coder
diff --git a/‎cli/login.go
Lines changed: 1 addition & 2 deletions b/‎cli/login.go
Lines changed: 1 addition & 2 deletions
diff --git a/‎cli/login_test.go
Lines changed: 9 additions & 0 deletions b/‎cli/login_test.go
Lines changed: 9 additions & 0 deletions
diff --git a/‎codersdk/deployment.go
Lines changed: 1 addition & 0 deletions b/‎codersdk/deployment.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/admin/encryption.md
Lines changed: 57 additions & 57 deletions b/‎docs/admin/encryption.md
Lines changed: 57 additions & 57 deletions
diff --git a/‎enterprise/coderd/proxyhealth/proxyhealth.go
Lines changed: 21 additions & 1 deletion b/‎enterprise/coderd/proxyhealth/proxyhealth.go
Lines changed: 21 additions & 1 deletion
diff --git a/‎site/e2e/global.setup.ts
Lines changed: 1 addition & 2 deletions b/‎site/e2e/global.setup.ts
Lines changed: 1 addition & 2 deletions
diff --git a/‎site/src/components/Filter/filter.tsx
Lines changed: 51 additions & 23 deletions b/‎site/src/components/Filter/filter.tsx
Lines changed: 51 additions & 23 deletions
@@ -278,8 +278,7 @@ func (r *RootCmd) login() *clibase.Cmd {
 				}
 
 				sessionToken, err = cliui.Prompt(inv, cliui.PromptOptions{
-					Text:   "Paste your token here:",
-					Secret: true,
+					Text: "Paste your token here:",
 					Validate: func(token string) error {
 						client.SetSessionToken(token)
 						_, err := client.User(ctx, codersdk.Me)
 
@@ -3,6 +3,7 @@ package cli_test
 import (
 	"context"
 	"fmt"
+	"runtime"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -170,6 +171,10 @@ func TestLogin(t *testing.T) {
 
 		pty.ExpectMatch("Paste your token here:")
 		pty.WriteLine(client.SessionToken())
+		if runtime.GOOS != "windows" {
+			// For some reason, the match does not show up on Windows.
+			pty.ExpectMatch(client.SessionToken())
+		}
 		pty.ExpectMatch("Welcome to Coder")
 		<-doneChan
 	})
@@ -193,6 +198,10 @@ func TestLogin(t *testing.T) {
 
 		pty.ExpectMatch("Paste your token here:")
 		pty.WriteLine("an-invalid-token")
+		if runtime.GOOS != "windows" {
+			// For some reason, the match does not show up on Windows.
+			pty.ExpectMatch("an-invalid-token")
+		}
 		pty.ExpectMatch("That's not a valid token!")
 		cancelFunc()
 		<-doneChan
 
@@ -92,6 +92,7 @@ func (n FeatureName) AlwaysEnable() bool {
 		FeatureMultipleGitAuth:            true,
 		FeatureExternalProvisionerDaemons: true,
 		FeatureAppearance:                 true,
+		FeatureWorkspaceBatchActions:      true,
 	}[n]
 }
 
 
@@ -42,26 +42,26 @@ Additional database fields may be encrypted in the future.
 
 ## Enabling encryption
 
-1. Ensure you have a valid backup of your database. **Do not skip this step.**
-   If you are using the built-in PostgreSQL database, you can run
-   [`coder server postgres-builtin-url`](../cli/server_postgres-builtin-url.md)
-   to get the connection URL.
+- Ensure you have a valid backup of your database. **Do not skip this step.** If
+  you are using the built-in PostgreSQL database, you can run
+  [`coder server postgres-builtin-url`](../cli/server_postgres-builtin-url.md)
+  to get the connection URL.
 
-1. Generate a 32-byte random key and base64-encode it. For example:
+- Generate a 32-byte random key and base64-encode it. For example:
 
 ```shell
 dd if=/dev/urandom bs=32 count=1 | base64
 ```
 
-1. Store this key in a secure location (for example, a Kubernetes secret):
+- Store this key in a secure location (for example, a Kubernetes secret):
 
 ```shell
 kubectl create secret generic coder-external-token-encryption-keys --from-literal=keys=<key>
 ```
 
-1. In your Coder configuration set `CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS` to a
-   comma-separated list of base64-encoded keys. For example, in your Helm
-   `values.yaml`:
+- In your Coder configuration set `CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS` to a
+  comma-separated list of base64-encoded keys. For example, in your Helm
+  `values.yaml`:
 
 ```yaml
 coder:
@@ -74,22 +74,22 @@ coder:
           key: keys
 ```
 
-1. Restart the Coder server. The server will now encrypt all new data with the
-   provided key.
+- Restart the Coder server. The server will now encrypt all new data with the
+  provided key.
 
