Skip to content

Commit 6fdb233

Browse files
coadlercoadler
committed
fix oidc, add test
1 parent 3829773 commit 6fdb233

File tree

4 files changed

+65
-12
lines changed

4 files changed

+65
-12
lines changed

coderd/audit/fields.go

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,11 +13,15 @@ const (
1313
BackgroundSubsystemDormancy BackgroundSubsystem = "dormancy"
1414
)
1515

16-
func BackgroundTaskFields(ctx context.Context, logger slog.Logger, subsystem BackgroundSubsystem) []byte {
17-
af := map[string]string{
16+
func BackgroundTaskFields(subsystem BackgroundSubsystem) map[string]string {
17+
return map[string]string{
1818
"automatic_actor": "coder",
1919
"automatic_subsystem": string(subsystem),
2020
}
21+
}
22+
23+
func BackgroundTaskFieldsBytes(ctx context.Context, logger slog.Logger, subsystem BackgroundSubsystem) []byte {
24+
af := BackgroundTaskFields(subsystem)
2125

2226
wriBytes, err := json.Marshal(af)
2327
if err != nil {

coderd/userauth.go

Lines changed: 14 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -613,15 +613,19 @@ func ActivateDormantUser(logger slog.Logger, auditor *atomic.Pointer[audit.Audit
613613
return user, xerrors.Errorf("update user status: %w", err)
614614
}
615615

616+
oldAuditUser := user
617+
newAuditUser := user
618+
newAuditUser.Status = database.UserStatusActive
619+
616620
audit.BackgroundAudit(ctx, &audit.BackgroundAuditParams[database.User]{
617621
Audit: *auditor.Load(),
618622
Log: logger,
619623
UserID: user.ID,
620624
Action: database.AuditActionWrite,
621-
Old: user,
622-
New: newUser,
625+
Old: oldAuditUser,
626+
New: newAuditUser,
623627
Status: http.StatusOK,
624-
AdditionalFields: audit.BackgroundTaskFields(ctx, logger, audit.BackgroundSubsystemDormancy),
628+
AdditionalFields: audit.BackgroundTaskFieldsBytes(ctx, logger, audit.BackgroundSubsystemDormancy),
625629
})
626630

627631
return newUser, nil
@@ -1420,11 +1424,12 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
14201424
dormantConvertAudit *audit.Request[database.User]
14211425
initDormantAuditOnce = sync.OnceFunc(func() {
14221426
dormantConvertAudit = params.initAuditRequest(&audit.RequestParams{
1423-
Audit: auditor,
1424-
Log: api.Logger,
1425-
Request: r,
1426-
Action: database.AuditActionWrite,
1427-
OrganizationID: uuid.Nil,
1427+
Audit: auditor,
1428+
Log: api.Logger,
1429+
Request: r,
1430+
Action: database.AuditActionWrite,
1431+
OrganizationID: uuid.Nil,
1432+
AdditionalFields: audit.BackgroundTaskFields(audit.BackgroundSubsystemDormancy),
14281433
})
14291434
})
14301435
)
@@ -1543,6 +1548,7 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
15431548
// This is necessary because transactions can be retried, and we
15441549
// only want to add the audit log a single time.
15451550
initDormantAuditOnce()
1551+
dormantConvertAudit.UserID = user.ID
15461552
dormantConvertAudit.Old = user
15471553
//nolint:gocritic // System needs to update status of the user account (dormant -> active).
15481554
user, err = tx.UpdateUserStatus(dbauthz.AsSystemRestricted(ctx), database.UpdateUserStatusParams{

coderd/userauth_test.go

Lines changed: 44 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1285,7 +1285,7 @@ func TestUserOIDC(t *testing.T) {
12851285
tc.AssertResponse(t, resp)
12861286
}
12871287

1288-
ctx := testutil.Context(t, testutil.WaitLong)
1288+
ctx := testutil.Context(t, testutil.WaitShort)
12891289

12901290
if tc.AssertUser != nil {
12911291
user, err := client.User(ctx, "me")
@@ -1300,6 +1300,49 @@ func TestUserOIDC(t *testing.T) {
13001300
})
13011301
}
13021302

1303+
t.Run("OIDCDormancy", func(t *testing.T) {
1304+
t.Parallel()
1305+
ctx := testutil.Context(t, testutil.WaitShort)
1306+
1307+
auditor := audit.NewMock()
1308+
fake := oidctest.NewFakeIDP(t,
1309+
oidctest.WithRefresh(func(_ string) error {
1310+
return xerrors.New("refreshing token should never occur")
1311+
}),
1312+
oidctest.WithServing(),
1313+
)
1314+
cfg := fake.OIDCConfig(t, nil, func(cfg *coderd.OIDCConfig) {
1315+
cfg.AllowSignups = true
1316+
})
1317+
1318+
logger := slogtest.Make(t, &slogtest.Options{IgnoreErrors: true}).Leveled(slog.LevelDebug)
1319+
owner, db := coderdtest.NewWithDatabase(t, &coderdtest.Options{
1320+
Auditor: auditor,
1321+
OIDCConfig: cfg,
1322+
Logger: &logger,
1323+
})
1324+
1325+
user := dbgen.User(t, db, database.User{
1326+
LoginType: database.LoginTypeOIDC,
1327+
Status: database.UserStatusDormant,
1328+
})
1329+
auditor.ResetLogs()
1330+
1331+
client, resp := fake.AttemptLogin(t, owner, jwt.MapClaims{
1332+
"email": user.Email,
1333+
})
1334+
require.Equal(t, http.StatusOK, resp.StatusCode)
1335+
1336+
auditor.Contains(t, database.AuditLog{
1337+
ResourceType: database.ResourceTypeUser,
1338+
AdditionalFields: json.RawMessage(`{"automatic_actor":"coder","automatic_subsystem":"dormancy"}`),
1339+
})
1340+
me, err := client.User(ctx, "me")
1341+
require.NoError(t, err)
1342+
1343+
require.Equal(t, codersdk.UserStatusActive, me.Status)
1344+
})
1345+
13031346
t.Run("OIDCConvert", func(t *testing.T) {
13041347
t.Parallel()
13051348

enterprise/coderd/dormancy/dormantusersjob.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ func CheckInactiveUsersWithOptions(ctx context.Context, logger slog.Logger, clk
5959
Old: database.User{ID: u.ID, Username: u.Username, Status: database.UserStatusActive},
6060
New: database.User{ID: u.ID, Username: u.Username, Status: database.UserStatusDormant},
6161
Status: http.StatusOK,
62-
AdditionalFields: audit.BackgroundTaskFields(ctx, logger, audit.BackgroundSubsystemDormancy),
62+
AdditionalFields: audit.BackgroundTaskFieldsBytes(ctx, logger, audit.BackgroundSubsystemDormancy),
6363
})
6464
}
6565
logger.Debug(ctx, "checking user accounts is done", slog.F("num_dormant_accounts", len(updatedUsers)), slog.F("execution_time", time.Since(startTime)))

0 commit comments

Comments
 (0)