From 22f0fa7ea76f4ed956d5fc2bad15b8148ce966df Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Tue, 13 Jun 2023 11:27:30 -0500 Subject: [PATCH 1/8] feat: add login type 'none' to prevent login Users with this login type must use tokens to authenticate. Tokens must come from some other source, not a /login with password authentication --- coderd/database/dump.sql | 5 ++++- coderd/database/models.go | 6 +++++- coderd/users.go | 29 +++++++++++++++++++++-------- codersdk/users.go | 9 ++++++--- 4 files changed, 36 insertions(+), 13 deletions(-) diff --git a/coderd/database/dump.sql b/coderd/database/dump.sql index 174e6d42aa0d9..a4e796e1f60e2 100644 --- a/coderd/database/dump.sql +++ b/coderd/database/dump.sql @@ -45,9 +45,12 @@ CREATE TYPE login_type AS ENUM ( 'password', 'github', 'oidc', - 'token' + 'token', + 'none' ); +COMMENT ON TYPE login_type IS 'Specifies the method of authentication. "none" is a special case in which no authentication method is allowed.'; + CREATE TYPE parameter_destination_scheme AS ENUM ( 'none', 'environment_variable', diff --git a/coderd/database/models.go b/coderd/database/models.go index 558e1c51a94d7..5b90d7c1f0e6e 100644 --- a/coderd/database/models.go +++ b/coderd/database/models.go @@ -398,6 +398,7 @@ func AllLogSourceValues() []LogSource { } } +// Specifies the method of authentication. "none" is a special case in which no authentication method is allowed. type LoginType string const ( @@ -405,6 +406,7 @@ const ( LoginTypeGithub LoginType = "github" LoginTypeOIDC LoginType = "oidc" LoginTypeToken LoginType = "token" + LoginTypeNone LoginType = "none" ) func (e *LoginType) Scan(src interface{}) error { @@ -447,7 +449,8 @@ func (e LoginType) Valid() bool { case LoginTypePassword, LoginTypeGithub, LoginTypeOIDC, - LoginTypeToken: + LoginTypeToken, + LoginTypeNone: return true } return false @@ -459,6 +462,7 @@ func AllLoginTypeValues() []LoginType { LoginTypeGithub, LoginTypeOIDC, LoginTypeToken, + LoginTypeNone, } } diff --git a/coderd/users.go b/coderd/users.go index 04283aa9b0716..0d35ff923c9e7 100644 --- a/coderd/users.go +++ b/coderd/users.go @@ -351,21 +351,34 @@ func (api *API) postUser(rw http.ResponseWriter, r *http.Request) { } } - err = userpassword.Validate(req.Password) - if err != nil { + if req.DisableLogin && req.Password != "" { httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ - Message: "Password not strong enough!", - Validations: []codersdk.ValidationError{{ - Field: "password", - Detail: err.Error(), - }}, + Message: "Cannot set password when disabling login.", }) return } + var loginType database.LoginType = "unknown" + if req.DisableLogin { + loginType = database.LoginTypeNone + } else { + err = userpassword.Validate(req.Password) + if err != nil { + httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ + Message: "Password not strong enough!", + Validations: []codersdk.ValidationError{{ + Field: "password", + Detail: err.Error(), + }}, + }) + return + } + loginType = database.LoginTypePassword + } + user, _, err := api.CreateUser(ctx, api.Database, CreateUserRequest{ CreateUserRequest: req, - LoginType: database.LoginTypePassword, + LoginType: loginType, }) if dbauthz.IsNotAuthorizedError(err) { httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{ diff --git a/codersdk/users.go b/codersdk/users.go index 157d3ef03cc5e..dcf93d28f457f 100644 --- a/codersdk/users.go +++ b/codersdk/users.go @@ -66,9 +66,12 @@ type CreateFirstUserResponse struct { } type CreateUserRequest struct { - Email string `json:"email" validate:"required,email" format:"email"` - Username string `json:"username" validate:"required,username"` - Password string `json:"password" validate:"required"` + Email string `json:"email" validate:"required,email" format:"email"` + Username string `json:"username" validate:"required,username"` + Password string `json:"password" validate:"required"` + // DisableLogin sets the user's login type to 'none'. This prevents the user + // from being able to use a password or any other authentication method to login. + DisableLogin bool `json:"disable_login"` OrganizationID