 ## Rotating keys
 
 We recommend only having one active encryption key at a time normally. However,
 if you need to rotate keys, you can perform the following procedure:
 
-1. Ensure you have a valid backup of your database. **Do not skip this step.**
+- Ensure you have a valid backup of your database. **Do not skip this step.**
 
-1. Generate a new encryption key following the same procedure as above.
+- Generate a new encryption key following the same procedure as above.
 
-1. Add the above key to the list of
-   [external token encryption keys](../cli/server.md#--external-token-encryption-keys).
-   **The new key must appear first in the list**. For example, in the Kubernetes
-   secret created above:
+- Add the above key to the list of
+  [external token encryption keys](../cli/server.md#--external-token-encryption-keys).
+  **The new key must appear first in the list**. For example, in the Kubernetes
+  secret created above:
 
 ```yaml
 apiVersion: v1
@@ -102,70 +102,70 @@ data:
   keys: <new-key>,<old-key1>,<old-key2>,...
 ```
 
-1. After updating the configuration, restart the Coder server. The server will
-   now encrypt all new data with the new key, but will be able to decrypt tokens
-   encrypted with the old key(s).
+- After updating the configuration, restart the Coder server. The server will
+  now encrypt all new data with the new key, but will be able to decrypt tokens
+  encrypted with the old key(s).
 
-1. To re-encrypt all encrypted database fields with the new key, run
-   [`coder server dbcrypt rotate`](../cli/server_dbcrypt_rotate.md). This
-   command will re-encrypt all tokens with the specified new encryption key. We
-   recommend performing this action during a maintenance window.
+- To re-encrypt all encrypted database fields with the new key, run
+  [`coder server dbcrypt rotate`](../cli/server_dbcrypt_rotate.md). This command
+  will re-encrypt all tokens with the specified new encryption key. We recommend
+  performing this action during a maintenance window.
 
-   > Note: this command requires direct access to the database. If you are using
-   > the built-in PostgreSQL database, you can run
-   > [`coder server postgres-builtin-url`](../cli/server_postgres-builtin-url.md)
-   > to get the connection URL.
+  > Note: this command requires direct access to the database. If you are using
+  > the built-in PostgreSQL database, you can run
+  > [`coder server postgres-builtin-url`](../cli/server_postgres-builtin-url.md)
+  > to get the connection URL.
 
-1. Once the above command completes successfully, remove the old encryption key
-   from Coder's configuration and restart Coder once more. You can now safely
-   delete the old key from your secret store.
+- Once the above command completes successfully, remove the old encryption key
+  from Coder's configuration and restart Coder once more. You can now safely
+  delete the old key from your secret store.
 
 ## Disabling encryption
 
 To disable encryption, perform the following actions:
 
-1. Ensure you have a valid backup of your database. **Do not skip this step.**
+- Ensure you have a valid backup of your database. **Do not skip this step.**
 
-1. Stop all active coderd instances. This will prevent new encrypted data from
-   being written, which may cause the next step to fail.
+- Stop all active coderd instances. This will prevent new encrypted data from
+  being written, which may cause the next step to fail.
 
-1. Run [`coder server dbcrypt decrypt`](../cli/server_dbcrypt_decrypt.md). This
-   command will decrypt all encrypted user tokens and revoke all active
-   encryption keys.
+- Run [`coder server dbcrypt decrypt`](../cli/server_dbcrypt_decrypt.md). This
+  command will decrypt all encrypted user tokens and revoke all active
+  encryption keys.
 
-   > Note: for `decrypt` command, the equivalent environment variable for
-   > `--keys` is `CODER_EXTERNAL_TOKEN_ENCRYPTION_DECRYPT_KEYS` and not
-   > `CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS`. This is explicitly named
-   > differently to help prevent accidentally decrypting data.
+  > Note: for `decrypt` command, the equivalent environment variable for
+  > `--keys` is `CODER_EXTERNAL_TOKEN_ENCRYPTION_DECRYPT_KEYS` and not
+  > `CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS`. This is explicitly named differently
+  > to help prevent accidentally decrypting data.
 
