coder
diff --git a/‎cli/scaletest.go
Lines changed: 17 additions & 2 deletions b/‎cli/scaletest.go
Lines changed: 17 additions & 2 deletions
diff --git a/‎cli/tokens.go
Lines changed: 1 addition & 1 deletion b/‎cli/tokens.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/apikey.go
Lines changed: 1 addition & 1 deletion b/‎coderd/apikey.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/audit.go
Lines changed: 1 addition & 1 deletion b/‎coderd/audit.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/authorize_test.go
Lines changed: 1 addition & 1 deletion b/‎coderd/authorize_test.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/httpapi/cookie.go
Lines changed: 3 additions & 3 deletions b/‎coderd/httpapi/cookie.go
Lines changed: 3 additions & 3 deletions
diff --git a/‎coderd/httpmw/apikey.go
Lines changed: 4 additions & 4 deletions b/‎coderd/httpmw/apikey.go
Lines changed: 4 additions & 4 deletions
diff --git a/‎coderd/httpmw/apikey_test.go
Lines changed: 15 additions & 15 deletions b/‎coderd/httpmw/apikey_test.go
Lines changed: 15 additions & 15 deletions
diff --git a/‎coderd/httpmw/authorize_test.go
Lines changed: 1 addition & 1 deletion b/‎coderd/httpmw/authorize_test.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/httpmw/csrf.go
Lines changed: 3 additions & 3 deletions b/‎coderd/httpmw/csrf.go
Lines changed: 3 additions & 3 deletions
diff --git a/‎coderd/httpmw/oauth2.go
Lines changed: 5 additions & 5 deletions b/‎coderd/httpmw/oauth2.go
Lines changed: 5 additions & 5 deletions
diff --git a/‎coderd/httpmw/oauth2_test.go
Lines changed: 2 additions & 2 deletions b/‎coderd/httpmw/oauth2_test.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎coderd/httpmw/organizationparam_test.go
Lines changed: 1 addition & 1 deletion b/‎coderd/httpmw/organizationparam_test.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/httpmw/ratelimit_test.go
Lines changed: 3 additions & 3 deletions b/‎coderd/httpmw/ratelimit_test.go
Lines changed: 3 additions & 3 deletions
diff --git a/‎coderd/httpmw/templateparam_test.go
Lines changed: 1 addition & 1 deletion b/‎coderd/httpmw/templateparam_test.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/httpmw/templateversionparam_test.go
Lines changed: 1 addition & 1 deletion b/‎coderd/httpmw/templateversionparam_test.go
Lines changed: 1 addition & 1 deletion
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"net/http"
 	"os"
 	"strconv"
 	"strings"
@@ -328,7 +329,14 @@ func scaletestCleanup() *cobra.Command {
 				return err
 			}
 
-			client.BypassRatelimits = true
+			client.HTTPClient = &http.Client{
+				Transport: &headerTransport{
+					transport: http.DefaultTransport,
+					headers: map[string]string{
+						codersdk.BypassRatelimitHeader: "true",
+					},
+				},
+			}
 
 			cmd.PrintErrln("Fetching scaletest workspaces...")
 			var (
@@ -506,7 +514,14 @@ It is recommended that all rate limits are disabled on the server before running
 				return err
 			}
 
-			client.BypassRatelimits = true
+			client.HTTPClient = &http.Client{
+				Transport: &headerTransport{
+					transport: http.DefaultTransport,
+					headers: map[string]string{
+						codersdk.BypassRatelimitHeader: "true",
+					},
+				},
+			}
 
 			if count <= 0 {
 				return xerrors.Errorf("--count is required and must be greater than 0")
 
@@ -73,7 +73,7 @@ func createToken() *cobra.Command {
 			cmd.Println(cliui.Styles.Code.Render(strings.TrimSpace(res.Key)))
 			cmd.Println()
 			cmd.Println(cliui.Styles.Wrap.Render(
-				fmt.Sprintf("You can use this token by setting the --%s CLI flag, the %s environment variable, or the %q HTTP header.", varToken, envSessionToken, codersdk.SessionCustomHeader),
+				fmt.Sprintf("You can use this token by setting the --%s CLI flag, the %s environment variable, or the %q HTTP header.", varToken, envSessionToken, codersdk.SessionTokenHeader),
 			))
 
 			return nil
 
@@ -343,7 +343,7 @@ func (api *API) createAPIKey(ctx context.Context, params createAPIKeyParams) (*h
 	// This format is consumed by the APIKey middleware.
 	sessionToken := fmt.Sprintf("%s-%s", keyID, keySecret)
 	return &http.Cookie{
-		Name:     codersdk.SessionTokenKey,
+		Name:     codersdk.SessionTokenCookie,
 		Value:    sessionToken,
 		Path:     "/",
 		HttpOnly: true,
 