uuid.UUID `json:"organization_id" validate:"" format:"uuid"` } From f43212731487e410e2b68a19b453664b4289f493 Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Tue, 13 Jun 2023 12:44:53 -0500 Subject: [PATCH 2/8] forgot to commit migration --- cli/usercreate.go | 23 +++++++++++++++---- .../000126_login_type_none.down.sql | 2 ++ .../migrations/000126_login_type_none.up.sql | 3 +++ codersdk/users.go | 2 +- site/src/api/typesGenerated.ts | 1 + .../CreateUserForm/CreateUserForm.tsx | 1 + 6 files changed, 26 insertions(+), 6 deletions(-) create mode 100644 coderd/database/migrations/000126_login_type_none.down.sql create mode 100644 coderd/database/migrations/000126_login_type_none.up.sql diff --git a/cli/usercreate.go b/cli/usercreate.go index eac6cc9e84bd8..b3134eb70dd4b 100644 --- a/cli/usercreate.go +++ b/cli/usercreate.go @@ -14,9 +14,10 @@ import ( func (r *RootCmd) userCreate() *clibase.Cmd { var ( - email string - username string - password string + email string + username string + password string + disableLogin bool ) client := new(codersdk.Client) cmd := &clibase.Cmd{ @@ -53,7 +54,7 @@ func (r *RootCmd) userCreate() *clibase.Cmd { return err } } - if password == "" { + if password == "" && !disableLogin { password, err = cryptorand.StringCharset(cryptorand.Human, 20) if err != nil { return err @@ -65,10 +66,16 @@ func (r *RootCmd) userCreate() *clibase.Cmd { Username: username, Password: password, OrganizationID: organization.ID, + DisableLogin: disableLogin, }) if err != nil { return err } + authenticationMethod := `Your password is: ` + cliui.DefaultStyles.Field.Render(password) + if disableLogin { + authenticationMethod = "Login has been disabled for this user. Contact your administrator to authenticate." + } + _, _ = fmt.Fprintln(inv.Stderr, `A new user has been created! Share the instructions below to get them started. `+cliui.DefaultStyles.Placeholder.Render("—————————————————————————————————————————————————")+` @@ -78,7 +85,7 @@ https://github.com/coder/coder/releases Run `+cliui.DefaultStyles.Code.Render("coder login "+client.URL.String())+` to authenticate. Your email is: `+cliui.DefaultStyles.Field.Render(email)+` -Your password is: `+cliui.DefaultStyles.Field.Render(password)+` +`+authenticationMethod+` Create a workspace `+cliui.DefaultStyles.Code.Render("coder create")+`!`) return nil @@ -103,6 +110,12 @@ Create a workspace `+cliui.DefaultStyles.Code.Render("coder create")+`!`) Description: "Specifies a password for the new user.", Value: clibase.StringOf(&password), }, + { + Flag: "disable-login", + Description: "Disabling login for a user prevents the user from authenticating themselves via a login. Authentication would require an api keys/token. " + + "Be careful when using this flag as it can lock the user out of their account.", + Value: clibase.BoolOf(&disableLogin), + }, } return cmd } diff --git a/coderd/database/migrations/000126_login_type_none.down.sql b/coderd/database/migrations/000126_login_type_none.down.sql new file mode 100644 index 0000000000000..d1d1637f4fa90 --- /dev/null +++ b/coderd/database/migrations/000126_login_type_none.down.sql @@ -0,0 +1,2 @@ +-- It's not possible to drop enum values from enum types, so the UP has "IF NOT +-- EXISTS". diff --git a/coderd/database/migrations/000126_login_type_none.up.sql b/coderd/database/migrations/000126_login_type_none.up.sql new file mode 100644 index 0000000000000..75235e7d9c6ea --- /dev/null +++ b/coderd/database/migrations/000126_login_type_none.up.sql @@ -0,0 +1,3 @@ +ALTER TYPE login_type ADD VALUE IF NOT EXISTS 'none'; + +COMMENT ON TYPE login_type IS 'Specifies the method of authentication. "none" is a special case in which no authentication method is allowed.'; diff --git a/codersdk/users.go b/codersdk/users.go index dcf93d28f457f..05838a792c370 100644 --- a/codersdk/users.go +++ b/codersdk/users.go @@ -68,7 +68,7 @@ type CreateFirstUserResponse struct { type CreateUserRequest struct { Email string `json:"email" validate:"required,email" format:"email"` Username string `json:"username" validate:"required,username"` - Password string `json:"password" validate:"required"` + Password string `json:"password" validate:"required_if=DisableLogin false"` // DisableLogin sets the user's login type to 'none'. This prevents the user // from being able to use a password or any other authentication method to login. DisableLogin bool `json:"disable_login"` diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts index dea9dd74080ff..2aa60e43df42c 100644 --- a/site/src/api/typesGenerated.ts +++ b/site/src/api/typesGenerated.ts @@ -223,6 +223,7 @@ export interface CreateUserRequest { readonly email: string readonly username: string readonly password: string + readonly disable_login: boolean readonly organization_id: string } diff --git a/site/src/components/CreateUserForm/CreateUserForm.tsx b/site/src/components/CreateUserForm/CreateUserForm.tsx index f675f87de07f5..0d3c7fcec77c8 100644 --- a/site/src/components/CreateUserForm/CreateUserForm.tsx +++ b/site/src/components/CreateUserForm/CreateUserForm.tsx @@ -50,6 +50,7 @@ export const CreateUserForm: FC< password: "", username: "", organization_id: myOrgId, + disable_login: false, }, validationSchema, onSubmit, From ce9d54c6ff61e150593ef192a1a2d06b8777d84c Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Tue, 13 Jun 2023 13:00:13 -0500 Subject: [PATCH 3/8] add unit test --- coderd/coderdtest/coderdtest.go | 39 +++++++++++++++++++++++++-------- coderd/userauth_test.go | 16 ++++++++++++++ 2 files changed, 46 insertions(+), 9 deletions(-) diff --git a/coderd/coderdtest/coderdtest.go b/coderd/coderdtest/coderdtest.go index f0c57552087cf..ebf98845e7890 100644 --- a/coderd/coderdtest/coderdtest.go +++ b/coderd/coderdtest/coderdtest.go @@ -497,16 +497,23 @@ func CreateFirstUser(t testing.TB, client *codersdk.Client) codersdk.CreateFirst // CreateAnotherUser creates and authenticates a new user. func CreateAnotherUser(t *testing.T, client *codersdk.Client, organizationID uuid.UUID, roles ...string) (*codersdk.Client, codersdk.User) { - return createAnotherUserRetry(t, client, organizationID, 5, roles...) + return createAnotherUserRetry(t, client, organizationID, 5, roles) } -func createAnotherUserRetry(t *testing.T, client *codersdk.Client, organizationID uuid.UUID, retries int, roles ...string) (*codersdk.Client, codersdk.User) { +func CreateAnotherUserMutators(t *testing.T, client *codersdk.Client, organizationID uuid.UUID, roles []string, mutators ...func(r *codersdk.CreateUserRequest)) (*codersdk.Client, codersdk.User) { + return createAnotherUserRetry(t, client, organizationID, 5, roles, mutators...) +} + +func createAnotherUserRetry(t *testing.T, client *codersdk.Client, organizationID uuid.UUID, retries int, roles []string, mutators ...func(r *codersdk.CreateUserRequest)) (*codersdk.Client, codersdk.User) { req := codersdk.CreateUserRequest{ Email: namesgenerator.GetRandomName(10) + "@coder.com", Username: randomUsername(t), Password: "SomeSecurePassword!", OrganizationID: organizationID, } + for _, m := range mutators { + m(&req) + } user, err := client.CreateUser(context.Background(), req) var apiError *codersdk.Error @@ -514,19 +521,33 @@ func createAnotherUserRetry(t *testing.T, client *codersdk.Client, organizationI if err != nil && retries >= 0 && xerrors.As(err, &apiError) { if apiError.StatusCode() == http.StatusConflict { retries-- - return createAnotherUserRetry(t, client, organizationID, retries, roles...) + return createAnotherUserRetry(t, client, organizationID, retries, roles) } } require.NoError(t, err) - login, err := client.LoginWithPassword(context.Background(), codersdk.LoginWithPasswordRequest{ - Email: req.Email, - Password: req.Password, - }) - require.NoError(t, err) + var sessionToken string + if !req.DisableLogin { + login, err := client.LoginWithPassword(context.Background(), codersdk.LoginWithPasswordRequest{ + Email: req.Email, + Password: req.Password, + }) + require.NoError(t, err) + sessionToken = login.SessionToken + } else { + // Cannot log in with a disabled login user. So make it an api key from + // the client making this user. + token, err := client.CreateToken(context.Background(), user.ID.String(), codersdk.CreateTokenRequest{ + Lifetime: time.Hour * 24, + Scope: codersdk.APIKeyScopeAll, + TokenName: "no-password-user-token", + }) + require.NoError(t, err) + sessionToken = token.Key + } other := codersdk.New(client.URL) - other.SetSessionToken(login.SessionToken) + other.SetSessionToken(sessionToken) t.Cleanup(func() { other.HTTPClient.CloseIdleConnections() }) diff --git a/coderd/userauth_test.go b/coderd/userauth_test.go index 1723edb51ef32..4af69271cf6af 100644 --- a/coderd/userauth_test.go +++ b/coderd/userauth_test.go @@ -56,6 +56,22 @@ func TestUserLogin(t *testing.T) { require.ErrorAs(t, err, &apiErr) require.Equal(t, http.StatusUnauthorized, apiErr.StatusCode()) }) + // Password auth should fail if the user is made without password login. + t.Run("LoginTypeNone", func(t *testing.T) { + t.Parallel() + client := coderdtest.New(t, nil) + user := coderdtest.CreateFirstUser(t, client) + anotherClient, anotherUser := coderdtest.CreateAnotherUserMutators(t, client, user.OrganizationID, nil, func(r *codersdk.CreateUserRequest) { + r.Password = "" + r.DisableLogin = true + }) + + _, err := anotherClient.LoginWithPassword(context.Background(), codersdk.LoginWithPasswordRequest{ + Email: anotherUser.Email, + Password: "SomeSecurePassword!", + }) + require.Error(t, err) + }) } func TestUserAuthMethods(t *testing.T) { From 0db445029340e0864c2c0666c7d21c58bbedfe8b Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Tue, 13 Jun 2023 13:37:02 -0500 Subject: [PATCH 4/8] Make gen --- coderd/apidoc/docs.go | 11 ++++++++--- coderd/apidoc/swagger.json | 11 ++++++++--- coderd/database/querier.go | 2 +- coderd/users.go | 2 +- codersdk/apikey.go | 5 +++++ docs/api/schemas.md | 15 +++++++++------ docs/api/users.md | 1 + docs/cli/users_create.md | 8 ++++++++ site/src/api/typesGenerated.ts | 10 ++++++++-- 9 files changed, 49 insertions(+), 16 deletions(-) diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go index c29243d6c6e1a..49f986ddbff46 100644 --- a/coderd/apidoc/docs.go +++ b/coderd/apidoc/docs.go @@ -6855,10 +6855,13 @@ const docTemplate = `{ "type": "object", "required": [ "email", - "password", "username" ], "properties": { + "disable_login": { + "description": "DisableLogin sets the user's login type to 'none'. This prevents the user\nfrom being able to use a password or any other authentication method to login.", + "type": "boolean" + }, "email": { "type": "string", "format": "email" @@ -7617,13 +7620,15 @@ const docTemplate = `{ "password", "github", "oidc", - "token" + "token", + "none" ], "x-enum-varnames": [ "LoginTypePassword", "LoginTypeGithub", "LoginTypeOIDC", - "LoginTypeToken" + "LoginTypeToken", + "LoginTypeNone" ] }, "codersdk.LoginWithPasswordRequest": { diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json index 38f72a070b17b..1a71db9c832d5 100644 --- a/coderd/apidoc/swagger.json +++ b/coderd/apidoc/swagger.json @@ -6103,8 +6103,12 @@ }, "codersdk.CreateUserRequest": { "type": "object", - "required": ["email", "password", "username"], + "required": ["email", "username"], "properties": { + "disable_login": { + "description": "DisableLogin sets the user's login type to 'none'. This prevents the user\nfrom being able to use a password or any other authentication method to login.", + "type": "boolean" + }, "email": { "type": "string", "format": "email" @@ -6814,12 +6818,13 @@ }, "codersdk.LoginType": { "type": "string", - "enum": ["password", "github", "oidc", "token"], + "enum": ["password", "github", "oidc", "token", "none"], "x-enum-varnames": [ "LoginTypePassword", "LoginTypeGithub", "LoginTypeOIDC", - "LoginTypeToken" + "LoginTypeToken", + "LoginTypeNone" ] }, "codersdk.LoginWithPasswordRequest": { diff --git a/coderd/database/querier.go b/coderd/database/querier.go index c427ac768c79f..9a0cc71fc3afb 100644 --- a/coderd/database/querier.go +++ b/coderd/database/querier.go @@ -1,6 +1,6 @@ // Code generated by sqlc. DO NOT EDIT. // versions: -// sqlc v1.17.2 +// sqlc v1.18.0 package database diff --git a/coderd/users.go b/coderd/users.go index 0d35ff923c9e7..7cb05dacacd60 100644 --- a/coderd/users.go +++ b/coderd/users.go @@ -358,7 +358,7 @@ func (api *API) postUser(rw http.ResponseWriter, r *http.Request) { return } - var loginType database.LoginType = "unknown" + var loginType database.LoginType if req.DisableLogin { loginType = database.LoginTypeNone } else { diff --git a/codersdk/apikey.go b/codersdk/apikey.go index 82f26d5585b5d..95f9458043e87 100644 --- a/codersdk/apikey.go +++ b/codersdk/apikey.go @@ -32,6 +32,11 @@ const ( LoginTypeGithub LoginType = "github" LoginTypeOIDC LoginType = "oidc" LoginTypeToken LoginType = "token" + // LoginTypeNone is used if no login method is available for this user. + // If this is set, the user has no method of logging in. + // API keys can still be created by an owner and used by the user. + // These keys would use the `LoginTypeToken` type. + LoginTypeNone LoginType = "none" ) type APIKeyScope string diff --git a/docs/api/schemas.md b/docs/api/schemas.md index e4fd03c5cd0b7..49929579f1773 100644 --- a/docs/api/schemas.md +++ b/docs/api/schemas.md @@ -1517,6 +1517,7 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in ```json { + "disable_login": true, "email": "user@example.com", "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6", "password": "string", @@ -1526,12 +1527,13 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in ### Properties -| Name | Type | Required | Restrictions | Description | -| ----------------- | ------ | -------- | ------------ | ----------- | -| `email` | string | true | | | -| `organization_id` | string | false | | | -| `password` | string | true | | | -| `username` | string | true | | | +| Name | Type | Required | Restrictions | Description | +| ----------------- | ------- | -------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `disable_login` | boolean | false | | Disable login sets the user's login type to 'none'. This prevents the user from being able to use a password or any other authentication method to login. | +| `email` | string | true | | | +| `organization_id` | string | false | | | +| `password` | string | false | | | +| `username` | string | true | | | ## codersdk.CreateWorkspaceBuildRequest @@ -2825,6 +2827,7 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in | `github` | | `oidc` | | `token` | +| `none` | ## codersdk.LoginWithPasswordRequest diff --git a/docs/api/users.md b/docs/api/users.md index 4c055609d093d..44b3467363361 100644 --- a/docs/api/users.md +++ b/docs/api/users.md @@ -76,6 +76,7 @@ curl -X POST http://coder-server:8080/api/v2/users \ ```json { + "disable_login": true, "email": "user@example.com", "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6", "password": "string", diff --git a/docs/cli/users_create.md b/docs/cli/users_create.md index caa3c233708d2..5263137ddb5f5 100644 --- a/docs/cli/users_create.md +++ b/docs/cli/users_create.md @@ -10,6 +10,14 @@ coder users create [flags] ## Options +### --disable-login + +| | | +| ---- | ----------------- | +| Type | bool | + +Disabling login for a user prevents the user from authenticating themselves via a login. Authentication would require an api keys/token. Be careful when using this flag as it can lock the user out of their account. + ### -e, --email | | | diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts index 2aa60e43df42c..33331cd1b6262 100644 --- a/site/src/api/typesGenerated.ts +++ b/site/src/api/typesGenerated.ts @@ -1396,8 +1396,14 @@ export type LogSource = "provisioner" | "provisioner_daemon" export const LogSources: LogSource[] = ["provisioner", "provisioner_daemon"] // From codersdk/apikey.go -export type LoginType = "github" | "oidc" | "password" | "token" -export const LoginTypes: LoginType[] = ["github", "oidc", "password", "token"] +export type LoginType = "github" | "none" | "oidc" | "password" | "token" +export const LoginTypes: LoginType[] = [ + "github", + "none", + "oidc", + "password", + "token", +] // From codersdk/provisionerdaemons.go export type ProvisionerJobStatus = From ab0d1d2fd79895f3383ae2747f2041e8009e6334 Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Tue, 13 Jun 2023 18:48:47 +0000 Subject: [PATCH 5/8] Make gen --- coderd/database/querier.