-1. Remove all
-   [external token encryption keys](../cli/server.md#--external-token-encryption-keys)
-   from Coder's configuration.
+- Remove all
+  [external token encryption keys](../cli/server.md#--external-token-encryption-keys)
+  from Coder's configuration.
 
-1. Start coderd. You can now safely delete the encryption keys from your secret
-   store.
+- Start coderd. You can now safely delete the encryption keys from your secret
+  store.
 
 ## Deleting Encrypted Data
 
 > NOTE: This is a destructive operation.
 
 To delete all encrypted data from your database, perform the following actions:
 
-1. Ensure you have a valid backup of your database. **Do not skip this step.**
+- Ensure you have a valid backup of your database. **Do not skip this step.**
 
-1. Stop all active coderd instances. This will prevent new encrypted data from
-   being written.
+- Stop all active coderd instances. This will prevent new encrypted data from
+  being written.
 
-1. Run [`coder server dbcrypt delete`](../cli/server_dbcrypt_delete.md). This
-   command will delete all encrypted user tokens and revoke all active
-   encryption keys.
+- Run [`coder server dbcrypt delete`](../cli/server_dbcrypt_delete.md). This
+  command will delete all encrypted user tokens and revoke all active encryption
+  keys.
 
-1. Remove all
-   [external token encryption keys](../cli/server.md#--external-token-encryption-keys)
-   from Coder's configuration.
+- Remove all
+  [external token encryption keys](../cli/server.md#--external-token-encryption-keys)
+  from Coder's configuration.
 
-1. Start coderd. You can now safely delete the encryption keys from your secret
-   store.
+- Start coderd. You can now safely delete the encryption keys from your secret
+  store.
 
 ## Troubleshooting
 
 
@@ -289,7 +289,27 @@ func (p *ProxyHealth) runOnce(ctx context.Context, now time.Time) (map[uuid.UUID
 			case err == nil && resp.StatusCode != http.StatusOK:
 				// Unhealthy as we did reach the proxy but it got an unexpected response.
 				status.Status = Unhealthy
-				status.Report.Errors = []string{fmt.Sprintf("unexpected status code %d", resp.StatusCode)}
+				var builder strings.Builder
+				// This string is shown on the UI where newlines are respected.
+				// This error message is not ever decoded programmatically, so keep it human-
+				// readable.
+				builder.WriteString(fmt.Sprintf("unexpected status code %d. ", resp.StatusCode))
+				builder.WriteString(fmt.Sprintf("\nEncountered error, send a request to %q from the Coderd environment to debug this issue.", reqURL))
+				err := codersdk.ReadBodyAsError(resp)
+				if err != nil {
+					var apiErr *codersdk.Error
+					if xerrors.As(err, &apiErr) {
+						builder.WriteString(fmt.Sprintf("\nError Message: %s\nError Detail: %s", apiErr.Message, apiErr.Detail))
+						for _, v := range apiErr.Validations {
+							// Pretty sure this is not possible from the called endpoint, but just in case.
+							builder.WriteString(fmt.Sprintf("\n\tValidation: %s=%s", v.Field, v.Detail))
+						}
+					} else {
+						builder.WriteString(fmt.Sprintf("\nError: %s", err.Error()))
+					}
+				}
+
+				status.Report.Errors = []string{builder.String()}
 			case err != nil:
 				// Request failed, mark the proxy as unreachable.
 				status.Status = Unreachable
 
@@ -12,7 +12,6 @@ test("create first user", async ({ page }) => {
   await page.getByTestId("trial").click();
   await page.getByTestId("create").click();
 
-  await expect(page).toHaveURL("/workspaces");
-
+  await expect(page).toHaveURL(/\/workspaces.*/);
   await page.context().storageState({ path: STORAGE_STATE });
 });
@@ -24,7 +24,9 @@ import MenuList from "@mui/material/MenuList";
 import { Loader } from "components/Loader/Loader";
 import Divider from "@mui/material/Divider";
 import OpenInNewOutlined from "@mui/icons-material/OpenInNewOutlined";
+
 import { useDebouncedFunction } from "hooks/debounce";
+import { useEffectEvent } from "hooks/hookPolyfills";
 
 export type PresetFilter = {
   name: string;
@@ -33,45 +35,71 @@ export type PresetFilter = {
 
 type FilterValues = Record<string, string | undefined>;
 
