coder/coderPublic

NotificationsYou must be signed in to change notification settings
Fork927
Star10.1k

Commit0b0b03f

code-asher

and

Emyrk

committed

chore: pass lifetime directly into api key generate

Rather than passing all the deployment values. This is to make iteasier to generate API keys as part of the oauth flow.I also added and fixed a test for when the lifetime is set and thedefault and expiration are unset.Co-authored-by: Steven Masley <stevenmasley@gmail.com>

1 parent76911f1 commit0b0b03fCopy full SHA for 0b0b03f

File tree

6 files changed

+88

-78

lines changed

coderd
- apikey
  - apikey.go
  - apikey_test.go
- apikey.go
- provisionerdserver
  - provisionerdserver.go
- userauth.go
- workspaceapps.go

6 files changed

+88

-78

lines changed

`‎coderd/apikey.go`

Lines changed: 11 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -82,13 +82,13 @@ func (api API) postToken(rw http.ResponseWriter, r http.Request) {`
`82`	`82`	`}`
`83`	`83`
`84`	`84`	`cookie,key,err:=api.createAPIKey(ctx, apikey.CreateParams{`
`85`		`-UserID:user.ID,`
`86`		`-LoginType:database.LoginTypeToken,`
`87`		`-DeploymentValues:api.DeploymentValues,`
`88`		`-ExpiresAt:dbtime.Now().Add(lifeTime),`
`89`		`-Scope:scope,`
`90`		`-LifetimeSeconds:int64(lifeTime.Seconds()),`
`91`		`-TokenName:tokenName,`
	`85`	`+UserID:user.ID,`
	`86`	`+LoginType:database.LoginTypeToken,`
	`87`	`+DefaultLifetime:api.DeploymentValues.SessionDuration.Value(),`
	`88`	`+ExpiresAt:dbtime.Now().Add(lifeTime),`
	`89`	`+Scope:scope,`
	`90`	`+LifetimeSeconds:int64(lifeTime.Seconds()),`
	`91`	`+TokenName:tokenName,`
`92`	`92`	`})`
`93`	`93`	`iferr!=nil {`
`94`	`94`	`ifdatabase.IsUniqueViolation(err,database.UniqueIndexAPIKeyName) {`
`@@ -127,10 +127,10 @@ func (api API) postAPIKey(rw http.ResponseWriter, r http.Request) {`
`127`	`127`
`128`	`128`	`lifeTime:=time.Hour247`
`129`	`129`	`cookie,_,err:=api.createAPIKey(ctx, apikey.CreateParams{`
`130`		`-UserID:user.ID,`
`131`		`-DeploymentValues:api.DeploymentValues,`
`132`		`-LoginType:database.LoginTypePassword,`
`133`		`-RemoteAddr:r.RemoteAddr,`
	`130`	`+UserID:user.ID,`
	`131`	`+DefaultLifetime:api.DeploymentValues.SessionDuration.Value(),`
	`132`	`+LoginType:database.LoginTypePassword,`
	`133`	`+RemoteAddr:r.RemoteAddr,`
`134`	`134`	`// All api generated keys will last 1 week. Browser login tokens have`
`135`	`135`	`// a shorter life.`
`136`	`136`	`ExpiresAt:dbtime.Now().Add(lifeTime),`

