coder
diff --git a/‎agent/agent.go
Lines changed: 28 additions & 15 deletions b/‎agent/agent.go
Lines changed: 28 additions & 15 deletions
diff --git a/‎agent/agent_test.go
Lines changed: 10 additions & 13 deletions b/‎agent/agent_test.go
Lines changed: 10 additions & 13 deletions
diff --git a/‎cli/server.go
Lines changed: 15 additions & 10 deletions b/‎cli/server.go
Lines changed: 15 additions & 10 deletions
diff --git a/‎cli/server_test.go
Lines changed: 10 additions & 0 deletions b/‎cli/server_test.go
Lines changed: 10 additions & 0 deletions
diff --git a/‎coder.service
Lines changed: 1 addition & 0 deletions b/‎coder.service
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/audit/table.go
Lines changed: 1 addition & 0 deletions b/‎coderd/audit/table.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/coderd.go
Lines changed: 2 additions & 1 deletion b/‎coderd/coderd.go
Lines changed: 2 additions & 1 deletion
diff --git a/‎coderd/database/databasefake/databasefake.go
Lines changed: 17 additions & 0 deletions b/‎coderd/database/databasefake/databasefake.go
Lines changed: 17 additions & 0 deletions
diff --git a/‎coderd/database/dump.sql
Lines changed: 7 additions & 1 deletion b/‎coderd/database/dump.sql
Lines changed: 7 additions & 1 deletion
diff --git a/‎coderd/database/migrations/000007_user_status.down.sql
Lines changed: 4 additions & 0 deletions b/‎coderd/database/migrations/000007_user_status.down.sql
Lines changed: 4 additions & 0 deletions
@@ -33,12 +33,14 @@ import (
 	"golang.org/x/xerrors"
 )
 
-type Options struct {
-	EnvironmentVariables map[string]string
-	StartupScript        string
+type Metadata struct {
+	OwnerEmail           string            `json:"owner_email"`
+	OwnerUsername        string            `json:"owner_username"`
+	EnvironmentVariables map[string]string `json:"environment_variables"`
+	StartupScript        string            `json:"startup_script"`
 }
 
-type Dialer func(ctx context.Context, logger slog.Logger) (*Options, *peerbroker.Listener, error)
+type Dialer func(ctx context.Context, logger slog.Logger) (Metadata, *peerbroker.Listener, error)
 
 func New(dialer Dialer, logger slog.Logger) io.Closer {
 	ctx, cancelFunc := context.WithCancel(context.Background())
@@ -62,14 +64,16 @@ type agent struct {
 	closed        chan struct{}
 
 	// Environment variables sent by Coder to inject for shell sessions.
-	// This is atomic because values can change after reconnect.
+	// These are atomic because values can change after reconnect.
 	envVars       atomic.Value
+	ownerEmail    atomic.String
+	ownerUsername atomic.String
 	startupScript atomic.Bool
 	sshServer     *ssh.Server
 }
 
 func (a *agent) run(ctx context.Context) {
-	var options *Options
+	var options Metadata
 	var peerListener *peerbroker.Listener
 	var err error
 	// An exponential back-off occurs when the connection is failing to dial.
@@ -95,6 +99,8 @@ func (a *agent) run(ctx context.Context) {
 	default:
 	}
 	a.envVars.Store(options.EnvironmentVariables)
+	a.ownerEmail.Store(options.OwnerEmail)
+	a.ownerUsername.Store(options.OwnerUsername)
 
