Skip to content

Admin API for adding and removing upstream oauth links #4255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Apr 9, 2025
Merged

Admin API for adding and removing upstream oauth links #4255

merged 5 commits into from
Apr 9, 2025

Conversation

tonkku107
Copy link
Contributor

Includes link removal storage API from #3245 with the review comment addressed by me

@CLAassistant
Copy link

CLAassistant commented Mar 23, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

sandhose
sandhose requested changes Apr 8, 2025
View reviewed changes
Copy link
Member

@sandhose sandhose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very minor thing on the span in the repository, but other than that LGTM! Thanks a lot!

@tonkku107 tonkku107 requested a review from sandhose April 8, 2025 16:55
sandhose
sandhose requested changes Apr 8, 2025
View reviewed changes
Copy link
Member

@sandhose sandhose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I skimmed over it during my first review 😅

crates/handlers/src/admin/v1/upstream_oauth_links/add.rs Outdated
Comment on lines 122 to 143
let filter = UpstreamOAuthLinkFilter::new()
.for_user(&user)
.for_provider(&provider);
let count = repo.upstream_oauth_link().count(filter).await?;

if count > 0 {
return Err(RouteError::LinkAlreadyExists(
params.user_id,
params.provider_id,
));
}

let mut link = repo
.upstream_oauth_link()
.add(
&mut rng,
&clock,
&provider,
params.subject,
params.human_account_name,
)
.await?;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried locally, and one thing this doesn't check is the (provider, subject) unique constraint. The filter+count up there checks if the user already have a link with the provider, even though it's (relatively) valid to have multiple links with the same provider

There is also the question of what to do if there is an existing link for a given subject, but with no user associated. I think in this case we should use the existing link and associate it to the user?

So, I would change this whole block to:

  • not check for existing links on the user+provider
  • use UpstreamOAuthLinkRepository::find_by_subject to find an existing link for the given subject
    • if it doesn't exist, create it
    • if it exists but with no existing user associated, use the existing one and associate the user
    • if it exists but with the same user associated, use the existing one
    • if it exists but with another user associated, error out
  • if we created the link, return a 201 CREATED, else a 200 OK if we reused one

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have no idea how I missed the unassociated link case despite it staring at me right in the face. I'll fix that asap tomorrow

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in 7c4a9bf

if it exists but with the same user associated, use the existing one

I didn't think this made sense though. In that case the endpoint wouldn't do anything and I think that should be considered a failure case.

@tonkku107 tonkku107 force-pushed the admin-api-upstream-oauth branch from 0282578 to bb0e355 Compare April 9, 2025 07:11
@tonkku107 tonkku107 force-pushed the admin-api-upstream-oauth branch from bb0e355 to 7c4a9bf Compare April 9, 2025 07:27
@tonkku107 tonkku107 requested a review from sandhose April 9, 2025 07:47
sandhose
sandhose approved these changes Apr 9, 2025
View reviewed changes
Copy link
Member

@sandhose sandhose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@sandhose sandhose merged commit 2b81c8a into element-hq:main Apr 9, 2025
20 checks passed
@tonkku107 tonkku107 deleted the admin-api-upstream-oauth branch April 9, 2025 11:34
@sandhose sandhose added A-Admin-API Related to the admin API T-Enhancement New feature of request labels Apr 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sandhose sandhose sandhose approved these changes

Assignees

No one assigned

Labels

A-Admin-API Related to the admin API T-Enhancement New feature of request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tonkku107 @CLAassistant @sandhose @MTRNord