`‎coderd/apikey/apikey.go`

Lines changed: 7 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,14 +12,15 @@ import (`
`12`	`12`
`13`	`13`	`"github.com/coder/coder/v2/coderd/database"`
`14`	`14`	`"github.com/coder/coder/v2/coderd/database/dbtime"`
`15`		`-"github.com/coder/coder/v2/codersdk"`
`16`	`15`	`"github.com/coder/coder/v2/cryptorand"`
`17`	`16`	`)`
`18`	`17`
`19`	`18`	`typeCreateParamsstruct {`
`20`		`-UserID uuid.UUID`
`21`		`-LoginType database.LoginType`
`22`		`-DeploymentValues*codersdk.DeploymentValues`
	`19`	`+UserID uuid.UUID`
	`20`	`+LoginType database.LoginType`
	`21`	`+// DefaultLifetime is configured in DeploymentValues.`
	`22`	`+// It is used if both ExpiresAt and LifetimeSeconds are not set.`
	`23`	`+DefaultLifetime time.Duration`
`23`	`24`
`24`	`25`	`// Optional.`
`25`	`26`	`ExpiresAt time.Time`
`@@ -46,8 +47,8 @@ func Generate(params CreateParams) (database.InsertAPIKeyParams, string, error)`
`46`	`47`	`ifparams.LifetimeSeconds!=0 {`
`47`	`48`	`params.ExpiresAt=dbtime.Now().Add(time.Duration(params.LifetimeSeconds)*time.Second)`
`48`	`49`	`}else {`
`49`		`-params.ExpiresAt=dbtime.Now().Add(params.DeploymentValues.SessionDuration.Value())`
`50`		`-params.LifetimeSeconds=int64(params.DeploymentValues.SessionDuration.Value().Seconds())`
	`50`	`+params.ExpiresAt=dbtime.Now().Add(params.DefaultLifetime)`
	`51`	`+params.LifetimeSeconds=int64(params.DefaultLifetime.Seconds())`
`51`	`52`	`}`
`52`	`53`	`}`
`53`	`54`	`ifparams.LifetimeSeconds==0 {`

