From 0650155377267e8980bb0dd621132698c4ca98a2 Mon Sep 17 00:00:00 2001
From: Cian Johnston <cian@coder.com>
Date: Sat, 24 Feb 2024 08:35:58 +0000
Subject: [PATCH 1/2] chore(coderd): add test to assert agent token invalid
 when workspace deleted

---
 coderd/workspaceagents_test.go | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/coderd/workspaceagents_test.go b/coderd/workspaceagents_test.go
index 08df1f9300266..4d37e37523ca4 100644
--- a/coderd/workspaceagents_test.go
+++ b/coderd/workspaceagents_test.go
@@ -406,6 +406,32 @@ func TestWorkspaceAgentConnectRPC(t *testing.T) {
 		require.ErrorAs(t, err, &sdkErr)
 		require.Equal(t, http.StatusForbidden, sdkErr.StatusCode())
 	})
+
+	t.Run("FailDeleted", func(t *testing.T) {
+		t.Parallel()
+
+		ctx := testutil.Context(t, testutil.WaitLong)
+		client, db := coderdtest.NewWithDatabase(t, nil)
+		user := coderdtest.CreateFirstUser(t, client)
+		// Given: a workspace exists
+		seed := database.Workspace{OrganizationID: user.OrganizationID, OwnerID: user.UserID}
+		wsb := dbfake.WorkspaceBuild(t, db, seed).WithAgent().Do()
+		// When: the workspace is marked as soft-deleted
+		err := db.UpdateWorkspaceDeletedByID(
+			dbauthz.AsProvisionerd(ctx),
+			database.UpdateWorkspaceDeletedByIDParams{ID: wsb.Workspace.ID, Deleted: true},
+		)
+		require.NoError(t, err)
+		// Then: the agent token should no longer be valid
+		agentClient := agentsdk.New(client.URL)
+		agentClient.SetSessionToken(wsb.AgentToken)
+		_, err = agentClient.ConnectRPC(ctx)
+		require.Error(t, err)
+		var sdkErr *codersdk.Error
+		require.ErrorAs(t, err, &sdkErr)
+		// Then: we should get a 401 Unauthorized response
+		require.Equal(t, http.StatusUnauthorized, sdkErr.StatusCode())
+	})
 }
 
 func TestWorkspaceAgentTailnet(t *testing.T) {

From c2c6211cf2f1d9f7ab57af686df3db1412a9c41b Mon Sep 17 00:00:00 2001
From: Cian Johnston <public@cianjohnston.ie>
Date: Sat, 24 Feb 2024 08:44:47 +0000
Subject: [PATCH 2/2] fixup! chore(coderd): add test to assert agent token
 invalid when workspace deleted

---
 coderd/workspaceagents_test.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/coderd/workspaceagents_test.go b/coderd/workspaceagents_test.go
index 4d37e37523ca4..27a222b82b667 100644
--- a/coderd/workspaceagents_test.go
+++ b/coderd/workspaceagents_test.go
@@ -417,6 +417,7 @@ func TestWorkspaceAgentConnectRPC(t *testing.T) {
 		seed := database.Workspace{OrganizationID: user.OrganizationID, OwnerID: user.UserID}
 		wsb := dbfake.WorkspaceBuild(t, db, seed).WithAgent().Do()
 		// When: the workspace is marked as soft-deleted
+		// nolint:gocritic // this is a test
 		err := db.UpdateWorkspaceDeletedByID(
 			dbauthz.AsProvisionerd(ctx),
 			database.UpdateWorkspaceDeletedByIDParams{ID: wsb.Workspace.ID, Deleted: true},