Skip to content

Commit 5d483a7

Browse files
EmyrkEmyrk
authored
fix: do not query user_link for deleted accounts (#12112)
1 parent 06f3ab1 commit 5d483a7

File tree

4 files changed

+39
-8
lines changed

4 files changed

+39
-8
lines changed

coderd/database/dbmem/dbmem.go

+4
Original file line numberDiff line numberDiff line change
@@ -3787,6 +3787,10 @@ func (q *FakeQuerier) GetUserLinkByLinkedID(_ context.Context, id string) (datab
37873787
defer q.mutex.RUnlock()
37883788

37893789
for _, link := range q.userLinks {
3790+
user, err := q.getUserByIDNoLock(link.UserID)
3791+
if err == nil && user.Deleted {
3792+
continue
3793+
}
37903794
if link.LinkedID == id {
37913795
return link, nil
37923796
}

coderd/database/queries.sql.go

+5-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries/user_links.sql

+6-2
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,14 @@
11
-- name: GetUserLinkByLinkedID :one
22
SELECT
3-
*
3+
user_links.*
44
FROM
55
user_links
6+
INNER JOIN
7+
users ON user_links.user_id = users.id
68
WHERE
7-
linked_id = $1;
9+
linked_id = $1
10+
AND
11+
deleted = false;
812

913
-- name: GetUserLinkByUserIDLoginType :one
1014
SELECT

coderd/userauth_test.go

+24-5
Original file line numberDiff line numberDiff line change
@@ -603,6 +603,11 @@ func TestUserOAuth2Github(t *testing.T) {
603603

604604
require.Equal(t, http.StatusUnauthorized, resp.StatusCode)
605605
})
606+
607+
// The bug only is exercised when a deleted user with the same linked_id exists.
608+
// Still related open issues:
609+
// - https://github.com/coder/coder/issues/12116
610+
// - https://github.com/coder/coder/issues/12115
606611
t.Run("ChangedEmail", func(t *testing.T) {
607612
t.Parallel()
608613

@@ -627,7 +632,7 @@ func TestUserOAuth2Github(t *testing.T) {
627632
coderEmail,
628633
}
629634

630-
client := coderdtest.New(t, &coderdtest.Options{
635+
owner := coderdtest.New(t, &coderdtest.Options{
631636
Auditor: auditor,
632637
GithubOAuth2Config: &coderd.GithubOAuth2Config{
633638
AllowSignups: true,
@@ -650,9 +655,21 @@ func TestUserOAuth2Github(t *testing.T) {
650655
},
651656
},
652657
})
658+
coderdtest.CreateFirstUser(t, owner)
659+
660+
ctx := testutil.Context(t, testutil.WaitLong)
661+
// Create the user, then delete the user, then create again.
662+
// This causes the email change to fail.
663+
client := codersdk.New(owner.URL)
653664

654-
ctx := testutil.Context(t, testutil.WaitMedium)
655-
// This should register the user
665+
client, _ = fake.Login(t, client, jwt.MapClaims{})
666+
deleted, err := client.User(ctx, "me")
667+
require.NoError(t, err)
668+
669+
err = owner.DeleteUser(ctx, deleted.ID)
670+
require.NoError(t, err)
671+
672+
// Create the user again.
656673
client, _ = fake.Login(t, client, jwt.MapClaims{})
657674
user, err := client.User(ctx, "me")
658675
require.NoError(t, err)
@@ -666,7 +683,8 @@ func TestUserOAuth2Github(t *testing.T) {
666683
client, _ = fake.Login(t, client, jwt.MapClaims{})
667684
user, err = client.User(ctx, "me")
668685
require.NoError(t, err)
669-
require.Equal(t, user.ID, userID)
686+
687+
require.Equal(t, user.ID, userID, "user_id is different, a new user was likely created")
670688
require.Equal(t, user.Email, *gmailEmail.Email)
671689

672690
// Entirely change emails.
@@ -681,7 +699,8 @@ func TestUserOAuth2Github(t *testing.T) {
681699
client, _ = fake.Login(t, client, jwt.MapClaims{})
682700
user, err = client.User(ctx, "me")
683701
require.NoError(t, err)
684-
require.Equal(t, user.ID, userID)
702+
703+
require.Equal(t, user.ID, userID, "user_id is different, a new user was likely created")
685704
require.Equal(t, user.Email, newEmail)
686705
})
687706
}

0 commit comments

Comments
 (0)