`‎coderd/apikey/apikey_test.go`

Lines changed: 51 additions & 42 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,11 +10,9 @@ import (`
`10`	`10`	`"github.com/stretchr/testify/assert"`
`11`	`11`	`"github.com/stretchr/testify/require"`
`12`	`12`
`13`		`-"github.com/coder/coder/v2/cli/clibase"`
`14`	`13`	`"github.com/coder/coder/v2/coderd/apikey"`
`15`	`14`	`"github.com/coder/coder/v2/coderd/database"`
`16`	`15`	`"github.com/coder/coder/v2/coderd/database/dbtime"`
`17`		`-"github.com/coder/coder/v2/codersdk"`
`18`	`16`	`)`
`19`	`17`
`20`	`18`	`funcTestGenerate(t*testing.T) {`
`@@ -30,69 +28,80 @@ func TestGenerate(t *testing.T) {`
`30`	`28`	`{`
`31`	`29`	`name:"OK",`
`32`	`30`	`params: apikey.CreateParams{`
`33`		`-UserID:uuid.New(),`
`34`		`-LoginType:database.LoginTypeOIDC,`
`35`		`-DeploymentValues:&codersdk.DeploymentValues{},`
`36`		`-ExpiresAt:time.Now().Add(time.Hour),`
`37`		`-LifetimeSeconds:int64(time.Hour.Seconds()),`
`38`		`-TokenName:"hello",`
`39`		`-RemoteAddr:"1.2.3.4",`
`40`		`-Scope:database.APIKeyScopeApplicationConnect,`
	`31`	`+UserID:uuid.New(),`
	`32`	`+LoginType:database.LoginTypeOIDC,`
	`33`	`+DefaultLifetime:time.Duration(0),`
	`34`	`+ExpiresAt:time.Now().Add(time.Hour),`
	`35`	`+LifetimeSeconds:int64(time.Hour.Seconds()),`
	`36`	`+TokenName:"hello",`
	`37`	`+RemoteAddr:"1.2.3.4",`
	`38`	`+Scope:database.APIKeyScopeApplicationConnect,`
`41`	`39`	`},`
`42`	`40`	`},`
`43`	`41`	`{`
`44`	`42`	`name:"InvalidScope",`
`45`	`43`	`params: apikey.CreateParams{`
`46`		`-UserID:uuid.New(),`
`47`		`-LoginType:database.LoginTypeOIDC,`
`48`		`-DeploymentValues:&codersdk.DeploymentValues{},`
`49`		`-ExpiresAt:time.Now().Add(time.Hour),`
`50`		`-LifetimeSeconds:int64(time.Hour.Seconds()),`
`51`		`-TokenName:"hello",`
`52`		`-RemoteAddr:"1.2.3.4",`
`53`		`-Scope:database.APIKeyScope("test"),`
	`44`	`+UserID:uuid.New(),`
	`45`	`+LoginType:database.LoginTypeOIDC,`
	`46`	`+DefaultLifetime:time.Duration(0),`
	`47`	`+ExpiresAt:time.Now().Add(time.Hour),`
	`48`	`+LifetimeSeconds:int64(time.Hour.Seconds()),`
	`49`	`+TokenName:"hello",`
	`50`	`+RemoteAddr:"1.2.3.4",`
	`51`	`+Scope:database.APIKeyScope("test"),`
`54`	`52`	`},`
`55`	`53`	`fail:true,`
`56`	`54`	`},`
`57`	`55`	`{`
`58`	`56`	`name:"DeploymentSessionDuration",`
`59`	`57`	`params: apikey.CreateParams{`
`60`		`-UserID:uuid.New(),`
`61`		`-LoginType:database.LoginTypeOIDC,`
`62`		`-DeploymentValues:&codersdk.DeploymentValues{`
`63`		`-SessionDuration:clibase.Duration(time.Hour),`
`64`		`-},`
	`58`	`+UserID:uuid.New(),`
	`59`	`+LoginType:database.LoginTypeOIDC,`
	`60`	`+DefaultLifetime:time.Hour,`
`65`	`61`	`LifetimeSeconds:0,`
`66`	`62`	`ExpiresAt: time.Time{},`
`67`	`63`	`TokenName:"hello",`
`68`	`64`	`RemoteAddr:"1.2.3.4",`
`69`	`65`	`Scope:database.APIKeyScopeApplicationConnect,`
`70`	`66`	`},`
`71`	`67`	`},`
	`68`	`+{`
	`69`	`+name:"LifetimeSeconds",`
	`70`	`+params: apikey.CreateParams{`
	`71`	`+UserID:uuid.New(),`
	`72`	`+LoginType:database.LoginTypeOIDC,`
	`73`	`+DefaultLifetime:time.Duration(0),`
	`74`	`+LifetimeSeconds:int64(time.Hour.Seconds()),`
	`75`	`+ExpiresAt: time.Time{},`
	`76`	`+TokenName:"hello",`
	`77`	`+RemoteAddr:"1.2.3.4",`
	`78`	`+Scope:database.APIKeyScopeApplicationConnect,`
	`79`	`+},`
	`80`	`+},`
`72`	`81`	`{`
`73`	`82`	`name:"DefaultIP",`
`74`	`83`	`params: apikey.CreateParams{`
`75`		`-UserID:uuid.New(),`
`76`		`-LoginType:database.LoginTypeOIDC,`
`77`		`-DeploymentValues:&codersdk.DeploymentValues{},`
`78`		`-ExpiresAt:time.Now().Add(time.Hour),`
`79`		`-LifetimeSeconds:int64(time.Hour.Seconds()),`
`80`		`-TokenName:"hello",`
`81`		`-RemoteAddr:"",`
`82`		`-Scope:database.APIKeyScopeApplicationConnect,`
	`84`	`+UserID:uuid.New(),`
	`85`	`+LoginType:database.LoginTypeOIDC,`
	`86`	`+DefaultLifetime:time.Duration(0),`
	`87`	`+ExpiresAt:time.Now().Add(time.Hour),`
	`88`	`+LifetimeSeconds:int64(time.Hour.Seconds()),`
	`89`	`+TokenName:"hello",`
	`90`	`+RemoteAddr:"",`
	`91`	`+Scope:database.APIKeyScopeApplicationConnect,`
`83`	`92`	`},`
`84`	`93`	`},`
`85`	`94`	`{`
`86`	`95`	`name:"DefaultScope",`
`87`	`96`	`params: apikey.CreateParams{`
`88`		`-UserID:uuid.New(),`
`89`		`-LoginType:database.LoginTypeOIDC,`
`90`		`-DeploymentValues:&codersdk.DeploymentValues{},`
`91`		`-ExpiresAt:time.Now().Add(time.Hour),`
`92`		`-LifetimeSeconds:int64(time.Hour.Seconds()),`
`93`		`-TokenName:"hello",`
`94`		`-RemoteAddr:"1.2.3.4",`
`95`		`-Scope:"",`
	`97`	`+UserID:uuid.New(),`
	`98`	`+LoginType:database.LoginTypeOIDC,`
	`99`	`+DefaultLifetime:time.Duration(0),`
	`100`	`+ExpiresAt:time.Now().Add(time.Hour),`
	`101`	`+LifetimeSeconds:int64(time.Hour.Seconds()),`
	`102`	`+TokenName:"hello",`
	`103`	`+RemoteAddr:"1.2.3.4",`
	`104`	`+Scope:"",`
`96`	`105`	`},`
`97`	`106`	`},`
`98`	`107`	`}`
`@@ -131,15 +140,15 @@ func TestGenerate(t *testing.T) {`
`131`	`140`	`// Should not be a delta greater than 5 seconds.`
`132`	`141`	`assert.InDelta(t,time.Until(tc.params.ExpiresAt).Seconds(),key.LifetimeSeconds,5)`
`133`	`142`	`}else {`
`134`		`-assert.Equal(t,int64(tc.params.DeploymentValues.SessionDuration.Value().Seconds()),key.LifetimeSeconds)`
	`143`	`+assert.Equal(t,int64(tc.params.DefaultLifetime.Seconds()),key.LifetimeSeconds)`
`135`	`144`	`}`
`136`	`145`
`137`	`146`	`if!tc.params.ExpiresAt.IsZero() {`
`138`	`147`	`assert.Equal(t,tc.params.ExpiresAt.UTC(),key.ExpiresAt)`
`139`	`148`	`}elseiftc.params.LifetimeSeconds>0 {`
`140`		`-assert.WithinDuration(t,dbtime.Now().Add(time.Duration(tc.params.LifetimeSeconds)),key.ExpiresAt,time.Second*5)`
	`149`	`+assert.WithinDuration(t,dbtime.Now().Add(time.Duration(tc.params.LifetimeSeconds)time.Second),key.ExpiresAt,time.Second5)`
`141`	`150`	`}else {`
`142`		`-assert.WithinDuration(t,dbtime.Now().Add(tc.params.DeploymentValues.SessionDuration.Value()),key.ExpiresAt,time.Second*5)`
	`151`	`+assert.WithinDuration(t,dbtime.Now().Add(tc.params.DefaultLifetime),key.ExpiresAt,time.Second*5)`
`143`	`152`	`}`
`144`	`153`
`145`	`154`	`iftc.params.RemoteAddr!="" {`