+type UseFilterConfig = {
+  /**
+   * The fallback value to use in the event that no filter params can be parsed
+   * from the search params object. This value is allowed to change on
+   * re-renders.
+   */
+  fallbackFilter?: string;
+  searchParamsResult: ReturnType<typeof useSearchParams>;
+  onUpdate?: (newValue: string) => void;
+};
+
+const useFilterParamsKey = "filter";
+
 export const useFilter = ({
-  initialValue = "",
-  onUpdate,
+  fallbackFilter = "",
   searchParamsResult,
-}: {
-  initialValue?: string;
-  searchParamsResult: ReturnType<typeof useSearchParams>;
-  onUpdate?: () => void;
-}) => {
+  onUpdate,
+}: UseFilterConfig) => {
   const [searchParams, setSearchParams] = searchParamsResult;
-  const query = searchParams.get("filter") ?? initialValue;
-  const values = parseFilterQuery(query);
-
-  const update = (values: string | FilterValues) => {
-    if (typeof values === "string") {
-      searchParams.set("filter", values);
-    } else {
-      searchParams.set("filter", stringifyFilter(values));
-    }
+  const query = searchParams.get(useFilterParamsKey) ?? fallbackFilter;
+
+  // Stabilizing reference to setSearchParams from one central spot, just to be
+  // on the extra careful side; don't want effects over-running. You would think
+  // this would be overkill, but setSearchParams isn't stable out of the box
+  const stableSetSearchParams = useEffectEvent(setSearchParams);
+
+  // Keep params synced with query, even as query changes from outside sources
+  useEffect(() => {
+    stableSetSearchParams((currentParams) => {
+      const currentQuery = currentParams.get(useFilterParamsKey);
+
+      if (query === "") {
+        currentParams.delete(useFilterParamsKey);
+      } else if (currentQuery !== query) {
+        currentParams.set(useFilterParamsKey, query);
+      }
+
+      return currentParams;
+    });
+  }, [stableSetSearchParams, query]);
+
+  const update = (newValues: string | FilterValues) => {
+    const serialized =
+      typeof newValues === "string" ? newValues : stringifyFilter(newValues);
+
+    searchParams.set(useFilterParamsKey, serialized);
     setSearchParams(searchParams);
-    if (onUpdate) {
-      onUpdate();
+
+    if (onUpdate !== undefined) {
+      onUpdate(serialized);
     }
   };
 
   const { debounced: debounceUpdate, cancelDebounce } = useDebouncedFunction(
-    (values: string | FilterValues) => update(values),
+    update,
     500,
   );
 
-  const used = query !== "" && query !== initialValue;
-
   return {
     query,
     update,
     debounceUpdate,
     cancelDebounce,
-    values,
-    used,
+    values: parseFilterQuery(query),
+    used: query !== "" && query !== fallbackFilter,
   };
 };
Original file line number	Diff line number	Diff line change
`@@ -278,8 +278,7 @@ func (r RootCmd) login() clibase.Cmd {`
`278`	`278`	`}`
`279`	`279`
`280`	`280`	`sessionToken, err = cliui.Prompt(inv, cliui.PromptOptions{`
`281`		`- Text: "Paste your token here:",`
`282`		`- Secret: true,`
	`281`	`+ Text: "Paste your token here:",`
`283`	`282`	`Validate: func(token string) error {`
`284`	`283`	`client.SetSessionToken(token)`
`285`	`284`	`_, err := client.User(ctx, codersdk.Me)`
Original file line number	Diff line number	Diff line change
`@@ -92,6 +92,7 @@ func (n FeatureName) AlwaysEnable() bool {`
`92`	`92`	`FeatureMultipleGitAuth: true,`
`93`	`93`	`FeatureExternalProvisionerDaemons: true,`
`94`	`94`	`FeatureAppearance: true,`
	`95`	`+ FeatureWorkspaceBatchActions: true,`
`95`	`96`	`}[n]`
`96`	`97`	`}`
`97`	`98`