NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit2513167

authored

feat: Return more 404s vs 403s (#2194)

* feat: Return more 404s vs 403s* Return vague 404 in all cases

1 parentdc1de58 commit2513167Copy full SHA for 2513167

File tree

31 files changed

+231

-155

lines changed

31 files changed

+231

-155

lines changed

`‎cli/autostart_test.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ func TestAutostart(t *testing.T) {`
`107`	`107`	`clitest.SetupConfig(t,client,root)`
`108`	`108`
`109`	`109`	`err:=cmd.Execute()`
`110`		`-require.ErrorContains(t,err,"status code403: Forbidden","unexpected error")`
	`110`	`+require.ErrorContains(t,err,"status code404","unexpected error")`
`111`	`111`	`})`
`112`	`112`
`113`	`113`	`t.Run("unset_NotFound",func(t*testing.T) {`
`@@ -124,7 +124,7 @@ func TestAutostart(t *testing.T) {`
`124`	`124`	`clitest.SetupConfig(t,client,root)`
`125`	`125`
`126`	`126`	`err:=cmd.Execute()`
`127`		`-require.ErrorContains(t,err,"status code403: Forbidden","unexpected error")`
	`127`	`+require.ErrorContains(t,err,"status code404:","unexpected error")`
`128`	`128`	`})`
`129`	`129`	`}`
`130`	`130`

`‎cli/ttl_test.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -178,7 +178,7 @@ func TestTTL(t *testing.T) {`
`178`	`178`	`clitest.SetupConfig(t,client,root)`
`179`	`179`
`180`	`180`	`err:=cmd.Execute()`
`181`		`-require.ErrorContains(t,err,"status code403: Forbidden","unexpected error")`
	`181`	`+require.ErrorContains(t,err,"status code404:","unexpected error")`
`182`	`182`	`})`
`183`	`183`
`184`	`184`	`t.Run("Unset_NotFound",func(t*testing.T) {`
`@@ -195,7 +195,7 @@ func TestTTL(t *testing.T) {`
`195`	`195`	`clitest.SetupConfig(t,client,root)`
`196`	`196`
`197`	`197`	`err:=cmd.Execute()`
`198`		`-require.ErrorContains(t,err,"status code403: Forbidden","unexpected error")`
	`198`	`+require.ErrorContains(t,err,"status code404:","unexpected error")`
`199`	`199`	`})`
`200`	`200`
`201`	`201`	`t.Run("TemplateMaxTTL",func(t*testing.T) {`

`‎coderd/authorize.go`

Lines changed: 9 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,6 @@ import (`
`7`	`7`
`8`	`8`	`"cdr.dev/slog"`
`9`	`9`
`10`		`-"github.com/coder/coder/coderd/httpapi"`
`11`	`10`	`"github.com/coder/coder/coderd/httpmw"`
`12`	`11`	`"github.com/coder/coder/coderd/rbac"`
`13`	`12`	`)`
`@@ -17,12 +16,18 @@ func AuthorizeFilter[O rbac.Objecter](api API, r http.Request, action rbac.Act`
`17`	`16`	`returnrbac.Filter(r.Context(),api.Authorizer,roles.ID.String(),roles.Roles,action,objects)`
`18`	`17`	`}`
`19`	`18`
`20`		`-func (apiAPI)Authorize(rw http.ResponseWriter,rhttp.Request,action rbac.Action,object rbac.Objecter)bool {`
	`19`	`+// Authorize will return false if the user is not authorized to do the action.`
	`20`	`+// This function will log appropriately, but the caller must return an`
	`21`	`+// error to the api client.`
	`22`	`+// Eg:`
	`23`	`+//if !api.Authorize(...) {`
	`24`	`+//httpapi.Forbidden(rw)`
	`25`	`+//return`
	`26`	`+//}`
	`27`	`+func (apiAPI)Authorize(rhttp.Request,action rbac.Action,object rbac.Objecter)bool {`
`21`	`28`	`roles:=httpmw.AuthorizationUserRoles(r)`
`22`	`29`	`err:=api.Authorizer.ByRoleName(r.Context(),roles.ID.String(),roles.Roles,action,object.RBACObject())`
`23`	`30`	`iferr!=nil {`
`24`		`-httpapi.Forbidden(rw)`
`25`		`-`
`26`	`31`	`// Log the errors for debugging`
`27`	`32`	`internalError:=new(rbac.UnauthorizedError)`
`28`	`33`	`logger:=api.Logger`

