MCPcopy Index your code
hub / github.com/coder/coder / scimPutUser

Method scimPutUser

enterprise/coderd/scim.go:432–512  ·  view source on GitHub ↗

scimPutUser supports suspending and activating users only. TODO: SCIM specification requires that the PUT method should replace the entire user object. At present, our fields read as 'immutable' except for the 'active' field. See: https://datatracker.ietf.org/doc/html/rfc7644#section-3.5.1 @Summary

(rw http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

430// @Success 200 {object} codersdk.User
431// @Router /scim/v2/Users/{id} [put]
432func (api *API) scimPutUser(rw http.ResponseWriter, r *http.Request) {
433 ctx := r.Context()
434 if !api.scimVerifyAuthHeader(r) {
435 scimUnauthorized(rw)
436 return
437 }
438
439 auditor := *api.AGPL.Auditor.Load()
440 aReq, commitAudit := audit.InitRequestWithCancel[database.User](rw, &audit.RequestParams{
441 Audit: auditor,
442 Log: api.Logger,
443 Request: r,
444 Action: database.AuditActionWrite,
445 })
446
447 defer commitAudit(true)
448
449 id := chi.URLParam(r, "id")
450
451 var sUser SCIMUser
452 err := json.NewDecoder(r.Body).Decode(&sUser)
453 if err != nil {
454 _ = handlerutil.WriteError(rw, scim.NewHTTPError(http.StatusBadRequest, "invalidRequest", err))
455 return
456 }
457 sUser.ID = id
458 if sUser.Active == nil {
459 _ = handlerutil.WriteError(rw, scim.NewHTTPError(http.StatusBadRequest, "invalidRequest", xerrors.New("active field is required")))
460 return
461 }
462
463 uid, err := uuid.Parse(id)
464 if err != nil {
465 _ = handlerutil.WriteError(rw, scim.NewHTTPError(http.StatusBadRequest, "invalidId", xerrors.Errorf("id must be a uuid: %w", err)))
466 return
467 }
468
469 //nolint:gocritic // needed for SCIM
470 dbUser, err := api.Database.GetUserByID(dbauthz.AsSystemRestricted(ctx), uid)
471 if err != nil {
472 _ = handlerutil.WriteError(rw, err) // internal error
473 return
474 }
475 aReq.Old = dbUser
476 aReq.UserID = dbUser.ID
477
478 // Technically our immutability rules dictate that we should not allow
479 // fields to be changed. According to the SCIM specification, this error should
480 // be returned.
481 // This immutability enforcement only exists because we have not implemented it
482 // yet. If these rules are causing errors, this code should be updated to allow
483 // the fields to be changed.
484 // TODO: Currently ignoring a lot of the SCIM fields. Coder's SCIM implementation
485 // is very basic and only supports active status changes.
486 if immutabilityViolation(dbUser.Username, sUser.UserName) {
487 _ = handlerutil.WriteError(rw, scim.NewHTTPError(http.StatusBadRequest, "mutability", xerrors.Errorf("username is currently an immutable field, and cannot be changed. Current: %s, New: %s", dbUser.Username, sUser.UserName)))
488 return
489 }

Callers

nothing calls this directly

Calls 15

scimVerifyAuthHeaderMethod · 0.95
InitRequestWithCancelFunction · 0.92
NewHTTPErrorFunction · 0.92
AsSystemRestrictedFunction · 0.92
NowFunction · 0.92
WriteFunction · 0.92
scimUnauthorizedFunction · 0.85
immutabilityViolationFunction · 0.85
scimUserStatusFunction · 0.85
ContextMethod · 0.65
NewMethod · 0.65
ParseMethod · 0.65

Tested by

no test coverage detected