diff --git a/coderd/coderd.go b/coderd/coderd.go index cabf63c34bd98..6cb43b71dd7a7 100644 --- a/coderd/coderd.go +++ b/coderd/coderd.go @@ -652,7 +652,7 @@ func New(options *Options) *API { r.Get("/roles", api.assignableOrgRoles) r.Route("/{user}", func(r chi.Router) { r.Use( - httpmw.ExtractUserParam(options.Database, false), + httpmw.ExtractUserParam(options.Database), httpmw.ExtractOrganizationMemberParam(options.Database), ) r.Put("/roles", api.putMemberRoles) @@ -741,7 +741,7 @@ func New(options *Options) *API { r.Get("/", api.assignableSiteRoles) }) r.Route("/{user}", func(r chi.Router) { - r.Use(httpmw.ExtractUserParam(options.Database, false)) + r.Use(httpmw.ExtractUserParam(options.Database)) r.Post("/convert-login", api.postConvertLoginType) r.Delete("/", api.deleteUser) r.Get("/", api.userByName) diff --git a/coderd/httpmw/organizationparam_test.go b/coderd/httpmw/organizationparam_test.go index f375b13bb0a85..0457168132e9a 100644 --- a/coderd/httpmw/organizationparam_test.go +++ b/coderd/httpmw/organizationparam_test.go @@ -125,7 +125,7 @@ func TestOrganizationParam(t *testing.T) { DB: db, RedirectToLogin: false, }), - httpmw.ExtractUserParam(db, false), + httpmw.ExtractUserParam(db), httpmw.ExtractOrganizationParam(db), httpmw.ExtractOrganizationMemberParam(db), ) @@ -157,7 +157,7 @@ func TestOrganizationParam(t *testing.T) { RedirectToLogin: false, }), httpmw.ExtractOrganizationParam(db), - httpmw.ExtractUserParam(db, false), + httpmw.ExtractUserParam(db), httpmw.ExtractOrganizationMemberParam(db), ) rtr.Get("/", func(rw http.ResponseWriter, r *http.Request) { diff --git a/coderd/httpmw/userparam.go b/coderd/httpmw/userparam.go index e58f3c7bc512f..8a8310672cb93 100644 --- a/coderd/httpmw/userparam.go +++ b/coderd/httpmw/userparam.go @@ -34,9 +34,7 @@ func UserParam(r *http.Request) database.User { // ExtractUserParam extracts a user from an ID/username in the {user} URL // parameter. -// -//nolint:revive -func ExtractUserParam(db database.Store, redirectToLoginOnMe bool) func(http.Handler) http.Handler { +func ExtractUserParam(db database.Store) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { ctx := r.Context() @@ -44,7 +42,7 @@ func ExtractUserParam(db database.Store, redirectToLoginOnMe bool) func(http.Han // organizations/{organization}/members/{user}/ paths, and we need to allow // org-admins to call these paths --- they might not have sitewide read permissions on users. // nolint:gocritic - user, ok := extractUserContext(dbauthz.AsSystemRestricted(ctx), db, rw, r, redirectToLoginOnMe) + user, ok := extractUserContext(dbauthz.AsSystemRestricted(ctx), db, rw, r) if !ok { // response already handled return @@ -56,9 +54,7 @@ func ExtractUserParam(db database.Store, redirectToLoginOnMe bool) func(http.Han } // extractUserContext queries the database for the parameterized `{user}` from the request URL. -// -//nolint:revive -func extractUserContext(ctx context.Context, db database.Store, rw http.ResponseWriter, r *http.Request, redirectToLoginOnMe bool) (user database.User, ok bool) { +func extractUserContext(ctx context.Context, db database.Store, rw http.ResponseWriter, r *http.Request) (user database.User, ok bool) { // userQuery is either a uuid, a username, or 'me' userQuery := chi.URLParam(r, "user") if userQuery == "" { @@ -71,11 +67,6 @@ func extractUserContext(ctx context.Context, db database.Store, rw http.Response if userQuery == "me" { apiKey, ok := APIKeyOptional(r) if !ok { - if redirectToLoginOnMe { - RedirectToLogin(rw, r, nil, SignedOutErrorMessage) - return database.User{}, false - } - httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ Message: "Cannot use \"me\" without a valid session.", }) diff --git a/coderd/httpmw/userparam_test.go b/coderd/httpmw/userparam_test.go index bd1b5b2b277c7..040948ff60cf3 100644 --- a/coderd/httpmw/userparam_test.go +++ b/coderd/httpmw/userparam_test.go @@ -44,7 +44,7 @@ func TestUserParam(t *testing.T) { r = returnedRequest })).ServeHTTP(rw, r) - httpmw.ExtractUserParam(db, false)(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { + httpmw.ExtractUserParam(db)(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { rw.WriteHeader(http.StatusOK) })).ServeHTTP(rw, r) res := rw.Result() @@ -66,7 +66,7 @@ func TestUserParam(t *testing.T) { routeContext := chi.NewRouteContext() routeContext.URLParams.Add("user", "ben") r = r.WithContext(context.WithValue(r.Context(), chi.RouteCtxKey, routeContext)) - httpmw.ExtractUserParam(db, false)(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { + httpmw.ExtractUserParam(db)(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { rw.WriteHeader(http.StatusOK) })).ServeHTTP(rw, r) res := rw.Result() @@ -88,7 +88,7 @@ func TestUserParam(t *testing.T) { routeContext := chi.NewRouteContext() routeContext.URLParams.Add("user", "me") r = r.WithContext(context.WithValue(r.Context(), chi.RouteCtxKey, routeContext)) - httpmw.ExtractUserParam(db, false)(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { + httpmw.ExtractUserParam(db)(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { _ = httpmw.UserParam(r) rw.WriteHeader(http.StatusOK) })).ServeHTTP(rw, r) diff --git a/coderd/httpmw/workspaceparam_test.go b/coderd/httpmw/workspaceparam_test.go index 7e3be16b89a34..d65fb53f8f28d 100644 --- a/coderd/httpmw/workspaceparam_test.go +++ b/coderd/httpmw/workspaceparam_test.go @@ -315,7 +315,7 @@ func TestWorkspaceAgentByNameParam(t *testing.T) { DB: db, RedirectToLogin: true, }), - httpmw.ExtractUserParam(db, false), + httpmw.ExtractUserParam(db), httpmw.ExtractWorkspaceAndAgentParam(db), ) rtr.Get("/", func(w http.ResponseWriter, r *http.Request) { diff --git a/enterprise/coderd/coderd.go b/enterprise/coderd/coderd.go index eea08a488f567..7d0017a0af98f 100644 --- a/enterprise/coderd/coderd.go +++ b/enterprise/coderd/coderd.go @@ -269,7 +269,7 @@ func New(ctx context.Context, options *Options) (_ *API, err error) { apiKeyMiddleware, ) r.Route("/{user}", func(r chi.Router) { - r.Use(httpmw.ExtractUserParam(options.Database, false)) + r.Use(httpmw.ExtractUserParam(options.Database)) r.Get("/", api.workspaceQuota) }) }) @@ -296,7 +296,7 @@ func New(ctx context.Context, options *Options) (_ *API, err error) { r.Use( api.autostopRequirementEnabledMW, apiKeyMiddleware, - httpmw.ExtractUserParam(options.Database, false), + httpmw.ExtractUserParam(options.Database), ) r.Get("/", api.userQuietHoursSchedule)