Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(api,cli): admin can update username #6508

Merged
merged 1 commit into from
Mar 15, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions cli/cdsctl/admin_user.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,41 @@ var adminUsersCmd = cli.Command{
func adminUsers() *cobra.Command {
return cli.NewCommand(adminUsersCmd, nil, []*cobra.Command{
cli.NewCommand(adminUserSetOrganizationCmd, adminUserSetOrganizationRun, nil),
cli.NewCommand(adminUserRenameCmd, adminUserRenameRun, nil),
})
}

var adminUserRenameCmd = cli.Command{
Name: "rename",
Short: "Rename a given user",
Args: []cli.Arg{
{
Name: "username",
},
{
Name: "new-username",
},
},
}

func adminUserRenameRun(v cli.Values) error {
ctx := context.Background()
username := v.GetString("username")
usernameNew := v.GetString("new-username")

u, err := client.UserGet(ctx, username)
if err != nil {
return err
}
u.Username = usernameNew
if err := client.UserUpdate(ctx, username, u); err != nil {
return err
}

fmt.Printf("User %q has been renamed to %q\n", username, usernameNew)
return nil
}

var adminUserSetOrganizationCmd = cli.Command{
Name: "set-organization",
Short: "Set organization for given user",
Expand Down
3 changes: 3 additions & 0 deletions engine/api/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,9 @@ func (api *API) postAuthSigninHandler() service.Handler {
return err
}

ctx = context.WithValue(ctx, cdslog.AuthUsername, userInfo.Username)
SetTracker(w, cdslog.AuthUsername, userInfo.Username)

tx, err := api.mustDB().Begin()
if err != nil {
return sdk.WithStack(err)
Expand Down
14 changes: 13 additions & 1 deletion engine/api/user.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,18 @@ func (api *API) putUserHandler() service.Handler {
}

newUser := *oldUser

if oldUser.Username != data.Username {
// Only an admin can change the username
if isAdmin(ctx) {
trackSudo(ctx, w)
log.Info(ctx, "putUserHandler> %s change username of user %s from %s to %s", consumer.AuthConsumerUser.AuthentifiedUserID, oldUser.ID, oldUser.Username, data.Username)
newUser.Username = data.Username
} else {
return sdk.WithStack(sdk.ErrForbidden)
}
}

newUser.Fullname = data.Fullname

// Only an admin can change the ring of a user
Expand Down Expand Up @@ -116,7 +128,7 @@ func (api *API) putUserHandler() service.Handler {
}

newUser.Ring = data.Ring
log.Debug(ctx, "putUserHandler> %s change ring of user %s from %s to %s", consumer.AuthConsumerUser.AuthentifiedUserID, oldUser.ID, oldUser.Ring, newUser.Ring)
log.Info(ctx, "putUserHandler> %s change ring of user %s from %s to %s", consumer.AuthConsumerUser.AuthentifiedUserID, oldUser.ID, oldUser.Ring, newUser.Ring)
}

if err := user.Update(ctx, tx, &newUser); err != nil {
Expand Down
38 changes: 36 additions & 2 deletions engine/api/user_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,11 +81,11 @@ func Test_putUserHandler(t *testing.T) {
ExpectedStatus int
}{
{
Name: "A lambda user can't change username but can change fullname",
Name: "A lambda user can change fullname",
JWT: jwtInitialRaw,
TargetUsername: initial.Username,
Data: sdk.AuthentifiedUser{
Username: sdk.RandomString(10),
Username: initial.Username,
Fullname: initialNewFullname,
Ring: initial.Ring,
},
Expand All @@ -97,6 +97,23 @@ func Test_putUserHandler(t *testing.T) {
},
ExpectedStatus: http.StatusOK,
},
{
Name: "A lambda user can't change username",
JWT: jwtInitialRaw,
TargetUsername: initial.Username,
Data: sdk.AuthentifiedUser{
Username: sdk.RandomString(10),
Fullname: initialNewFullname,
Ring: initial.Ring,
},
Expected: sdk.AuthentifiedUser{
Username: initial.Username,
Fullname: initialNewFullname,
Ring: initial.Ring,
Organization: "default",
},
ExpectedStatus: http.StatusForbidden,
},
{
Name: "A lambda user can't change its ring",
JWT: jwtInitialRaw,
Expand Down Expand Up @@ -190,6 +207,23 @@ func Test_putUserHandler(t *testing.T) {
},
ExpectedStatus: http.StatusForbidden,
},
{
Name: "A admin user can change username",
JWT: jwtAdmin2Raw,
TargetUsername: initial.Username,
Data: sdk.AuthentifiedUser{
Username: initial.Username + ".updated",
Fullname: initialNewFullname,
Ring: sdk.UserRingMaintainer,
},
Expected: sdk.AuthentifiedUser{
Username: initial.Username + ".updated",
Fullname: initialNewFullname,
Ring: sdk.UserRingMaintainer,
Organization: "default",
},
ExpectedStatus: http.StatusOK,
},
}

o := sdk.Organization{Name: "my-org"}
Expand Down