@@ -261,7 +261,7 @@ func (api *API) convertAuditLog(ctx context.Context, dblog database.GetAuditLogs
 
 func auditLogDescription(alog database.GetAuditLogsOffsetRow, additionalFields AdditionalFields) string {
 	str := fmt.Sprintf("{user} %s",
-		codersdk.AuditAction(alog.Action).FriendlyString(),
+		codersdk.AuditAction(alog.Action).Friendly(),
 	)
 
 	// Strings for starting/stopping workspace builds follow the below format:
 
@@ -133,7 +133,7 @@ func TestCheckPermissions(t *testing.T) {
 			ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
 			t.Cleanup(cancel)
 
-			resp, err := c.Client.CheckAuthorization(ctx, codersdk.AuthorizationRequest{Checks: params})
+			resp, err := c.Client.AuthCheck(ctx, codersdk.AuthorizationRequest{Checks: params})
 			require.NoError(t, err, "check perms")
 			require.Equal(t, c.Check, resp)
 		})
 
@@ -20,9 +20,9 @@ func StripCoderCookies(header string) string {
 			continue
 		}
 		name, _, _ := strings.Cut(part, "=")
-		if name == codersdk.SessionTokenKey ||
-			name == codersdk.OAuth2StateKey ||
-			name == codersdk.OAuth2RedirectKey {
+		if name == codersdk.SessionTokenCookie ||
+			name == codersdk.OAuth2StateCookie ||
+			name == codersdk.OAuth2RedirectCookie {
 			continue
 		}
 		cookies = append(cookies, part)
 
@@ -144,7 +144,7 @@ func ExtractAPIKey(cfg ExtractAPIKeyConfig) func(http.Handler) http.Handler {
 			if token == "" {
 				optionalWrite(http.StatusUnauthorized, codersdk.Response{
 					Message: SignedOutErrorMessage,
-					Detail:  fmt.Sprintf("Cookie %q or query parameter must be provided.", codersdk.SessionTokenKey),
+					Detail:  fmt.Sprintf("Cookie %q or query parameter must be provided.", codersdk.SessionTokenCookie),
 				})
 				return
 			}
@@ -364,17 +364,17 @@ func ExtractAPIKey(cfg ExtractAPIKeyConfig) func(http.Handler) http.Handler {
 // 4. The coder_session_token query parameter
 // 5. The custom auth header
 func apiTokenFromRequest(r *http.Request) string {
-	cookie, err := r.Cookie(codersdk.SessionTokenKey)
+	cookie, err := r.Cookie(codersdk.SessionTokenCookie)
 	if err == nil && cookie.Value != "" {
 		return cookie.Value
 	}
 
-	urlValue := r.URL.Query().Get(codersdk.SessionTokenKey)
+	urlValue := r.URL.Query().Get(codersdk.SessionTokenCookie)
 	if urlValue != "" {
 		return urlValue
 	}
 
-	headerValue := r.Header.Get(codersdk.SessionCustomHeader)
+	headerValue := r.Header.Get(codersdk.SessionTokenHeader)
 	if headerValue != "" {
 		return headerValue
 	}
 
@@ -82,7 +82,7 @@ func TestAPIKey(t *testing.T) {
 			r  = httptest.NewRequest("GET", "/", nil)
 			rw = httptest.NewRecorder()
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, "test-wow-hello")
+		r.Header.Set(codersdk.SessionTokenHeader, "test-wow-hello")
 
 		httpmw.ExtractAPIKey(httpmw.ExtractAPIKeyConfig{
 			DB:              db,
@@ -100,7 +100,7 @@ func TestAPIKey(t *testing.T) {
 			r  = httptest.NewRequest("GET", "/", nil)
 			rw = httptest.NewRecorder()
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, "test-wow")
+		r.Header.Set(codersdk.SessionTokenHeader, "test-wow")
 
 		httpmw.ExtractAPIKey(httpmw.ExtractAPIKeyConfig{
 			DB:              db,
@@ -118,7 +118,7 @@ func TestAPIKey(t *testing.T) {
 			r  = httptest.NewRequest("GET", "/", nil)
 			rw = httptest.NewRecorder()
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, "testtestid-wow")
+		r.Header.Set(codersdk.SessionTokenHeader, "testtestid-wow")
 
