return an error when renaming users from OIDC

Signed-off-by: Kristoffer Dalby <[email protected]>
juanfont · Jan 31, 2025 · 5a8db83 · 5a8db83
1 parent e172c29
commit 5a8db83
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,8 @@
   [#2350](https://github.com/juanfont/headscale/pull/2350)
 - Print Tailscale version instead of capability versions for outdated nodes
   [#2391](https://github.com/juanfont/headscale/pull/2391)
+- Do not allow renaming of users from OIDC
+  [#2393](https://github.com/juanfont/headscale/pull/2393)
 
 ## 0.24.2 (2025-01-30)
 

diff --git a/hscontrol/db/users.go b/hscontrol/db/users.go
@@ -81,6 +81,8 @@ func (hsdb *HSDatabase) RenameUser(uid types.UserID, newName string) error {
 	})
 }
 
+var ErrCannotChangeOIDCUser = errors.New("cannot edit OIDC user")
+
 // RenameUser renames a User. Returns error if the User does
 // not exist or if another User exists with the new name.
 func RenameUser(tx *gorm.DB, uid types.UserID, newName string) error {
@@ -94,6 +96,10 @@ func RenameUser(tx *gorm.DB, uid types.UserID, newName string) error {
 		return err
 	}
 
+	if oldUser.Provider == util.RegisterMethodOIDC {
+		return ErrCannotChangeOIDCUser
+	}
+
 	oldUser.Name = newName
 
 	if err := tx.Save(&oldUser).Error; err != nil {