`‎coderd/provisionerdserver/provisionerdserver.go`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -1683,11 +1683,11 @@ func workspaceSessionTokenName(workspace database.Workspace) string {`
`1683`	`1683`
`1684`	`1684`	`func (s*server)regenerateSessionToken(ctx context.Context,user database.User,workspace database.Workspace) (string,error) {`
`1685`	`1685`	`newkey,sessionToken,err:=apikey.Generate(apikey.CreateParams{`
`1686`		`-UserID:user.ID,`
`1687`		`-LoginType:user.LoginType,`
`1688`		`-DeploymentValues:s.DeploymentValues,`
`1689`		`-TokenName:workspaceSessionTokenName(workspace),`
`1690`		`-LifetimeSeconds:int64(s.DeploymentValues.MaxTokenLifetime.Value().Seconds()),`
	`1686`	`+UserID:user.ID,`
	`1687`	`+LoginType:user.LoginType,`
	`1688`	`+DefaultLifetime:s.DeploymentValues.SessionDuration.Value(),`
	`1689`	`+TokenName:workspaceSessionTokenName(workspace),`
	`1690`	`+LifetimeSeconds:int64(s.DeploymentValues.MaxTokenLifetime.Value().Seconds()),`
`1691`	`1691`	`})`
`1692`	`1692`	`iferr!=nil {`
`1693`	`1693`	`return"",xerrors.Errorf("generate API key: %w",err)`