 		httpmw.ExtractAPIKey(httpmw.ExtractAPIKeyConfig{
 			DB:              db,
@@ -137,7 +137,7 @@ func TestAPIKey(t *testing.T) {
 			r          = httptest.NewRequest("GET", "/", nil)
 			rw         = httptest.NewRecorder()
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))
 
 		httpmw.ExtractAPIKey(httpmw.ExtractAPIKeyConfig{
 			DB:              db,
@@ -157,7 +157,7 @@ func TestAPIKey(t *testing.T) {
 			rw         = httptest.NewRecorder()
 			user       = createUser(r.Context(), t, db)
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))
 
 		// Use a different secret so they don't match!
 		hashed := sha256.Sum256([]byte("differentsecret"))
@@ -188,7 +188,7 @@ func TestAPIKey(t *testing.T) {
 			rw         = httptest.NewRecorder()
 			user       = createUser(r.Context(), t, db)
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))
 
 		_, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
 			ID:           id,
@@ -217,7 +217,7 @@ func TestAPIKey(t *testing.T) {
 			rw         = httptest.NewRecorder()
 			user       = createUser(r.Context(), t, db)
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))
 
 		sentAPIKey, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
 			ID:           id,
@@ -259,7 +259,7 @@ func TestAPIKey(t *testing.T) {
 			user       = createUser(r.Context(), t, db)
 		)
 		r.AddCookie(&http.Cookie{
-			Name:  codersdk.SessionTokenKey,
+			Name:  codersdk.SessionTokenCookie,
 			Value: fmt.Sprintf("%s-%s", id, secret),
 		})
 
@@ -302,7 +302,7 @@ func TestAPIKey(t *testing.T) {
 			user       = createUser(r.Context(), t, db)
 		)
 		q := r.URL.Query()
-		q.Add(codersdk.SessionTokenKey, fmt.Sprintf("%s-%s", id, secret))
+		q.Add(codersdk.SessionTokenCookie, fmt.Sprintf("%s-%s", id, secret))
 		r.URL.RawQuery = q.Encode()
 
 		_, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
@@ -339,7 +339,7 @@ func TestAPIKey(t *testing.T) {
 			rw         = httptest.NewRecorder()
 			user       = createUser(r.Context(), t, db)
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))
 
 		sentAPIKey, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
 			ID:           id,
@@ -376,7 +376,7 @@ func TestAPIKey(t *testing.T) {
 			rw         = httptest.NewRecorder()
 			user       = createUser(r.Context(), t, db)
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))
 
 		sentAPIKey, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
 			ID:           id,
@@ -413,7 +413,7 @@ func TestAPIKey(t *testing.T) {
 			rw         = httptest.NewRecorder()
 			user       = createUser(r.Context(), t, db)
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))
 
 		sentAPIKey, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
 			ID:           id,
@@ -457,7 +457,7 @@ func TestAPIKey(t *testing.T) {
 			rw         = httptest.NewRecorder()
 			user       = createUser(r.Context(), t, db)
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))
 
 		sentAPIKey, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
 			ID:           id,
@@ -514,7 +514,7 @@ func TestAPIKey(t *testing.T) {
 			user       = createUser(r.Context(), t, db)
 		)
 		r.RemoteAddr = "1.1.1.1"
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))
 
 		_, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
 			ID:           id,
@@ -602,7 +602,7 @@ func TestAPIKey(t *testing.T) {
 			rw         = httptest.NewRecorder()
 			user       = createUser(r.Context(), t, db)
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))
 
 		sentAPIKey, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
 			ID:           id,
 
@@ -131,7 +131,7 @@ func TestExtractUserRoles(t *testing.T) {
 			})
 
 			req := httptest.NewRequest("GET", "/", nil)
-			req.Header.Set(codersdk.SessionCustomHeader, token)
+			req.Header.Set(codersdk.SessionTokenHeader, token)
 
 			rtr.ServeHTTP(rw, req)
 			resp := rw.Result()
 
@@ -41,19 +41,19 @@ func CSRF(secureCookie bool) func(next http.Handler) http.Handler {
 			// CSRF only affects requests that automatically attach credentials via a cookie.
 			// If no cookie is present, then there is no risk of CSRF.
 			//nolint:govet
-			sessCookie, err := r.Cookie(codersdk.SessionTokenKey)
+			sessCookie, err := r.Cookie(codersdk.SessionTokenCookie)
 			if xerrors.Is(err, http.ErrNoCookie) {
 				return true
 			}
 