`‎coderd/coderd_test.go`

Lines changed: 8 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -380,9 +380,6 @@ func TestAuthorizeAllEndpoints(t *testing.T) {`
`380`	`380`	`// By default, all omitted routes check for just "authorize" called`
`381`	`381`	`routeAssertions=routeCheck{}`
`382`	`382`	`}`
`383`		`-ifrouteAssertions.StatusCode==0 {`
`384`		`-routeAssertions.StatusCode=http.StatusForbidden`
`385`		`-}`
`386`	`383`
`387`	`384`	`// Replace all url params with known values`
`388`	`385`	`route=strings.ReplaceAll(route,"{organization}",admin.OrganizationID.String())`
`@@ -413,7 +410,14 @@ func TestAuthorizeAllEndpoints(t *testing.T) {`
`413`	`410`
`414`	`411`	`if!routeAssertions.NoAuthorize {`
`415`	`412`	`assert.NotNil(t,authorizer.Called,"authorizer expected")`
`416`		`-assert.Equal(t,routeAssertions.StatusCode,resp.StatusCode,"expect unauthorized")`
	`413`	`+ifrouteAssertions.StatusCode!=0 {`
	`414`	`+assert.Equal(t,routeAssertions.StatusCode,resp.StatusCode,"expect unauthorized")`
	`415`	`+}else {`
	`416`	`+// It's either a 404 or 403.`
	`417`	`+ifresp.StatusCode!=http.StatusNotFound {`
	`418`	`+assert.Equal(t,http.StatusForbidden,resp.StatusCode,"expect unauthorized")`
	`419`	`+}`
	`420`	`+}`
`417`	`421`	`ifauthorizer.Called!=nil {`
`418`	`422`	`ifrouteAssertions.AssertAction!="" {`
`419`	`423`	`assert.Equal(t,routeAssertions.AssertAction,authorizer.Called.Action,"resource action")`

`‎coderd/files.go`

Lines changed: 6 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,8 @@ func (api API) postFile(rw http.ResponseWriter, r http.Request) {`
`22`	`22`	`apiKey:=httpmw.APIKey(r)`
`23`	`23`	`// This requires the site wide action to create files.`
`24`	`24`	`// Once created, a user can read their own files uploaded`
`25`		`-if!api.Authorize(rw,r,rbac.ActionCreate,rbac.ResourceFile) {`
	`25`	`+if!api.Authorize(r,rbac.ActionCreate,rbac.ResourceFile) {`
	`26`	`+httpapi.Forbidden(rw)`
`26`	`27`	`return`
`27`	`28`	`}`
`28`	`29`
`@@ -86,7 +87,7 @@ func (api API) fileByHash(rw http.ResponseWriter, r http.Request) {`
`86`	`87`	`}`
`87`	`88`	`file,err:=api.Database.GetFileByHash(r.Context(),hash)`
`88`	`89`	`iferrors.Is(err,sql.ErrNoRows) {`
`89`		`-httpapi.Forbidden(rw)`
	`90`	`+httpapi.ResourceNotFound(rw)`
`90`	`91`	`return`
`91`	`92`	`}`
`92`	`93`	`iferr!=nil {`
`@@ -97,8 +98,10 @@ func (api API) fileByHash(rw http.ResponseWriter, r http.Request) {`
`97`	`98`	`return`
`98`	`99`	`}`
`99`	`100`
`100`		`-if!api.Authorize(rw,r,rbac.ActionRead,`
	`101`	`+if!api.Authorize(r,rbac.ActionRead,`
`101`	`102`	`rbac.ResourceFile.WithOwner(file.CreatedBy.String()).WithID(file.Hash)) {`
	`103`	`+// Return 404 to not leak the file exists`
	`104`	`+httpapi.ResourceNotFound(rw)`
`102`	`105`	`return`
`103`	`106`	`}`
`104`	`107`

`‎coderd/files_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ func TestDownload(t *testing.T) {`
`50`	`50`	`_,_,err:=client.Download(context.Background(),"something")`
`51`	`51`	`varapiErr*codersdk.Error`
`52`	`52`	`require.ErrorAs(t,err,&apiErr)`
`53`		`-require.Equal(t,http.StatusForbidden,apiErr.StatusCode())`
	`53`	`+require.Equal(t,http.StatusNotFound,apiErr.StatusCode())`
`54`	`54`	`})`
`55`	`55`
`56`	`56`	`t.Run("Insert",func(t*testing.T) {`

