Order the OAuth providers in the UI by their order in the config file (#4199)

sandhose · web-flow · commit 2ae1523a61eb · 2025-03-12T12:12:39.000+01:00
diff --git a/crates/cli/src/sync.rs b/crates/cli/src/sync.rs
@@ -165,11 +165,14 @@ pub async fn config_sync(
             }
         }
 
-        for provider in upstream_oauth2_config.providers {
+        for (index, provider) in upstream_oauth2_config.providers.into_iter().enumerate() {
             if !provider.enabled {
                 continue;
             }
 
+            // Use the position in the config of the provider as position in the UI
+            let ui_order = index.try_into().unwrap_or(i32::MAX);
+
             let _span = info_span!("provider", %provider.id).entered();
             if existing_enabled_ids.contains(&provider.id) {
                 info!("Updating provider");
@@ -293,6 +296,7 @@ pub async fn config_sync(
                             .additional_authorization_parameters
                             .into_iter()
                             .collect(),
+                        ui_order,
                     },
                 )
                 .await?;
diff --git a/crates/handlers/src/admin/v1/upstream_oauth_links/mod.rs b/crates/handlers/src/admin/v1/upstream_oauth_links/mod.rs
@@ -43,6 +43,7 @@ mod test_utils {
             userinfo_endpoint_override: None,
             jwks_uri_override: None,
             additional_authorization_parameters: Vec::new(),
+            ui_order: 0,
         }
     }
 }
diff --git a/crates/handlers/src/upstream_oauth2/link.rs b/crates/handlers/src/upstream_oauth2/link.rs
@@ -949,6 +949,7 @@ mod tests {
                     pkce_mode: mas_data_model::UpstreamOAuthProviderPkceMode::Auto,
                     response_mode: None,
                     additional_authorization_parameters: Vec::new(),
+                    ui_order: 0,
                 },
             )
             .await
diff --git a/crates/handlers/src/views/login.rs b/crates/handlers/src/views/login.rs
@@ -436,6 +436,7 @@ mod test {
                     pkce_mode: mas_data_model::UpstreamOAuthProviderPkceMode::Auto,
                     response_mode: None,
                     additional_authorization_parameters: Vec::new(),
+                    ui_order: 0,
                 },
             )
             .await
@@ -476,6 +477,7 @@ mod test {
                     pkce_mode: mas_data_model::UpstreamOAuthProviderPkceMode::Auto,
                     response_mode: None,
                     additional_authorization_parameters: Vec::new(),
+                    ui_order: 1,
                 },
             )
             .await
diff --git a/crates/storage-pg/.sqlx/query-72de26d5e3c56f4b0658685a95b45b647bb6637e55b662a5a548aa3308c62a8a.json b/crates/storage-pg/.sqlx/query-72de26d5e3c56f4b0658685a95b45b647bb6637e55b662a5a548aa3308c62a8a.json
diff --git a/crates/storage-pg/.sqlx/query-99f2a0b53e08d23408dc2837d32d734c8a0e706662e72f3b2585b0c38f42c063.json b/crates/storage-pg/.sqlx/query-99f2a0b53e08d23408dc2837d32d734c8a0e706662e72f3b2585b0c38f42c063.json
diff --git a/crates/storage-pg/.sqlx/query-c1e55ffd09181c0d8ddd0df2843690aeae4a20329045ab23639181a0d0903178.json b/crates/storage-pg/.sqlx/query-c1e55ffd09181c0d8ddd0df2843690aeae4a20329045ab23639181a0d0903178.json
diff --git a/crates/storage-pg/migrations/20250312094013_upstream_oauth2_providers_order.sql b/crates/storage-pg/migrations/20250312094013_upstream_oauth2_providers_order.sql
@@ -0,0 +1,9 @@
+-- Copyright 2025 New Vector Ltd.
+--
+-- SPDX-License-Identifier: AGPL-3.0-only
+-- Please see LICENSE in the repository root for full details.
+
+-- Adds a column to track the 'UI order' of the upstream OAuth2 providers, so
+-- that they can be consistently displayed in the UI
+ALTER TABLE upstream_oauth_providers
+  ADD COLUMN ui_order INTEGER NOT NULL DEFAULT 0;
diff --git a/crates/storage-pg/src/upstream_oauth2/mod.rs b/crates/storage-pg/src/upstream_oauth2/mod.rs
@@ -76,6 +76,7 @@ mod tests {
                     pkce_mode: mas_data_model::UpstreamOAuthProviderPkceMode::Auto,
                     response_mode: None,
                     additional_authorization_parameters: Vec::new(),
+                    ui_order: 0,
                 },
             )
             .await
@@ -322,6 +323,7 @@ mod tests {
                         pkce_mode: mas_data_model::UpstreamOAuthProviderPkceMode::Auto,
                         response_mode: None,
                         additional_authorization_parameters: Vec::new(),
+                        ui_order: 0,
                     },
                 )
                 .await
diff --git a/crates/storage-pg/src/upstream_oauth2/provider.rs b/crates/storage-pg/src/upstream_oauth2/provider.rs
@@ -517,9 +517,11 @@ impl UpstreamOAuthProviderRepository for PgUpstreamOAuthProviderRepository<'_> {
                     pkce_mode,
                     response_mode,
                     additional_parameters,
+                    ui_order,
                     created_at
                 ) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11,
-                          $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22)
+                          $12, $13, $14, $15, $16, $17, $18, $19, $20,
+                          $21, $22, $23)
                 ON CONFLICT (upstream_oauth_provider_id)
                     DO UPDATE
                     SET
@@ -543,7 +545,8 @@ impl UpstreamOAuthProviderRepository for PgUpstreamOAuthProviderRepository<'_> {
                         discovery_mode = EXCLUDED.discovery_mode,
                         pkce_mode = EXCLUDED.pkce_mode,
                         response_mode = EXCLUDED.response_mode,
-                        additional_parameters = EXCLUDED.additional_parameters
+                        additional_parameters = EXCLUDED.additional_parameters,
+                        ui_order = EXCLUDED.ui_order
                 RETURNING created_at
             "#,
             Uuid::from(id),
@@ -582,6 +585,7 @@ impl UpstreamOAuthProviderRepository for PgUpstreamOAuthProviderRepository<'_> {
             params.pkce_mode.as_str(),
             params.response_mode.as_ref().map(ToString::to_string),
             Json(&params.additional_authorization_parameters) as _,
+            params.ui_order,
             created_at,
         )
         .traced()
@@ -917,6 +921,7 @@ impl UpstreamOAuthProviderRepository for PgUpstreamOAuthProviderRepository<'_> {
                     additional_parameters as "additional_parameters: Json<Vec<(String, String)>>"
                 FROM upstream_oauth_providers
                 WHERE disabled_at IS NULL
+                ORDER BY ui_order ASC, upstream_oauth_provider_id ASC
             "#,
         )
         .traced()
diff --git a/crates/storage/src/upstream_oauth2/provider.rs b/crates/storage/src/upstream_oauth2/provider.rs
@@ -95,6 +95,9 @@ pub struct UpstreamOAuthProviderParams {
 