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/coderd/database/querier.go b/coderd/database/querier.go index 9a0cc71fc3afb..c427ac768c79f 100644 --- a/coderd/database/querier.go +++ b/coderd/database/querier.go @@ -1,6 +1,6 @@ // Code generated by sqlc. DO NOT EDIT. // versions: -// sqlc v1.18.0 +// sqlc v1.17.2 package database From ca1cf2d0dcf4a6cebb0310bf34c0d2508d4fe5ea Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Tue, 13 Jun 2023 19:04:33 +0000 Subject: [PATCH 6/8] update golden files --- cli/testdata/coder_users_create_--help.golden | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cli/testdata/coder_users_create_--help.golden b/cli/testdata/coder_users_create_--help.golden index 1571d8cefe4ca..c8d4114f3e22d 100644 --- a/cli/testdata/coder_users_create_--help.golden +++ b/cli/testdata/coder_users_create_--help.golden @@ -1,6 +1,12 @@ Usage: coder users create [flags] Options + --disable-login bool + Disabling login for a user prevents the user from authenticating + themselves via a login. Authentication would require an api + keys/token. Be careful when using this flag as it can lock the user + out of their account. + -e, --email string Specifies an email address for the new user. From 03299a35e3b3a5378637a6ee9ee66e532b6d706c Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Tue, 13 Jun 2023 15:01:39 -0500 Subject: [PATCH 7/8] Update cli/usercreate.go Co-authored-by: Dean Sheather --- cli/usercreate.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/usercreate.go b/cli/usercreate.go index b3134eb70dd4b..b38bbb2d6401f 100644 --- a/cli/usercreate.go +++ b/cli/usercreate.go @@ -112,7 +112,7 @@ Create a workspace `+cliui.DefaultStyles.Code.Render("coder create")+`!`) }, { Flag: "disable-login", - Description: "Disabling login for a user prevents the user from authenticating themselves via a login. Authentication would require an api keys/token. " + + Description: "Disabling login for a user prevents the user from authenticating via password or IdP login. Authentication requires an API key/token generated by an admin. " + "Be careful when using this flag as it can lock the user out of their account.", Value: clibase.BoolOf(&disableLogin), }, From 94502d6c907ea18a9e611c49843a63745da4c7d7 Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Wed, 14 Jun 2023 16:08:14 +0000 Subject: [PATCH 8/8] Golden files --- cli/testdata/coder_users_create_--help.golden | 8 ++++---- docs/cli/users_create.md | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cli/testdata/coder_users_create_--help.golden b/cli/testdata/coder_users_create_--help.golden index c8d4114f3e22d..bb94cac633bc0 100644 --- a/cli/testdata/coder_users_create_--help.golden +++ b/cli/testdata/coder_users_create_--help.golden @@ -2,10 +2,10 @@ Usage: coder users create [flags] Options --disable-login bool - Disabling login for a user prevents the user from authenticating - themselves via a login. Authentication would require an api - keys/token. Be careful when using this flag as it can lock the user - out of their account. + Disabling login for a user prevents the user from authenticating via + password or IdP login. Authentication requires an API key/token + generated by an admin. Be careful when using this flag as it can lock + the user out of their account. -e, --email string Specifies an email address for the new user. diff --git a/docs/cli/users_create.md b/docs/cli/users_create.md index 5263137ddb5f5..2eb78318ffa0a 100644 --- a/docs/cli/users_create.md +++ b/docs/cli/users_create.md @@ -16,7 +16,7 @@ coder users create [flags] | ---- | ----------------- | | Type | bool | -Disabling login for a user prevents the user from authenticating themselves via a login. Authentication would require an api keys/token. Be careful when using this flag as it can lock the user out of their account. +Disabling login for a user prevents the user from authenticating via password or IdP login. Authentication requires an API key/token generated by an admin. Be careful when using this flag as it can lock the user out of their account. ### -e, --email pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy