Skip to content

fix: refresh all oauth links on external auth page #11646

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jan 16, 2024
Merged

fix: refresh all oauth links on external auth page #11646

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a24601b
add unit test to verify refresh all
Emyrk Jan 12, 2024
d923cfc
linting
Emyrk Jan 16, 2024
740f305
fix: refresh all oauth links on external auth page
Emyrk Jan 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion coderd/externalauth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -362,7 +362,6 @@ func (api *API) listUserExternalAuths(rw http.ResponseWriter, r *http.Request) {
if err == nil && valid {
links[i] = newLink
}
break
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the fix

}
}
}
Expand Down
62 changes: 62 additions & 0 deletions coderd/externalauth_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ import (

"github.com/coder/coder/v2/coderd/coderdtest"
"github.com/coder/coder/v2/coderd/coderdtest/oidctest"
"github.com/coder/coder/v2/coderd/database"
"github.com/coder/coder/v2/coderd/database/dbauthz"
"github.com/coder/coder/v2/coderd/database/dbtime"
"github.com/coder/coder/v2/coderd/externalauth"
"github.com/coder/coder/v2/coderd/httpapi"
Expand Down Expand Up @@ -198,6 +200,66 @@ func TestExternalAuthManagement(t *testing.T) {
require.Len(t, list.Providers, 2)
require.Len(t, list.Links, 0)
})
t.Run("RefreshAllProviders", func(t *testing.T) {
t.Parallel()
const githubID = "fake-github"
const gitlabID = "fake-gitlab"

githubCalled := false
githubApp := oidctest.NewFakeIDP(t, oidctest.WithServing(), oidctest.WithRefresh(func(email string) error {
githubCalled = true
return nil
}))
gitlabCalled := false
gitlab := oidctest.NewFakeIDP(t, oidctest.WithServing(), oidctest.WithRefresh(func(email string) error {
gitlabCalled = true
return nil
}))

owner, db := coderdtest.NewWithDatabase(t, &coderdtest.Options{
ExternalAuthConfigs: []*externalauth.Config{
githubApp.ExternalAuthConfig(t, githubID, nil, func(cfg *externalauth.Config) {
cfg.Type = codersdk.EnhancedExternalAuthProviderGitHub.String()
}),
gitlab.ExternalAuthConfig(t, gitlabID, nil, func(cfg *externalauth.Config) {
cfg.Type = codersdk.EnhancedExternalAuthProviderGitLab.String()
}),
},
})
ownerUser := coderdtest.CreateFirstUser(t, owner)
// Just a regular user
client, user := coderdtest.CreateAnotherUser(t, owner, ownerUser.OrganizationID)
ctx := testutil.Context(t, testutil.WaitLong)

// Log into github & gitlab
githubApp.ExternalLogin(t, client)
gitlab.ExternalLogin(t, client)

links, err := db.GetExternalAuthLinksByUserID(
dbauthz.As(ctx, coderdtest.AuthzUserSubject(user, ownerUser.OrganizationID)), user.ID)
require.NoError(t, err)
require.Len(t, links, 2)

// Expire the links
for _, l := range links {
_, err := db.UpdateExternalAuthLink(dbauthz.As(ctx, coderdtest.AuthzUserSubject(user, ownerUser.OrganizationID)), database.UpdateExternalAuthLinkParams{
ProviderID: l.ProviderID,
UserID: l.UserID,
UpdatedAt: dbtime.Now(),
OAuthAccessToken: l.OAuthAccessToken,
OAuthRefreshToken: l.OAuthRefreshToken,
OAuthExpiry: time.Now().Add(time.Hour * -1),
OAuthExtra: l.OAuthExtra,
})
require.NoErrorf(t, err, "expire key for %s", l.ProviderID)
}

list, err := client.ListExternalAuths(ctx)
require.NoError(t, err)
require.Len(t, list.Links, 2)
require.True(t, githubCalled, "github should be refreshed")
require.True(t, gitlabCalled, "gitlab should be refreshed")
})
}

func TestExternalAuthDevice(t *testing.T) {
Expand Down
4 changes: 4 additions & 0 deletions codersdk/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -336,6 +336,10 @@ func ExpectJSONMime(res *http.Response) error {

// ReadBodyAsError reads the response as a codersdk.Response, and
// wraps it in a codersdk.Error type for easy marshaling.
//
// This will always return an error, so only call it if the response failed
// your expectations. Usually via status code checking.
// nolint:staticcheck
func ReadBodyAsError(res *http.Response) error {
if res == nil {
return xerrors.Errorf("no body returned")
Expand Down
11 changes: 11 additions & 0 deletions codersdk/client_internal_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,17 @@ func Test_readBodyAsError(t *testing.T) {
assert.Equal(t, unexpectedJSON, sdkErr.Response.Detail)
},
},
{
// Even status code 200 should be considered an error if this function
// is called. There are parts of the code that require this function
// to always return an error.
name: "OKResp",
req: nil,
res: newResponse(http.StatusOK, jsonCT, marshal(map[string]any{})),
assert: func(t *testing.T, err error) {
require.Error(t, err)
},
},
}

for _, c := range tests {
Expand Down
18 changes: 8 additions & 10 deletions enterprise/coderd/proxyhealth/proxyhealth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -321,19 +321,17 @@ func (p *ProxyHealth) runOnce(ctx context.Context, now time.Time) (map[uuid.UUID
// readable.
builder.WriteString(fmt.Sprintf("unexpected status code %d. ", resp.StatusCode))
builder.WriteString(fmt.Sprintf("\nEncountered error, send a request to %q from the Coderd environment to debug this issue.", reqURL))
// err will always be non-nil
err := codersdk.ReadBodyAsError(resp)
if err != nil {
var apiErr *codersdk.Error
if xerrors.As(err, &apiErr) {
builder.WriteString(fmt.Sprintf("\nError Message: %s\nError Detail: %s", apiErr.Message, apiErr.Detail))
for _, v := range apiErr.Validations {
// Pretty sure this is not possible from the called endpoint, but just in case.
builder.WriteString(fmt.Sprintf("\n\tValidation: %s=%s", v.Field, v.Detail))
}
} else {
builder.WriteString(fmt.Sprintf("\nError: %s", err.Error()))
var apiErr *codersdk.Error
if xerrors.As(err, &apiErr) {
builder.WriteString(fmt.Sprintf("\nError Message: %s\nError Detail: %s", apiErr.Message, apiErr.Detail))
for _, v := range apiErr.Validations {
// Pretty sure this is not possible from the called endpoint, but just in case.
builder.WriteString(fmt.Sprintf("\n\tValidation: %s=%s", v.Field, v.Detail))
}
}
builder.WriteString(fmt.Sprintf("\nError: %s", err.Error()))

status.Report.Errors = []string{builder.String()}
case err != nil:
Expand Down