     /// Additional parameters to include in the authorization request
     pub additional_authorization_parameters: Vec<(String, String)>,
+
+    /// The position of the provider in the UI
+    pub ui_order: i32,
 }
 
 /// Filter parameters for listing upstream OAuth 2.0 providers
diff --git a/crates/syn2mas/src/mas_writer/snapshots/syn2mas__mas_writer__test__write_user_with_upstream_provider_link.snap b/crates/syn2mas/src/mas_writer/snapshots/syn2mas__mas_writer__test__write_user_with_upstream_provider_link.snap
@@ -30,6 +30,7 @@ upstream_oauth_providers:
     token_endpoint_auth_method: client_secret_basic
     token_endpoint_override: ~
     token_endpoint_signing_alg: ~
+    ui_order: "0"
     upstream_oauth_provider_id: 00000000-0000-0000-0000-000000000004
     userinfo_endpoint_override: ~
     userinfo_signed_response_alg: ~

Original file line number	Diff line number	Diff line change
`@@ -165,11 +165,14 @@ pub async fn config_sync(`
`165`	`165`	`}`
`166`	`166`	`}`
`167`	`167`
`168`		`- for provider in upstream_oauth2_config.providers {`
	`168`	`+ for (index, provider) in upstream_oauth2_config.providers.into_iter().enumerate() {`
`169`	`169`	`if !provider.enabled {`
`170`	`170`	`continue;`
`171`	`171`	`}`
`172`	`172`
	`173`	`+ // Use the position in the config of the provider as position in the UI`
	`174`	`+ let ui_order = index.try_into().unwrap_or(i32::MAX);`
	`175`	`+`
`173`	`176`	`let _span = info_span!("provider", %provider.id).entered();`
`174`	`177`	`if existing_enabled_ids.contains(&provider.id) {`
`175`	`178`	`info!("Updating provider");`
`@@ -293,6 +296,7 @@ pub async fn config_sync(`
`293`	`296`	`.additional_authorization_parameters`
`294`	`297`	`.into_iter()`
`295`	`298`	`.collect(),`
	`299`	`+ ui_order,`
`296`	`300`	`},`
`297`	`301`	`)`
`298`	`302`	`.await?;`
Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,7 @@ mod test_utils {`
`43`	`43`	`userinfo_endpoint_override: None,`
`44`	`44`	`jwks_uri_override: None,`
`45`	`45`	`additional_authorization_parameters: Vec::new(),`
	`46`	`+ ui_order: 0,`
`46`	`47`	`}`
`47`	`48`	`}`
`48`	`49`	`}`
Original file line number	Diff line number	Diff line change
`@@ -949,6 +949,7 @@ mod tests {`
`949`	`949`	`pkce_mode: mas_data_model::UpstreamOAuthProviderPkceMode::Auto,`
`950`	`950`	`response_mode: None,`
`951`	`951`	`additional_authorization_parameters: Vec::new(),`
	`952`	`+ ui_order: 0,`
`952`	`953`	`},`
`953`	`954`	`)`
`954`	`955`	`.await`
Original file line number	Diff line number	Diff line change
`@@ -95,6 +95,9 @@ pub struct UpstreamOAuthProviderParams {`
`95`	`95`
`96`	`96`	`/// Additional parameters to include in the authorization request`
`97`	`97`	`pub additional_authorization_parameters: Vec<(String, String)>,`
	`98`	`+`
	`99`	`+ /// The position of the provider in the UI`
	`100`	`+ pub ui_order: i32,`
`98`	`101`	`}`
`99`	`102`
`100`	`103`	`/// Filter parameters for listing upstream OAuth 2.0 providers`