != nil { |
| 219 | _ = handlerutil.WriteError(rw, scim.NewHTTPError(http.StatusBadRequest, "invalidRequest", err)) |
| 220 | return |
| 221 | } |
| 222 | |
| 223 | if sUser.Active == nil { |
| 224 | _ = handlerutil.WriteError(rw, scim.NewHTTPError(http.StatusBadRequest, "invalidRequest", xerrors.New("active field is required"))) |
| 225 | return |
| 226 | } |
| 227 | |
| 228 | email := "" |
| 229 | for _, e := range sUser.Emails { |
| 230 | if e.Primary { |
| 231 | email = e.Value |
| 232 | break |
| 233 | } |
| 234 | } |
| 235 | |
| 236 | if email == "" { |
| 237 | _ = handlerutil.WriteError(rw, scim.NewHTTPError(http.StatusBadRequest, "invalidEmail", xerrors.New("no primary email provided"))) |
| 238 | return |
| 239 | } |
| 240 | |
| 241 | //nolint:gocritic |
| 242 | dbUser, err := api.Database.GetUserByEmailOrUsername(dbauthz.AsSystemRestricted(ctx), database.GetUserByEmailOrUsernameParams{ |
| 243 | Email: email, |
| 244 | Username: sUser.UserName, |
| 245 | }) |
| 246 | if err != nil && !xerrors.Is(err, sql.ErrNoRows) { |
| 247 | _ = handlerutil.WriteError(rw, err) // internal error |
| 248 | return |
| 249 | } |
| 250 | if err == nil { |
| 251 | sUser.ID = dbUser.ID.String() |
| 252 | sUser.UserName = dbUser.Username |
| 253 | |
| 254 | if *sUser.Active && dbUser.Status == database.UserStatusSuspended { |
| 255 | //nolint:gocritic |
| 256 | newUser, err := api.Database.UpdateUserStatus(dbauthz.AsSystemRestricted(r.Context()), database.UpdateUserStatusParams{ |
nothing calls this directly
no test coverage detected