 	if a.startupScript.CAS(false, true) {
 		// The startup script has not ran yet!
@@ -303,8 +309,20 @@ func (a *agent) handleSSHSession(session ssh.Session) error {
 	}
 	cmd := exec.CommandContext(session.Context(), shell, caller, command)
 	cmd.Env = append(os.Environ(), session.Environ()...)
+	executablePath, err := os.Executable()
+	if err != nil {
+		return xerrors.Errorf("getting os executable: %w", err)
+	}
+	// Git on Windows resolves with UNIX-style paths.
+	// If using backslashes, it's unable to find the executable.
+	executablePath = strings.ReplaceAll(executablePath, "\\", "/")
+	cmd.Env = append(cmd.Env, fmt.Sprintf(`GIT_SSH_COMMAND=%s gitssh --`, executablePath))
+	// These prevent the user from having to specify _anything_ to successfully commit.
+	cmd.Env = append(cmd.Env, fmt.Sprintf(`GIT_AUTHOR_EMAIL=%s`, a.ownerEmail.Load()))
+	cmd.Env = append(cmd.Env, fmt.Sprintf(`GIT_AUTHOR_NAME=%s`, a.ownerUsername.Load()))
 
 	// Load environment variables passed via the agent.
+	// These should override all variables we manually specify.
 	envVars := a.envVars.Load()
 	if envVars != nil {
 		envVarMap, ok := envVars.(map[string]string)
@@ -315,22 +333,17 @@ func (a *agent) handleSSHSession(session ssh.Session) error {
 		}
 	}
 
-	executablePath, err := os.Executable()
-	if err != nil {
-		return xerrors.Errorf("getting os executable: %w", err)
-	}
-	// Git on Windows resolves with UNIX-style paths.
-	// If using backslashes, it's unable to find the executable.
-	executablePath = strings.ReplaceAll(executablePath, "\\", "/")
-	cmd.Env = append(cmd.Env, fmt.Sprintf(`GIT_SSH_COMMAND=%s gitssh --`, executablePath))
-
 	sshPty, windowSize, isPty := session.Pty()
 	if isPty {
 		cmd.Env = append(cmd.Env, fmt.Sprintf("TERM=%s", sshPty.Term))
 		ptty, process, err := pty.Start(cmd)
 		if err != nil {
 			return xerrors.Errorf("start command: %w", err)
 		}
+		err = ptty.Resize(uint16(sshPty.Window.Height), uint16(sshPty.Window.Width))
+		if err != nil {
+			return xerrors.Errorf("resize ptty: %w", err)
+		}
 		go func() {
 			for win := range windowSize {
 				err = ptty.Resize(uint16(win.Height), uint16(win.Width))
 
@@ -40,7 +40,7 @@ func TestAgent(t *testing.T) {
 	t.Parallel()
 	t.Run("SessionExec", func(t *testing.T) {
 		t.Parallel()
-		session := setupSSHSession(t, nil)
+		session := setupSSHSession(t, agent.Metadata{})
 
 		command := "echo test"
 		if runtime.GOOS == "windows" {
@@ -53,7 +53,7 @@ func TestAgent(t *testing.T) {
 
 	t.Run("GitSSH", func(t *testing.T) {
 		t.Parallel()
-		session := setupSSHSession(t, nil)
+		session := setupSSHSession(t, agent.Metadata{})
 		command := "sh -c 'echo $GIT_SSH_COMMAND'"
 		if runtime.GOOS == "windows" {
 			command = "cmd.exe /c echo %GIT_SSH_COMMAND%"
@@ -71,7 +71,7 @@ func TestAgent(t *testing.T) {
 			// it seems like it could be either.
 			t.Skip("ConPTY appears to be inconsistent on Windows.")
 		}
-		session := setupSSHSession(t, nil)
+		session := setupSSHSession(t, agent.Metadata{})
 		command := "bash"
 		if runtime.GOOS == "windows" {
 			command = "cmd.exe"
@@ -131,7 +131,7 @@ func TestAgent(t *testing.T) {
 