`‎coderd/userauth.go`

Lines changed: 8 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -247,10 +247,10 @@ func (api API) postLogin(rw http.ResponseWriter, r http.Request) {`
`247`	`247`
`248`	`248`	`//nolint:gocritic // Creating the API key as the user instead of as system.`
`249`	`249`	`cookie,key,err:=api.createAPIKey(dbauthz.As(ctx,userSubj), apikey.CreateParams{`
`250`		`-UserID:user.ID,`
`251`		`-LoginType:database.LoginTypePassword,`
`252`		`-RemoteAddr:r.RemoteAddr,`
`253`		`-DeploymentValues:api.DeploymentValues,`
	`250`	`+UserID:user.ID,`
	`251`	`+LoginType:database.LoginTypePassword,`
	`252`	`+RemoteAddr:r.RemoteAddr,`
	`253`	`+DefaultLifetime:api.DeploymentValues.SessionDuration.Value(),`
`254`	`254`	`})`
`255`	`255`	`iferr!=nil {`
`256`	`256`	`logger.Error(ctx,"unable to create API key",slog.Error(err))`
`@@ -1545,10 +1545,10 @@ func (api API) oauthLogin(r http.Request, params oauthLoginParams) ([]http.C`
`1545`	`1545`	`}else {`
`1546`	`1546`	`//nolint:gocritic`
`1547`	`1547`	`cookie,newKey,err:=api.createAPIKey(dbauthz.AsSystemRestricted(ctx), apikey.CreateParams{`
`1548`		`-UserID:user.ID,`
`1549`		`-LoginType:params.LoginType,`
`1550`		`-DeploymentValues:api.DeploymentValues,`
`1551`		`-RemoteAddr:r.RemoteAddr,`
	`1548`	`+UserID:user.ID,`
	`1549`	`+LoginType:params.LoginType,`
	`1550`	`+DefaultLifetime:api.DeploymentValues.SessionDuration.Value(),`
	`1551`	`+RemoteAddr:r.RemoteAddr,`
`1552`	`1552`	`})`
`1553`	`1553`	`iferr!=nil {`
`1554`	`1554`	`returnnil, database.APIKey{},xerrors.Errorf("create API key: %w",err)`

`‎coderd/workspaceapps.go`

Lines changed: 6 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -107,12 +107,12 @@ func (api API) workspaceApplicationAuth(rw http.ResponseWriter, r http.Request`
`107`	`107`	`lifetimeSeconds=int64(api.DeploymentValues.SessionDuration.Value().Seconds())`
`108`	`108`	`}`
`109`	`109`	`cookie,_,err:=api.createAPIKey(ctx, apikey.CreateParams{`
`110`		`-UserID:apiKey.UserID,`
`111`		`-LoginType:database.LoginTypePassword,`
`112`		`-DeploymentValues:api.DeploymentValues,`
`113`		`-ExpiresAt:exp,`
`114`		`-LifetimeSeconds:lifetimeSeconds,`
`115`		`-Scope:database.APIKeyScopeApplicationConnect,`
	`110`	`+UserID:apiKey.UserID,`
	`111`	`+LoginType:database.LoginTypePassword,`
	`112`	`+DefaultLifetime:api.DeploymentValues.SessionDuration.Value(),`
	`113`	`+ExpiresAt:exp,`
	`114`	`+LifetimeSeconds:lifetimeSeconds,`
	`115`	`+Scope:database.APIKeyScopeApplicationConnect,`
`116`	`116`	`})`
`117`	`117`	`iferr!=nil {`
`118`	`118`	`httpapi.Write(ctx,rw,http.StatusInternalServerError, codersdk.Response{`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit0b0b03f

File tree

6 files changed

6 files changed

`‎coderd/apikey.go`

`‎coderd/apikey/apikey.go`

`‎coderd/apikey/apikey_test.go`

`‎coderd/provisionerdserver/provisionerdserver.go`

`‎coderd/userauth.go`

`‎coderd/workspaceapps.go`

0 commit comments