Skip to content

chore: add claims to oauth link in db for debug #10827

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Nov 27, 2023
Merged

chore: add claims to oauth link in db for debug #10827

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
4f94342
chore: add claims to oauth link in db for debug
Emyrk Nov 21, 2023
f9a637d
Add to add instances
Emyrk Nov 21, 2023
7be8801
fix merged claims
Emyrk Nov 22, 2023
a52e1a6
Correct down migration
Emyrk Nov 22, 2023
aff3073
Fix swagger
Emyrk Nov 22, 2023
9b2fa40
Swagger
Emyrk Nov 27, 2023
1a68ff9
Bring back swagger json..
Emyrk Nov 27, 2023
5645fc7
Comon swagger, this has to be it
Emyrk Nov 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add to add instances
  • Loading branch information
@Emyrk
Emyrk committed Nov 21, 2023
commit f9a637dbb1d362f6159e1f302835686b937c47fd
2 changes: 2 additions & 0 deletions coderd/coderdtest/oidctest/helper.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package oidctest

import (
"database/sql"
"encoding/json"
"net/http"
"testing"
"time"
Expand Down Expand Up @@ -77,6 +78,7 @@ func (*LoginHelper) ExpireOauthToken(t *testing.T, db database.Store, user *code
OAuthExpiry: time.Now().Add(time.Hour * -1),
UserID: link.UserID,
LoginType: link.LoginType,
DebugContext: json.RawMessage("{}"),
})
require.NoError(t, err, "expire user link")

Expand Down
1 change: 1 addition & 0 deletions coderd/database/dbgen/dbgen.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -513,6 +513,7 @@ func UserLink(t testing.TB, db database.Store, orig database.UserLink) database.
OAuthRefreshToken: takeFirst(orig.OAuthRefreshToken, uuid.NewString()),
OAuthRefreshTokenKeyID: takeFirst(orig.OAuthRefreshTokenKeyID, sql.NullString{}),
OAuthExpiry: takeFirst(orig.OAuthExpiry, dbtime.Now().Add(time.Hour*24)),
DebugContext: takeFirstSlice(orig.DebugContext, json.RawMessage("{}")),
})

require.NoError(t, err, "insert link")
Expand Down
2 changes: 2 additions & 0 deletions coderd/database/dbmem/dbmem.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5094,6 +5094,7 @@ func (q *FakeQuerier) InsertUserLink(_ context.Context, args database.InsertUser
OAuthRefreshToken: args.OAuthRefreshToken,
OAuthRefreshTokenKeyID: args.OAuthRefreshTokenKeyID,
OAuthExpiry: args.OAuthExpiry,
DebugContext: args.DebugContext,
}

q.userLinks = append(q.userLinks, link)
Expand Down Expand Up @@ -6176,6 +6177,7 @@ func (q *FakeQuerier) UpdateUserLink(_ context.Context, params database.UpdateUs
link.OAuthRefreshToken = params.OAuthRefreshToken
link.OAuthRefreshTokenKeyID = params.OAuthRefreshTokenKeyID
link.OAuthExpiry = params.OAuthExpiry
link.DebugContext = params.DebugContext

q.userLinks[i] = link
return link, nil
Expand Down
3 changes: 3 additions & 0 deletions coderd/httpmw/apikey.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -378,6 +378,9 @@ func ExtractAPIKey(rw http.ResponseWriter, r *http.Request, cfg ExtractAPIKeyCon
OAuthRefreshToken: link.OAuthRefreshToken,
OAuthRefreshTokenKeyID: sql.NullString{}, // dbcrypt will update as required
OAuthExpiry: link.OAuthExpiry,
// Refresh should keep the same debug context because we use
// the original claims for the group/role sync.
DebugContext: link.DebugContext,
})
if err != nil {
return write(http.StatusInternalServerError, codersdk.Response{
Expand Down
1 change: 1 addition & 0 deletions coderd/provisionerdserver/provisionerdserver.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1674,6 +1674,7 @@ func obtainOIDCAccessToken(ctx context.Context, db database.Store, oidcConfig ht
OAuthRefreshToken: link.OAuthRefreshToken,
OAuthRefreshTokenKeyID: sql.NullString{}, // set by dbcrypt if required
OAuthExpiry: link.OAuthExpiry,
DebugContext: link.DebugContext,
})
if err != nil {
return "", xerrors.Errorf("update user link: %w", err)
Expand Down
1 change: 1 addition & 0 deletions coderd/users.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ func (api *API) userDebugOIDC(rw http.ResponseWriter, r *http.Request) {
Message: "Failed to get user links.",
Detail: err.Error(),
})
return
}

// This will encode properly because it is a json.RawMessage.
Expand Down
2 changes: 2 additions & 0 deletions enterprise/dbcrypt/cliutil.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ func Rotate(ctx context.Context, log slog.Logger, sqlDB *sql.DB, ciphers []Ciphe
OAuthExpiry: userLink.OAuthExpiry,
UserID: uid,
LoginType: userLink.LoginType,
DebugContext: userLink.DebugContext,
}); err != nil {
return xerrors.Errorf("update user link user_id=%s linked_id=%s: %w", userLink.UserID, userLink.LinkedID, err)
}
Expand Down Expand Up @@ -132,6 +133,7 @@ func Decrypt(ctx context.Context, log slog.Logger, sqlDB *sql.DB, ciphers []Ciph
OAuthExpiry: userLink.OAuthExpiry,
UserID: uid,
LoginType: userLink.LoginType,
DebugContext: userLink.DebugContext,
}); err != nil {
return xerrors.Errorf("update user link user_id=%s linked_id=%s: %w", userLink.UserID, userLink.LinkedID, err)
}
Expand Down
2 changes: 2 additions & 0 deletions enterprise/dbcrypt/dbcrypt_internal_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"crypto/rand"
"database/sql"
"encoding/base64"
"encoding/json"
"io"
"testing"

Expand Down Expand Up @@ -55,6 +56,7 @@ func TestUserLinks(t *testing.T) {
OAuthRefreshToken: "refresh",
UserID: link.UserID,
LoginType: link.LoginType,
DebugContext: json.RawMessage("{}"),
})
require.NoError(t, err)
require.Equal(t, "access", updated.OAuthAccessToken)
Expand Down