 	t.Run("SFTP", func(t *testing.T) {
 		t.Parallel()
-		sshClient, err := setupAgent(t, nil).SSHClient()
+		sshClient, err := setupAgent(t, agent.Metadata{}).SSHClient()
 		require.NoError(t, err)
 		client, err := sftp.NewClient(sshClient)
 		require.NoError(t, err)
@@ -148,7 +148,7 @@ func TestAgent(t *testing.T) {
 		t.Parallel()
 		key := "EXAMPLE"
 		value := "value"
-		session := setupSSHSession(t, &agent.Options{
+		session := setupSSHSession(t, agent.Metadata{
 			EnvironmentVariables: map[string]string{
 				key: value,
 			},
@@ -166,7 +166,7 @@ func TestAgent(t *testing.T) {
 		t.Parallel()
 		tempPath := filepath.Join(os.TempDir(), "content.txt")
 		content := "somethingnice"
-		setupAgent(t, &agent.Options{
+		setupAgent(t, agent.Metadata{
 			StartupScript: "echo " + content + " > " + tempPath,
 		})
 		var gotContent string
@@ -191,7 +191,7 @@ func TestAgent(t *testing.T) {
 }
 
 func setupSSHCommand(t *testing.T, beforeArgs []string, afterArgs []string) *exec.Cmd {
-	agentConn := setupAgent(t, nil)
+	agentConn := setupAgent(t, agent.Metadata{})
 	listener, err := net.Listen("tcp", "127.0.0.1:0")
 	require.NoError(t, err)
 	go func() {
@@ -219,20 +219,17 @@ func setupSSHCommand(t *testing.T, beforeArgs []string, afterArgs []string) *exe
 	return exec.Command("ssh", args...)
 }
 
-func setupSSHSession(t *testing.T, options *agent.Options) *ssh.Session {
+func setupSSHSession(t *testing.T, options agent.Metadata) *ssh.Session {
 	sshClient, err := setupAgent(t, options).SSHClient()
 	require.NoError(t, err)
 	session, err := sshClient.NewSession()
 	require.NoError(t, err)
 	return session
 }
 
-func setupAgent(t *testing.T, options *agent.Options) *agent.Conn {
-	if options == nil {
-		options = &agent.Options{}
-	}
+func setupAgent(t *testing.T, options agent.Metadata) *agent.Conn {
 	client, server := provisionersdk.TransportPipe()
-	closer := agent.New(func(ctx context.Context, logger slog.Logger) (*agent.Options, *peerbroker.Listener, error) {
+	closer := agent.New(func(ctx context.Context, logger slog.Logger) (agent.Metadata, *peerbroker.Listener, error) {
 		listener, err := peerbroker.Listen(server, nil)
 		return options, listener, err
 	}, slogtest.Make(t, nil).Leveled(slog.LevelDebug))
 
@@ -47,6 +47,13 @@ import (
 	"github.com/coder/coder/provisionersdk/proto"
 )
 
+var defaultDevUser = codersdk.CreateFirstUserRequest{
+	Email:            "admin@coder.com",
+	Username:         "developer",
+	Password:         "password",
+	OrganizationName: "acme-corp",
+}
+
 // nolint:gocyclo
 func server() *cobra.Command {
 	var (
@@ -275,6 +282,9 @@ func server() *cobra.Command {
 				if err != nil {
 					return xerrors.Errorf("create first user: %w", err)
 				}
+				_, _ = fmt.Fprintf(cmd.ErrOrStderr(), "email: %s\n", defaultDevUser.Email)
+				_, _ = fmt.Fprintf(cmd.ErrOrStderr(), "password: %s\n", defaultDevUser.Password)
+				_, _ = fmt.Fprintln(cmd.ErrOrStderr())
 
