Add to add instances

Emyrk · Emyrk · commit f9a637dbb1d3 · 2023-11-21T16:46:12.000-06:00
diff --git a/coderd/coderdtest/oidctest/helper.go b/coderd/coderdtest/oidctest/helper.go
@@ -2,6 +2,7 @@ package oidctest
 
 import (
 	"database/sql"
+	"encoding/json"
 	"net/http"
 	"testing"
 	"time"
@@ -77,6 +78,7 @@ func (*LoginHelper) ExpireOauthToken(t *testing.T, db database.Store, user *code
 		OAuthExpiry:            time.Now().Add(time.Hour * -1),
 		UserID:                 link.UserID,
 		LoginType:              link.LoginType,
+		DebugContext:           json.RawMessage("{}"),
 	})
 	require.NoError(t, err, "expire user link")
 
diff --git a/coderd/database/dbgen/dbgen.go b/coderd/database/dbgen/dbgen.go
@@ -513,6 +513,7 @@ func UserLink(t testing.TB, db database.Store, orig database.UserLink) database.
 		OAuthRefreshToken:      takeFirst(orig.OAuthRefreshToken, uuid.NewString()),
 		OAuthRefreshTokenKeyID: takeFirst(orig.OAuthRefreshTokenKeyID, sql.NullString{}),
 		OAuthExpiry:            takeFirst(orig.OAuthExpiry, dbtime.Now().Add(time.Hour*24)),
+		DebugContext:           takeFirstSlice(orig.DebugContext, json.RawMessage("{}")),
 	})
 
 	require.NoError(t, err, "insert link")
diff --git a/coderd/database/dbmem/dbmem.go b/coderd/database/dbmem/dbmem.go
@@ -5094,6 +5094,7 @@ func (q *FakeQuerier) InsertUserLink(_ context.Context, args database.InsertUser
 		OAuthRefreshToken:      args.OAuthRefreshToken,
 		OAuthRefreshTokenKeyID: args.OAuthRefreshTokenKeyID,
 		OAuthExpiry:            args.OAuthExpiry,
+		DebugContext:           args.DebugContext,
 	}
 
 	q.userLinks = append(q.userLinks, link)
@@ -6176,6 +6177,7 @@ func (q *FakeQuerier) UpdateUserLink(_ context.Context, params database.UpdateUs
 			link.OAuthRefreshToken = params.OAuthRefreshToken
 			link.OAuthRefreshTokenKeyID = params.OAuthRefreshTokenKeyID
 			link.OAuthExpiry = params.OAuthExpiry
+			link.DebugContext = params.DebugContext
 
 			q.userLinks[i] = link
 			return link, nil
diff --git a/coderd/httpmw/apikey.go b/coderd/httpmw/apikey.go
@@ -378,6 +378,9 @@ func ExtractAPIKey(rw http.ResponseWriter, r *http.Request, cfg ExtractAPIKeyCon
 				OAuthRefreshToken:      link.OAuthRefreshToken,
 				OAuthRefreshTokenKeyID: sql.NullString{}, // dbcrypt will update as required
 				OAuthExpiry:            link.OAuthExpiry,
+				// Refresh should keep the same debug context because we use
+				// the original claims for the group/role sync.
+				DebugContext: link.DebugContext,
 			})
 			if err != nil {
 				return write(http.StatusInternalServerError, codersdk.Response{
diff --git a/coderd/provisionerdserver/provisionerdserver.go b/coderd/provisionerdserver/provisionerdserver.go
@@ -1674,6 +1674,7 @@ func obtainOIDCAccessToken(ctx context.Context, db database.Store, oidcConfig ht
 			OAuthRefreshToken:      link.OAuthRefreshToken,
 			OAuthRefreshTokenKeyID: sql.NullString{}, // set by dbcrypt if required
 			OAuthExpiry:            link.OAuthExpiry,
+			DebugContext:           link.DebugContext,
 		})
 		if err != nil {
 			return "", xerrors.Errorf("update user link: %w", err)
diff --git a/coderd/users.go b/coderd/users.go
@@ -58,6 +58,7 @@ func (api *API) userDebugOIDC(rw http.ResponseWriter, r *http.Request) {
 			Message: "Failed to get user links.",
 			Detail:  err.Error(),
 		})
+		return
 	}
 
 	// This will encode properly because it is a json.RawMessage.
diff --git a/enterprise/dbcrypt/cliutil.go b/enterprise/dbcrypt/cliutil.go
@@ -43,6 +43,7 @@ func Rotate(ctx context.Context, log slog.Logger, sqlDB *sql.DB, ciphers []Ciphe
 					OAuthExpiry:            userLink.OAuthExpiry,
 					UserID:                 uid,
 					LoginType:              userLink.LoginType,
+					DebugContext:           userLink.DebugContext,
 				}); err != nil {
 					return xerrors.Errorf("update user link user_id=%s linked_id=%s: %w", userLink.UserID, userLink.LinkedID, err)
 				}
@@ -132,6 +133,7 @@ func Decrypt(ctx context.Context, log slog.Logger, sqlDB *sql.DB, ciphers []Ciph
 					OAuthExpiry:            userLink.OAuthExpiry,
 					UserID:                 uid,
 					LoginType:              userLink.LoginType,
+					DebugContext:           userLink.DebugContext,
 				}); err != nil {
 					return xerrors.Errorf("update user link user_id=%s linked_id=%s: %w", userLink.UserID, userLink.LinkedID, err)
 				}
diff --git a/enterprise/dbcrypt/dbcrypt_internal_test.go b/enterprise/dbcrypt/dbcrypt_internal_test.go
@@ -5,6 +5,7 @@ import (
 	"crypto/rand"
 	"database/sql"
 	"encoding/base64"
+	"encoding/json"
 	"io"
 	"testing"
 
@@ -55,6 +56,7 @@ func TestUserLinks(t *testing.T) {
 			OAuthRefreshToken: "refresh",
 			UserID:            link.UserID,
 			LoginType:         link.LoginType,
+			DebugContext:      json.RawMessage("{}"),
 		})
 		require.NoError(t, err)
 		require.Equal(t, "access", updated.OAuthAccessToken)

Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,7 @@ func (api API) userDebugOIDC(rw http.ResponseWriter, r http.Request) {`
`58`	`58`	`Message: "Failed to get user links.",`
`59`	`59`	`Detail: err.Error(),`
`60`	`60`	`})`
	`61`	`+ return`
`61`	`62`	`}`
`62`	`63`
`63`	`64`	`// This will encode properly because it is a json.RawMessage.`