fix(guard): update allowed id providers (#405)

VeljkoMaksimovic · web-flow · commit 27b1f7f8e32b · 2025-06-20T15:01:51.000+02:00
## 📝 Description In order to support saml login links without making changes to the database, this is required renderedtext/tasks#8141 ## ✅ Checklist - [x] I have tested this change - [ ] This change requires documentation update
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 */out/*
 */*/out/*
 **/_wildcard*
+**/.tool-versions
diff --git a/github_hooks/db/migrate/20250619173719_set_default_allowed_id_providers_for_organizations.rb b/github_hooks/db/migrate/20250619173719_set_default_allowed_id_providers_for_organizations.rb
@@ -0,0 +1,11 @@
+class SetDefaultAllowedIdProvidersForOrganizations < ActiveRecord::Migration[5.1]
+  def up
+    # Set existing null values to the default
+    execute("UPDATE organizations SET allowed_id_providers = 'api_token,oidc' WHERE allowed_id_providers IS NULL OR allowed_id_providers = ''")
+    change_column_default :organizations, :allowed_id_providers, "api_token,oidc"
+  end
+
+  def down
+    change_column_default :organizations, :allowed_id_providers, nil
+  end
+end
diff --git a/guard/.tool-versions b/guard/.tool-versions
diff --git a/guard/docker-compose.yml b/guard/docker-compose.yml
@@ -3,7 +3,7 @@ version: '3.6'
 services:
   app:
     container_name: guard
-    image: ${IMAGE:-guard}:${TAG:-latest}
+    image: ${IMAGE:-guard}:${TAG:-test}
     build:
       context: ..
       cache_from:
diff --git a/guard/lib/guard/grpc_servers/organization_server.ex b/guard/lib/guard/grpc_servers/organization_server.ex
@@ -485,6 +485,19 @@ defmodule Guard.GrpcServers.OrganizationServer do
             ip_allow_list: Enum.join(proto_org.ip_allow_list, ",")
           }
 
+          attrs =
+            case proto_org.allowed_id_providers do
+              [_head | _tail] ->
+                Map.put(
+                  attrs,
+                  :allowed_id_providers,
+                  Enum.join(proto_org.allowed_id_providers, ",")
+                )
+
+              _ ->
+                attrs
+            end
+
           case Guard.Store.Organization.update(organization, attrs) do
             {:ok, updated_org} ->
               %Organization.UpdateResponse{
diff --git a/guard/test/guard/grpc_servers/organization_server_test.exs b/guard/test/guard/grpc_servers/organization_server_test.exs
@@ -1530,6 +1530,55 @@ defmodule Guard.GrpcServers.OrganizationServerTest do
       assert org.ip_allow_list == "192.168.1.1,192.168.1.2"
     end
 
+    test "updates allowed_id_providers when non-empty list is provided", %{
+      grpc_channel: channel,
+      organization: organization
+    } do
+      assert organization.allowed_id_providers == "api_token,oidc"
+
+      req =
+        Organization.UpdateRequest.new(
+          organization:
+            Organization.Organization.new(
+              org_id: organization.id,
+              name: organization.name,
+              org_username: organization.username,
+              allowed_id_providers: ["okta"]
+            )
+        )
+
+      {:ok, response} = channel |> Organization.OrganizationService.Stub.update(req)
+
+      assert response.organization.allowed_id_providers == ["okta"]
+
+      updated_org = Guard.FrontRepo.get!(Guard.FrontRepo.Organization, organization.id)
+      assert updated_org.allowed_id_providers == "okta"
+    end
+
+    test "doesn't update allowed_id_providers when empty list is provided", %{
+      grpc_channel: channel,
+      organization: organization
+    } do
+      assert organization.allowed_id_providers == "api_token,oidc"
+
+      # Update with empty allowed_id_providers
+      request =
+        Organization.UpdateRequest.new(
+          organization:
+            Organization.Organization.new(
+              org_id: organization.id,
+              name: "Updated Organization",
+              org_username: "updated-org"
+            )
+        )
+
+      {:ok, response} = channel |> Organization.OrganizationService.Stub.update(request)
+
+      assert response.organization.allowed_id_providers == ["api_token", "oidc"]
+      updated_org = Guard.FrontRepo.get!(Guard.FrontRepo.Organization, organization.id)
+      assert updated_org.allowed_id_providers == "api_token,oidc"
+    end
+
     test "returns error with invalid params", %{
       grpc_channel: channel,
       organization: organization
diff --git a/guard/test/support/factories/organization.ex b/guard/test/support/factories/organization.ex
@@ -8,7 +8,8 @@ defmodule Support.Factories.Organization do
       open_source: false,
       description: "Test Organization Description",
       website: "https://example.com",
-      avatar_url: "https://example.com/avatar.png"
+      avatar_url: "https://example.com/avatar.png",
+      allowed_id_providers: "api_token,oidc"
     ]
 
     attrs = Keyword.merge(defaults, options) |> Enum.into(%{})

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,8 @@ defmodule Support.Factories.Organization do`
`8`	`8`	`open_source: false,`
`9`	`9`	`description: "Test Organization Description",`
`10`	`10`	`website: "https://example.com",`
`11`		`- avatar_url: "https://example.com/avatar.png"`
	`11`	`+ avatar_url: "https://example.com/avatar.png",`
	`12`	`+ allowed_id_providers: "api_token,oidc"`
`12`	`13`	`]`
`13`	`14`
`14`	`15`	`attrs = Keyword.merge(defaults, options) \|> Enum.into(%{})`