 				_, _ = fmt.Fprintf(cmd.ErrOrStderr(), cliui.Styles.Wrap.Render(`Started in dev mode. All data is in-memory! `+cliui.Styles.Bold.Render("Do not use in production")+`. Press `+
 					cliui.Styles.Field.Render("ctrl+c")+` to clean up provisioned infrastructure.`)+"\n\n")
@@ -293,7 +303,7 @@ func server() *cobra.Command {
 				if !hasFirstUser && err == nil {
 					// This could fail for a variety of TLS-related reasons.
 					// This is a helpful starter message, and not critical for user interaction.
-					_, _ = fmt.Fprint(cmd.ErrOrStderr(), cliui.Styles.Paragraph.Render(cliui.Styles.Wrap.Render(cliui.Styles.FocusedPrompt.String()+`Run `+cliui.Styles.Code.Render("coder login "+client.URL.String())+" in a new terminal to get started.\n")))
+					_, _ = fmt.Fprint(cmd.ErrOrStderr(), cliui.Styles.Paragraph.Render(cliui.Styles.Wrap.Render(cliui.Styles.FocusedPrompt.String()+`Run `+cliui.Styles.Code.Render("coder login "+accessURL)+" in a new terminal to get started.\n")))
 				}
 			}
 
@@ -400,7 +410,7 @@ func server() *cobra.Command {
 	cliflag.StringVarP(root.Flags(), &cacheDir, "cache-dir", "", "CACHE_DIRECTORY", filepath.Join(os.TempDir(), "coder-cache"), "Specifies a directory to cache binaries for provision operations.")
 	cliflag.BoolVarP(root.Flags(), &dev, "dev", "", "CODER_DEV_MODE", false, "Serve Coder in dev mode for tinkering")
 	cliflag.StringVarP(root.Flags(), &postgresURL, "postgres-url", "", "CODER_PG_CONNECTION_URL", "", "URL of a PostgreSQL database to connect to")
-	cliflag.Uint8VarP(root.Flags(), &provisionerDaemonCount, "provisioner-daemons", "", "CODER_PROVISIONER_DAEMONS", 1, "The amount of provisioner daemons to create on start.")
+	cliflag.Uint8VarP(root.Flags(), &provisionerDaemonCount, "provisioner-daemons", "", "CODER_PROVISIONER_DAEMONS", 3, "The amount of provisioner daemons to create on start.")
 	cliflag.StringVarP(root.Flags(), &oauth2GithubClientID, "oauth2-github-client-id", "", "CODER_OAUTH2_GITHUB_CLIENT_ID", "",
 		"Specifies a client ID to use for oauth2 with GitHub.")
 	cliflag.StringVarP(root.Flags(), &oauth2GithubClientSecret, "oauth2-github-client-secret", "", "CODER_OAUTH2_GITHUB_CLIENT_SECRET", "",
@@ -441,18 +451,13 @@ func server() *cobra.Command {
 }
 
 func createFirstUser(cmd *cobra.Command, client *codersdk.Client, cfg config.Root) error {
-	_, err := client.CreateFirstUser(cmd.Context(), codersdk.CreateFirstUserRequest{
-		Email:            "admin@coder.com",
-		Username:         "developer",
-		Password:         "password",
-		OrganizationName: "acme-corp",
-	})
+	_, err := client.CreateFirstUser(cmd.Context(), defaultDevUser)
 	if err != nil {
 		return xerrors.Errorf("create first user: %w", err)
 	}
 	token, err := client.LoginWithPassword(cmd.Context(), codersdk.LoginWithPasswordRequest{
-		Email:    "admin@coder.com",
-		Password: "password",
+		Email:    defaultDevUser.Email,
+		Password: defaultDevUser.Password,
 	})
 	if err != nil {
 		return xerrors.Errorf("login with first user: %w", err)
 
@@ -1,6 +1,7 @@
 package cli_test
 
 import (
+	"bytes"
 	"context"
 	"crypto/ecdsa"
 	"crypto/elliptic"
@@ -18,6 +19,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/goleak"
 
@@ -73,9 +75,17 @@ func TestServer(t *testing.T) {
 		ctx, cancelFunc := context.WithCancel(context.Background())
 		defer cancelFunc()
 		root, cfg := clitest.New(t, "server", "--dev", "--skip-tunnel", "--address", ":0")
+		var stdoutBuf bytes.Buffer
+		root.SetOutput(&stdoutBuf)
 		go func() {
 			err := root.ExecuteContext(ctx)
 			require.ErrorIs(t, err, context.Canceled)
+
+			// Verify that credentials were output to the terminal.
+			wantEmail := "email: admin@coder.com"
+			wantPassword := "password: password"
+			assert.Contains(t, stdoutBuf.String(), wantEmail, "expected output %q; got no match", wantEmail)
+			assert.Contains(t, stdoutBuf.String(), wantPassword, "expected output %q; got no match", wantPassword)
 		}()
 		var token string
 		require.Eventually(t, func() bool {
 
