refactor: remove username override from jfrog-oauth module and enhance username extraction

Author: DevelopmentCats

registry/coder/modules/jfrog-oauth/README.md

@@ -39,6 +39,15 @@ module "jfrog" {
 
 This module is usable by JFrog self-hosted (on-premises) Artifactory as it requires configuring a custom integration. This integration benefits from Coder's [external-auth](https://coder.com/docs/v2/latest/admin/external-auth) feature and allows each user to authenticate with Artifactory using an OAuth flow and issues user-scoped tokens to each user. For configuration instructions, see this [guide](https://coder.com/docs/v2/latest/guides/artifactory-integration#jfrog-oauth) on the Coder documentation.
 
+## Username Handling
+
+The module automatically extracts your JFrog username directly from the OAuth token's JWT payload. This preserves special characters like dots (`.`), hyphens (`-`), and accented characters that Coder normalizes in usernames.
+
+**Priority order:**
+
+1. **JWT extraction** (default) - Extracts username from OAuth token, preserving special characters
+2. **Fallback to `username_field`** - If JWT extraction fails, uses Coder username or email
+
 ## Examples
 
 Configure the Python pip package manager to fetch packages from Artifactory while mapping the Coder email to the Artifactory username.

registry/coder/modules/jfrog-oauth/main.test.ts

@@ -12,7 +12,6 @@ describe("jfrog-oauth", async () => {
     jfrog_url: string;
     package_managers: string;
 
-    username?: string;
     username_field?: string;
     jfrog_server_id?: string;
     external_auth_id?: string;
@@ -187,28 +186,4 @@ EOF`;
       'if [ -z "YES" ]; then\n  not_configured maven',
     );
   });
-
-  it("accepts manual username override with special characters", async () => {
-    const customUsername = "john.smith";
-    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
-      agent_id: "some-agent-id",
-      jfrog_url: fakeFrogUrl,
-      username: customUsername,
-      package_managers: JSON.stringify({
-        npm: ["npm"],
-        pypi: ["pypi"],
-        docker: ["docker.jfrog.io"],
-      }),
-    });
-
-    const coderScript = findResourceInstance(state, "coder_script");
-
-    expect(coderScript.script).toContain(
-      `docker login "$repo" --username ${customUsername}`,
-    );
-
-    expect(coderScript.script).toContain(`https://${customUsername}:`);
-
-    expect(coderScript.script).toContain("cat << EOF > ~/.npmrc");
-  });
 });

registry/coder/modules/jfrog-oauth/main.tf

@@ -25,16 +25,6 @@ variable "jfrog_server_id" {
   default     = "0"
 }
 
-variable "username" {
-  type        = string
-  description = <<-EOF
-    Override JFrog username. Leave empty for automatic extraction from OAuth token.
-    The module automatically extracts your JFrog username from the OAuth token.
-    Only set this if automatic extraction fails or you need to use a different username.
-  EOF
-  default     = null
-}
-
 variable "username_field" {
   type        = string
   description = "The field to use for the artifactory username. i.e. Coder username or email."
@@ -87,8 +77,7 @@ variable "package_managers" {
 
 locals {
   username = coalesce(
-    var.username,
-    try(data.external.jfrog_username[0].result.username != "" ? data.external.jfrog_username[0].result.username : null, null),
+    try(data.external.jfrog_username.result.username != "" ? data.external.jfrog_username.result.username : null, null),
     var.username_field == "email" ? data.coder_workspace_owner.me.email : data.coder_workspace_owner.me.name
   )
   jfrog_host = split("://", var.jfrog_url)[1]
@@ -129,9 +118,8 @@ data "coder_workspace_owner" "me" {}
 data "coder_external_auth" "jfrog" {
   id = var.external_auth_id
 }
-data "external" "jfrog_username" {
-  count = var.username == null ? 1 : 0
 
+data "external" "jfrog_username" {
   program = ["bash", "-c", "TOKEN='${data.coder_external_auth.jfrog.access_token}'; PAYLOAD=$(echo \"$TOKEN\" | cut -d. -f2); LEN=$(printf '%s' \"$PAYLOAD\" | wc -c); MOD=$((LEN % 4)); if [ $MOD -eq 2 ]; then PAYLOAD=\"$PAYLOAD==\"; elif [ $MOD -eq 3 ]; then PAYLOAD=\"$PAYLOAD=\"; fi; USERNAME=$(echo \"$PAYLOAD\" | base64 -d 2>/dev/null | grep -oP '\"/users/\\K[^\"]+' 2>/dev/null | head -1 || echo \"\"); if [ -z \"$USERNAME\" ]; then echo '{\"username\":\"\"}'; else USERNAME=$(echo \"$USERNAME\" | sed 's/\\\\/\\\\\\\\/g; s/\"/\\\\\"/g'); echo \"{\\\"username\\\":\\\"$USERNAME\\\"}\"; fi"]
 }