-			if token := r.Header.Get(codersdk.SessionCustomHeader); token == sessCookie.Value {
+			if token := r.Header.Get(codersdk.SessionTokenHeader); token == sessCookie.Value {
 				// If the cookie and header match, we can assume this is the same as just using the
 				// custom header auth. Custom header auth can bypass CSRF, as CSRF attacks
 				// cannot add custom headers.
 				return true
 			}
 
-			if token := r.URL.Query().Get(codersdk.SessionTokenKey); token == sessCookie.Value {
+			if token := r.URL.Query().Get(codersdk.SessionTokenCookie); token == sessCookie.Value {
 				// If the auth is set in a url param and matches the cookie, it
 				// is the same as just using the url param.
 				return true
 
@@ -71,7 +71,7 @@ func ExtractOAuth2(config OAuth2Config, client *http.Client) func(http.Handler)
 				}
 
 				http.SetCookie(rw, &http.Cookie{
-					Name:     codersdk.OAuth2StateKey,
+					Name:     codersdk.OAuth2StateCookie,
 					Value:    state,
 					Path:     "/",
 					HttpOnly: true,
@@ -80,7 +80,7 @@ func ExtractOAuth2(config OAuth2Config, client *http.Client) func(http.Handler)
 				// Redirect must always be specified, otherwise
 				// an old redirect could apply!
 				http.SetCookie(rw, &http.Cookie{
-					Name:     codersdk.OAuth2RedirectKey,
+					Name:     codersdk.OAuth2RedirectCookie,
 					Value:    r.URL.Query().Get("redirect"),
 					Path:     "/",
 					HttpOnly: true,
@@ -98,10 +98,10 @@ func ExtractOAuth2(config OAuth2Config, client *http.Client) func(http.Handler)
 				return
 			}
 
-			stateCookie, err := r.Cookie(codersdk.OAuth2StateKey)
+			stateCookie, err := r.Cookie(codersdk.OAuth2StateCookie)
 			if err != nil {
 				httpapi.Write(ctx, rw, http.StatusUnauthorized, codersdk.Response{
-					Message: fmt.Sprintf("Cookie %q must be provided.", codersdk.OAuth2StateKey),
+					Message: fmt.Sprintf("Cookie %q must be provided.", codersdk.OAuth2StateCookie),
 				})
 				return
 			}
@@ -113,7 +113,7 @@ func ExtractOAuth2(config OAuth2Config, client *http.Client) func(http.Handler)
 			}
 
 			var redirect string
-			stateRedirect, err := r.Cookie(codersdk.OAuth2RedirectKey)
+			stateRedirect, err := r.Cookie(codersdk.OAuth2RedirectCookie)
 			if err == nil {
 				redirect = stateRedirect.Value
 			}
 
@@ -73,7 +73,7 @@ func TestOAuth2(t *testing.T) {
 		t.Parallel()
 		req := httptest.NewRequest("GET", "/?code=something&state=test", nil)
 		req.AddCookie(&http.Cookie{
-			Name:  codersdk.OAuth2StateKey,
+			Name:  codersdk.OAuth2StateCookie,
 			Value: "mismatch",
 		})
 		res := httptest.NewRecorder()
@@ -84,7 +84,7 @@ func TestOAuth2(t *testing.T) {
 		t.Parallel()
 		req := httptest.NewRequest("GET", "/?code=test&state=something", nil)
 		req.AddCookie(&http.Cookie{
-			Name:  codersdk.OAuth2StateKey,
+			Name:  codersdk.OAuth2StateCookie,
 			Value: "something",
 		})
 		req.AddCookie(&http.Cookie{
 
@@ -29,7 +29,7 @@ func TestOrganizationParam(t *testing.T) {
 			r          = httptest.NewRequest("GET", "/", nil)
 			hashed     = sha256.Sum256([]byte(secret))
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))
 
 		userID := uuid.New()
 		username, err := cryptorand.String(8)
 