@@ -18,6 +18,7 @@ SecureBits=keep-caps
 AmbientCapabilities=CAP_IPC_LOCK
 CacheDirectory=coder
 CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK CAP_NET_BIND_SERVICE
+KillSignal=SIGINT
 NoNewPrivileges=yes
 ExecStart=/usr/bin/coder server
 Restart=on-failure
 
@@ -41,6 +41,7 @@ var AuditableResources = auditMap(map[any]map[string]Action{
 		"hashed_password": ActionSecret, // A user can change their own password.
 		"created_at":      ActionIgnore, // Never changes.
 		"updated_at":      ActionIgnore, // Changes, but is implicit and not helpful in a diff.
+		"status":          ActionTrack,  // A user can update another user status
 	},
 	&database.Workspace{}: {
 		"id":                 ActionIgnore, // Never changes.
 
@@ -182,6 +182,7 @@ func New(options *Options) (http.Handler, func()) {
 					r.Use(httpmw.ExtractUserParam(options.Database))
 					r.Get("/", api.userByName)
 					r.Put("/profile", api.putUserProfile)
+					r.Put("/suspend", api.putUserSuspend)
 					r.Get("/organizations", api.organizationsByUser)
 					r.Post("/organizations", api.postOrganizationsByUser)
 					r.Post("/keys", api.postAPIKey)
@@ -201,7 +202,7 @@ func New(options *Options) (http.Handler, func()) {
 			r.Post("/google-instance-identity", api.postWorkspaceAuthGoogleInstanceIdentity)
 			r.Route("/me", func(r chi.Router) {
 				r.Use(httpmw.ExtractWorkspaceAgent(options.Database))
-				r.Get("/", api.workspaceAgentMe)
+				r.Get("/metadata", api.workspaceAgentMetadata)
 				r.Get("/listen", api.workspaceAgentListen)
 				r.Get("/gitsshkey", api.agentGitSSHKey)
 				r.Get("/turn", api.workspaceAgentTurn)
 
@@ -1138,6 +1138,7 @@ func (q *fakeQuerier) InsertUser(_ context.Context, arg database.InsertUserParam
 		CreatedAt:      arg.CreatedAt,
 		UpdatedAt:      arg.UpdatedAt,
 		Username:       arg.Username,
+		Status:         database.UserStatusActive,
 	}
 	q.users = append(q.users, user)
 	return user, nil
@@ -1159,6 +1160,22 @@ func (q *fakeQuerier) UpdateUserProfile(_ context.Context, arg database.UpdateUs
 	return database.User{}, sql.ErrNoRows
 }
 
+func (q *fakeQuerier) UpdateUserStatus(_ context.Context, arg database.UpdateUserStatusParams) (database.User, error) {
+	q.mutex.Lock()
+	defer q.mutex.Unlock()
+
+	for index, user := range q.users {
+		if user.ID != arg.ID {
+			continue
+		}
+		user.Status = arg.Status
+		user.UpdatedAt = arg.UpdatedAt
+		q.users[index] = user
+		return user, nil
+	}
+	return database.User{}, sql.ErrNoRows
+}
+
 func (q *fakeQuerier) InsertWorkspace(_ context.Context, arg database.InsertWorkspaceParams) (database.Workspace, error) {
 	q.mutex.Lock()
 	defer q.mutex.Unlock()
 
@@ -0,0 +1,4 @@
+ALTER TABLE ONLY users
+    DROP COLUMN IF EXISTS status;
+
+DROP TYPE user_status;