Skip to content

Commit

Permalink
[auth] fix missing updates to dynamic login providers
Browse files Browse the repository at this point in the history
this primarily affects self-hosted installation where the `ownerId` is about to change during the initial setup of the login/git provider.
  • Loading branch information
AlexTugarev authored and roboquat committed Mar 31, 2022
1 parent ff4faf6 commit bf3bddf
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 14 deletions.
2 changes: 1 addition & 1 deletion components/gitpod-db/src/auth-provider-entry.spec.db.ts
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ export class AuthProviderEntryDBSpec {
const loadedAp = await this.db.findByHost(ap.host);
expect(loadedAp, "findByHost()").to.deep.equal(ap);
expect(loadedAp?.oauthRevision, "findByHost()").to.equal(
"e05ea6fab8efcaba4b3246c2b2d3931af897c3bc2c1cf075c31614f0954f9840",
"b05eb3256a101f6cbca1d8885c8ee241891582e78c567b7305f097ab3556d5f0",
);
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ export class AuthProviderEntryDBImpl implements AuthProviderEntryDB {
async storeAuthProvider(ap: AuthProviderEntry, updateOAuthRevision: boolean): Promise<AuthProviderEntry> {
const repo = await this.getAuthProviderRepo();
if (updateOAuthRevision) {
(ap.oauthRevision as any) = this.oauthContentHash(ap.oauth);
(ap.oauthRevision as any) = this.oauthContentHash(ap);
}
return repo.save(ap);
}
Expand Down Expand Up @@ -91,8 +91,10 @@ export class AuthProviderEntryDBImpl implements AuthProviderEntryDB {
return query.getMany();
}

protected oauthContentHash(oauth: AuthProviderEntry["oauth"]): string {
const result = createHash("sha256").update(JSON.stringify(oauth)).digest("hex");
protected oauthContentHash(entry: AuthProviderEntry): string {
const result = createHash("sha256")
.update(JSON.stringify({ oauth: entry.oauth, ownerId: entry.ownerId, status: entry.status }))
.digest("hex");
return result;
}
}
16 changes: 8 additions & 8 deletions components/server/src/auth/host-context-provider-impl.ts
Original file line number Diff line number Diff line change
Expand Up @@ -84,17 +84,17 @@ export class HostContextProviderImpl implements HostContextProvider {
const existingContext = this.dynamicHosts.get(host);
const existingConfig = existingContext && existingContext.authProvider.params;
if (existingConfig && config.id === existingConfig.id) {
if (existingConfig.host !== config.host) {
const sameHost = config.host === existingConfig.host;
if (!sameHost) {
log.warn("Ignoring host update for dynamic Auth Provider: " + host, { config, existingConfig });
continue;
}
if (existingConfig.status === config.status) {
if (!!config.oauthRevision && existingConfig.oauthRevision === config.oauthRevision) {
continue;
}
if (JSON.stringify(existingConfig.oauth) === JSON.stringify(config.oauth)) {
continue;
}
const sameOwner = config.ownerId === existingConfig.ownerId;
const sameStatus = config.status === existingConfig.status;
const sameOAuthRevision =
!!config.oauthRevision && existingConfig.oauthRevision === config.oauthRevision;
if (sameOwner && sameStatus && sameOAuthRevision) {
continue;
}
log.debug("Updating existing dynamic Auth Provider: " + host, { config, existingConfig });
} else {
Expand Down
4 changes: 2 additions & 2 deletions components/server/src/auth/login-completion-handler.ts
Original file line number Diff line number Diff line change
Expand Up @@ -105,10 +105,10 @@ export class LoginCompletionHandler {
const hostCtx = this.hostContextProvider.get(hostname);
if (hostCtx) {
const { params: config } = hostCtx.authProvider;
const { id, verified, ownerId, builtin } = config;
const { id, verified, builtin } = config;
if (!builtin && !verified) {
try {
await this.authProviderService.markAsVerified({ id, ownerId });
await this.authProviderService.markAsVerified({ id, ownerId: user.id });
} catch (error) {
log.error(LogContext.from({ user }), `Failed to mark AuthProvider as verified!`, { error });
}
Expand Down

0 comments on commit bf3bddf

Please sign in to comment.