@@ -111,7 +111,7 @@ func TestRateLimit(t *testing.T) {
 
 		// Bypass must fail
 		req := httptest.NewRequest("GET", "/", nil)
-		req.Header.Set(codersdk.SessionCustomHeader, key)
+		req.Header.Set(codersdk.SessionTokenHeader, key)
 		req.Header.Set(codersdk.BypassRatelimitHeader, "true")
 		rec := httptest.NewRecorder()
 		// Assert we're not using IP address.
@@ -123,7 +123,7 @@ func TestRateLimit(t *testing.T) {
 
 		require.Eventually(t, func() bool {
 			req := httptest.NewRequest("GET", "/", nil)
-			req.Header.Set(codersdk.SessionCustomHeader, key)
+			req.Header.Set(codersdk.SessionTokenHeader, key)
 			rec := httptest.NewRecorder()
 			// Assert we're not using IP address.
 			req.RemoteAddr = randRemoteAddr()
@@ -160,7 +160,7 @@ func TestRateLimit(t *testing.T) {
 
 		require.Never(t, func() bool {
 			req := httptest.NewRequest("GET", "/", nil)
-			req.Header.Set(codersdk.SessionCustomHeader, key)
+			req.Header.Set(codersdk.SessionTokenHeader, key)
 			req.Header.Set(codersdk.BypassRatelimitHeader, "true")
 			rec := httptest.NewRecorder()
 			// Assert we're not using IP address.
 
@@ -29,7 +29,7 @@ func TestTemplateParam(t *testing.T) {
 			hashed     = sha256.Sum256([]byte(secret))
 		)
 		r := httptest.NewRequest("GET", "/", nil)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))
 
 		userID := uuid.New()
 		username, err := cryptorand.String(8)
 
@@ -29,7 +29,7 @@ func TestTemplateVersionParam(t *testing.T) {
 			hashed     = sha256.Sum256([]byte(secret))
 		)
 		r := httptest.NewRequest("GET", "/", nil)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))
 
 		userID := uuid.New()
 		username, err := cryptorand.String(8)
Original file line number	Diff line number	Diff line change
`@@ -261,7 +261,7 @@ func (api *API) convertAuditLog(ctx context.Context, dblog database.GetAuditLogs`
`261`	`261`
`262`	`262`	`func auditLogDescription(alog database.GetAuditLogsOffsetRow, additionalFields AdditionalFields) string {`
`263`	`263`	`str := fmt.Sprintf("{user} %s",`
`264`		`- codersdk.AuditAction(alog.Action).FriendlyString(),`
	`264`	`+ codersdk.AuditAction(alog.Action).Friendly(),`
`265`	`265`	`)`
`266`	`266`
`267`	`267`	`// Strings for starting/stopping workspace builds follow the below format:`
Original file line number	Diff line number	Diff line change
`@@ -20,9 +20,9 @@ func StripCoderCookies(header string) string {`
`20`	`20`	`continue`
`21`	`21`	`}`
`22`	`22`	`name, _, _ := strings.Cut(part, "=")`
`23`		`- if name == codersdk.SessionTokenKey \|\|`
`24`		`- name == codersdk.OAuth2StateKey \|\|`
`25`		`- name == codersdk.OAuth2RedirectKey {`
	`23`	`+ if name == codersdk.SessionTokenCookie \|\|`
	`24`	`+ name == codersdk.OAuth2StateCookie \|\|`
	`25`	`+ name == codersdk.OAuth2RedirectCookie {`
`26`	`26`	`continue`
`27`	`27`	`}`
`28`	`28`	`cookies = append(cookies, part)`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ func TestOrganizationParam(t *testing.T) {`
`29`	`29`	`r = httptest.NewRequest("GET", "/", nil)`
`30`	`30`	`hashed = sha256.Sum256([]byte(secret))`
`31`	`31`	`)`
`32`		`- r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))`
	`32`	`+ r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))`
`33`	`33`
`34`	`34`	`userID := uuid.New()`
`35`	`35`	`username, err := cryptorand.String(8)`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ func TestTemplateParam(t *testing.T) {`
`29`	`29`	`hashed = sha256.Sum256([]byte(secret))`
`30`	`30`	`)`
`31`	`31`	`r := httptest.NewRequest("GET", "/", nil)`
`32`		`- r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))`
	`32`	`+ r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))`
`33`	`33`
`34`	`34`	`userID := uuid.New()`
`35`	`35`	`username, err := cryptorand.String(8)`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ func TestTemplateVersionParam(t *testing.T) {`
`29`	`29`	`hashed = sha256.Sum256([]byte(secret))`
`30`	`30`	`)`
`31`	`31`	`r := httptest.NewRequest("GET", "/", nil)`
`32`		`- r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))`
	`32`	`+ r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))`
`33`	`33`
`34`	`34`	`userID := uuid.New()`
`35`	`35`	`username, err := cryptorand.String(8)`