Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 3cb2d52

Browse files
f0sself0ssel
authored
fix: issue with token auth (#4483)
1 parent a70278e commit 3cb2d52

File tree

3 files changed

+43
-3
lines changed

3 files changed

+43
-3
lines changed

cli/root.go

+3-2
Original file line numberDiff line numberDiff line change
@@ -55,11 +55,12 @@ const (
5555
envNoVersionCheck = "CODER_NO_VERSION_WARNING"
5656
envNoFeatureWarning = "CODER_NO_FEATURE_WARNING"
5757
envExperimental = "CODER_EXPERIMENTAL"
58+
envSessionToken = "CODER_SESSION_TOKEN"
59+
envURL = "CODER_URL"
5860
)
5961

6062
var (
6163
errUnauthenticated = xerrors.New(notLoggedInMessage)
62-
envSessionToken = "CODER_SESSION_TOKEN"
6364
)
6465

6566
func init() {
@@ -173,7 +174,7 @@ func Root(subcommands []*cobra.Command) *cobra.Command {
173174

174175
cmd.SetUsageTemplate(usageTemplate())
175176

176-
cmd.PersistentFlags().String(varURL, "", "URL to a deployment.")
177+
cliflag.String(cmd.PersistentFlags(), varURL, "", envURL, "", "URL to a deployment.")
177178
cliflag.Bool(cmd.PersistentFlags(), varNoVersionCheck, "", envNoVersionCheck, false, "Suppress warning when client and server versions do not match.")
178179
cliflag.Bool(cmd.PersistentFlags(), varNoFeatureWarning, "", envNoFeatureWarning, false, "Suppress warnings about unlicensed features.")
179180
cliflag.String(cmd.PersistentFlags(), varToken, "", envSessionToken, "", fmt.Sprintf("Specify an authentication token. For security reasons setting %s is preferred.", envSessionToken))

coderd/httpmw/apikey.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -204,7 +204,7 @@ func ExtractAPIKey(cfg ExtractAPIKeyConfig) func(http.Handler) http.Handler {
204204
// Tracks if the API key has properties updated
205205
changed = false
206206
)
207-
if key.LoginType != database.LoginTypePassword {
207+
if key.LoginType == database.LoginTypeGithub || key.LoginType == database.LoginTypeOIDC {
208208
link, err = cfg.DB.GetUserLinkByUserIDLoginType(r.Context(), database.GetUserLinkByUserIDLoginTypeParams{
209209
UserID: key.UserID,
210210
LoginType: key.LoginType,

coderd/httpmw/apikey_test.go

+39
Original file line numberDiff line numberDiff line change
@@ -589,6 +589,45 @@ func TestAPIKey(t *testing.T) {
589589
require.Equal(t, http.StatusOK, res.StatusCode)
590590
require.EqualValues(t, 1, atomic.LoadInt64(&count))
591591
})
592+
593+
t.Run("Tokens", func(t *testing.T) {
594+
t.Parallel()
595+
var (
596+
db = databasefake.New()
597+
id, secret = randomAPIKeyParts()
598+
hashed = sha256.Sum256([]byte(secret))
599+
r = httptest.NewRequest("GET", "/", nil)
600+
rw = httptest.NewRecorder()
601+
user = createUser(r.Context(), t, db)
602+
)
603+
r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
604+
605+
sentAPIKey, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
606+
ID: id,
607+
HashedSecret: hashed[:],
608+
LoginType: database.LoginTypeToken,
609+
LastUsed: database.Now(),
610+
ExpiresAt: database.Now().AddDate(0, 0, 1),
611+
UserID: user.ID,
612+
Scope: database.APIKeyScopeAll,
613+
})
614+
require.NoError(t, err)
615+
616+
httpmw.ExtractAPIKey(httpmw.ExtractAPIKeyConfig{
617+
DB: db,
618+
RedirectToLogin: false,
619+
})(successHandler).ServeHTTP(rw, r)
620+
res := rw.Result()
621+
defer res.Body.Close()
622+
require.Equal(t, http.StatusOK, res.StatusCode)
623+
624+
gotAPIKey, err := db.GetAPIKeyByID(r.Context(), id)
625+
require.NoError(t, err)
626+
627+
require.Equal(t, sentAPIKey.LastUsed, gotAPIKey.LastUsed)
628+
require.Equal(t, sentAPIKey.ExpiresAt, gotAPIKey.ExpiresAt)
629+
require.Equal(t, sentAPIKey.LoginType, gotAPIKey.LoginType)
630+
})
592631
}
593632

594633
func createUser(ctx context.Context, t *testing.T, db database.Store) database.User {

0 commit comments

Comments
 (0)