[oidc] Fix the HEAD method call that checks reachability (#20474)

nandajavarma · geropl · web-flow · commit 4bd992439c31 · 2024-12-20T03:01:05.000-05:00
* [oidc] Fix the HEAD method call that checks reachability

* [server] Fix setup flow

---------

Co-authored-by: Gero Posmyk-Leinemann &lt;gero@gitpod.io&gt;
diff --git a/components/public-api-server/pkg/apiv1/oidc.go b/components/public-api-server/pkg/apiv1/oidc.go
@@ -493,7 +493,7 @@ func assertIssuerIsReachable(ctx context.Context, issuer *url.URL) error {
 		},
 	}
 
-	req, err := http.NewRequestWithContext(ctx, http.MethodHead, issuer.String(), nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodHead, issuer.String()+"/.well-known/openid-configuration", nil)
 	if err != nil {
 		return err
 	}
diff --git a/components/server/src/user/user-authentication.ts b/components/server/src/user/user-authentication.ts
@@ -6,7 +6,7 @@
 
 import { injectable, inject } from "inversify";
 import { User, Identity, Token, IdentityLookup } from "@gitpod/gitpod-protocol";
-import { EmailDomainFilterDB, MaybeUser, UserDB } from "@gitpod/gitpod-db/lib";
+import { BUILTIN_INSTLLATION_ADMIN_USER_ID, EmailDomainFilterDB, MaybeUser, UserDB } from "@gitpod/gitpod-db/lib";
 import { HostContextProvider } from "../auth/host-context-provider";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 import { Config } from "../config";
@@ -214,7 +214,10 @@ export class UserAuthentication {
         const isMultiOrgEnabled = await getExperimentsClientForBackend().getValueAsync("enable_multi_org", false, {
             gitpodHost: this.config.hostUrl.url.host,
         });
-        return isAllowedToCreateOrganization(user, isDedicated, isMultiOrgEnabled);
+        return (
+            isAllowedToCreateOrganization(user, isDedicated, isMultiOrgEnabled) ||
+            (isDedicated && user.id === BUILTIN_INSTLLATION_ADMIN_USER_ID)
+        );
     }
 
     async isBlocked(params: CheckIsBlockedParams): Promise<boolean> {

Original file line number	Diff line number	Diff line change
`@@ -493,7 +493,7 @@ func assertIssuerIsReachable(ctx context.Context, issuer *url.URL) error {`
`493`	`493`	`},`
`494`	`494`	`}`
`495`	`495`
`496`		`- req, err := http.NewRequestWithContext(ctx, http.MethodHead, issuer.String(), nil)`
	`496`	`+ req, err := http.NewRequestWithContext(ctx, http.MethodHead, issuer.String()+"/.well-known/openid-configuration", nil)`
`497`	`497`	`if err != nil {`
`498`	`498`	`return err`
`499`	`499`	`}`