`‎coderd/gitsshkey.go`

Lines changed: 4 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,8 @@ import (`
`14`	`14`	`func (apiAPI)regenerateGitSSHKey(rw http.ResponseWriter,rhttp.Request) {`
`15`	`15`	`user:=httpmw.UserParam(r)`
`16`	`16`
`17`		`-if!api.Authorize(rw,r,rbac.ActionUpdate,rbac.ResourceUserData.WithOwner(user.ID.String())) {`
	`17`	`+if!api.Authorize(r,rbac.ActionUpdate,rbac.ResourceUserData.WithOwner(user.ID.String())) {`
	`18`	`+httpapi.ResourceNotFound(rw)`
`18`	`19`	`return`
`19`	`20`	`}`
`20`	`21`
`@@ -62,7 +63,8 @@ func (api API) regenerateGitSSHKey(rw http.ResponseWriter, r http.Request) {`
`62`	`63`	`func (apiAPI)gitSSHKey(rw http.ResponseWriter,rhttp.Request) {`
`63`	`64`	`user:=httpmw.UserParam(r)`
`64`	`65`
`65`		`-if!api.Authorize(rw,r,rbac.ActionRead,rbac.ResourceUserData.WithOwner(user.ID.String())) {`
	`66`	`+if!api.Authorize(r,rbac.ActionRead,rbac.ResourceUserData.WithOwner(user.ID.String())) {`
	`67`	`+httpapi.ResourceNotFound(rw)`
`66`	`68`	`return`
`67`	`69`	`}`
`68`	`70`

`‎coderd/httpapi/httpapi.go`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -76,6 +76,14 @@ type Error struct {`
`76`	`76`	Detailstring`json:"detail" validate:"required"`
`77`	`77`	`}`
`78`	`78`
	`79`	`+// ResourceNotFound is intentionally vague. All 404 responses should be identical`
	`80`	`+// to prevent leaking existence of resources.`
	`81`	`+funcResourceNotFound(rw http.ResponseWriter) {`
	`82`	`+Write(rw,http.StatusNotFound,Response{`
	`83`	`+Message:"Resource not found or you do not have access to this resource",`
	`84`	`+})`
	`85`	`+}`
	`86`	`+`
`79`	`87`	`funcForbidden(rw http.ResponseWriter) {`
`80`	`88`	`Write(rw,http.StatusForbidden,Response{`
`81`	`89`	`Message:"Forbidden.",`

`‎coderd/httpmw/organizationparam.go`

Lines changed: 2 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,6 @@ import (`
`4`	`4`	`"context"`
`5`	`5`	`"database/sql"`
`6`	`6`	`"errors"`
`7`		`-"fmt"`
`8`	`7`	`"net/http"`
`9`	`8`
`10`	`9`	`"github.com/coder/coder/coderd/database"`
`@@ -45,9 +44,7 @@ func ExtractOrganizationParam(db database.Store) func(http.Handler) http.Handler`
`45`	`44`
`46`	`45`	`organization,err:=db.GetOrganizationByID(r.Context(),orgID)`
`47`	`46`	`iferrors.Is(err,sql.ErrNoRows) {`
`48`		`-httpapi.Write(rw,http.StatusNotFound, httpapi.Response{`
`49`		`-Message:fmt.Sprintf("Organization %q does not exist.",orgID),`
`50`		`-})`
	`47`	`+httpapi.ResourceNotFound(rw)`
`51`	`48`	`return`
`52`	`49`	`}`
`53`	`50`	`iferr!=nil {`
`@@ -76,9 +73,7 @@ func ExtractOrganizationMemberParam(db database.Store) func(http.Handler) http.H`
`76`	`73`	`UserID:user.ID,`
`77`	`74`	`})`
`78`	`75`	`iferrors.Is(err,sql.ErrNoRows) {`
`79`		`-httpapi.Write(rw,http.StatusForbidden, httpapi.Response{`
`80`		`-Message:"Not a member of the organization.",`
`81`		`-})`
	`76`	`+httpapi.ResourceNotFound(rw)`
`82`	`77`	`return`
`83`	`78`	`}`
`84`	`79`	`iferr!=nil {`

`‎coderd/httpmw/organizationparam_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -144,7 +144,7 @@ func TestOrganizationParam(t *testing.T) {`
`144`	`144`	`rtr.ServeHTTP(rw,r)`
`145`	`145`	`res:=rw.Result()`
`146`	`146`	`deferres.Body.Close()`
`147`		`-require.Equal(t,http.StatusForbidden,res.StatusCode)`
	`147`	`+require.Equal(t,http.StatusNotFound,res.StatusCode)`
`148`	`148`	`})`
`149`	`149`
`150`	`150`	`t.Run("Success",func(t*testing.T) {`

`‎coderd/httpmw/templateparam.go`

Lines changed: 2 additions & 12 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,6 @@ import (`
`4`	`4`	`"context"`
`5`	`5`	`"database/sql"`
`6`	`6`	`"errors"`
`7`		`-"fmt"`
`8`	`7`	`"net/http"`
`9`	`8`
`10`	`9`	`"github.com/go-chi/chi/v5"`
`@@ -33,10 +32,8 @@ func ExtractTemplateParam(db database.Store) func(http.Handler) http.Handler {`
`33`	`32`	`return`
`34`	`33`	`}`
`35`	`34`	`template,err:=db.GetTemplateByID(r.Context(),templateID)`
`36`		`-iferrors.Is(err,sql.ErrNoRows) {`
`37`		`-httpapi.Write(rw,http.StatusNotFound, httpapi.Response{`
`38`		`-Message:fmt.Sprintf("Template %q does not exist.",templateID),`
`39`		`-})`
	`35`	`+iferrors.Is(err,sql.ErrNoRows)\|\| (err==nil&&template.Deleted) {`
	`36`	`+httpapi.ResourceNotFound(rw)`
`40`	`37`	`return`
`41`	`38`	`}`
`42`	`39`	`iferr!=nil {`
`@@ -47,13 +44,6 @@ func ExtractTemplateParam(db database.Store) func(http.Handler) http.Handler {`
`47`	`44`	`return`
`48`	`45`	`}`
`49`	`46`
`50`		`-iftemplate.Deleted {`
`51`		`-httpapi.Write(rw,http.StatusNotFound, httpapi.Response{`
`52`		`-Message:fmt.Sprintf("Template %q does not exist.",templateID),`
`53`		`-})`
`54`		`-return`
`55`		`-}`
`56`		`-`
`57`	`47`	`ctx:=context.WithValue(r.Context(),templateParamContextKey{},template)`
`58`	`48`	`chi.RouteContext(ctx).URLParams.Add("organization",template.OrganizationID.String())`
`59`	`49`	`next.ServeHTTP(rw,r.WithContext(ctx))`

`‎coderd/httpmw/templateversionparam.go`

Lines changed: 1 addition & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,6 @@ import (`
`4`	`4`	`"context"`
`5`	`5`	`"database/sql"`
`6`	`6`	`"errors"`
`7`		`-"fmt"`
`8`	`7`	`"net/http"`
`9`	`8`
`10`	`9`	`"github.com/go-chi/chi/v5"`
`@@ -34,9 +33,7 @@ func ExtractTemplateVersionParam(db database.Store) func(http.Handler) http.Hand`
`34`	`33`	`}`
`35`	`34`	`templateVersion,err:=db.GetTemplateVersionByID(r.Context(),templateVersionID)`
`36`	`35`	`iferrors.Is(err,sql.ErrNoRows) {`
`37`		`-httpapi.Write(rw,http.StatusNotFound, httpapi.Response{`
`38`		`-Message:fmt.Sprintf("Template version %q does not exist.",templateVersionID),`
`39`		`-})`
	`36`	`+httpapi.ResourceNotFound(rw)`
`40`	`37`	`return`
`41`	`38`	`}`
`42`	`39`	`iferr!=nil {`

`‎coderd/httpmw/userparam.go`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,8 +2,11 @@ package httpmw`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"context"`
	`5`	`+"database/sql"`
`5`	`6`	`"net/http"`
`6`	`7`
	`8`	`+"golang.org/x/xerrors"`
	`9`	`+`
`7`	`10`	`"github.com/go-chi/chi/v5"`
`8`	`11`	`"github.com/google/uuid"`
`9`	`12`
`@@ -47,6 +50,10 @@ func ExtractUserParam(db database.Store) func(http.Handler) http.Handler {`
`47`	`50`
`48`	`51`	`ifuserQuery=="me" {`
`49`	`52`	`user,err=db.GetUserByID(r.Context(),APIKey(r).UserID)`
	`53`	`+ifxerrors.Is(err,sql.ErrNoRows) {`
	`54`	`+httpapi.ResourceNotFound(rw)`
	`55`	`+return`
	`56`	`+}`
`50`	`57`	`iferr!=nil {`
`51`	`58`	`httpapi.Write(rw,http.StatusInternalServerError, httpapi.Response{`
`52`	`59`	`Message:"Internal error fetching user.",`

`‎coderd/httpmw/workspacebuildparam.go`

Lines changed: 1 addition & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,6 @@ import (`
`4`	`4`	`"context"`
`5`	`5`	`"database/sql"`
`6`	`6`	`"errors"`
`7`		`-"fmt"`
`8`	`7`	`"net/http"`
`9`	`8`
`10`	`9`	`"github.com/go-chi/chi/v5"`
`@@ -34,9 +33,7 @@ func ExtractWorkspaceBuildParam(db database.Store) func(http.Handler) http.Handl`
`34`	`33`	`}`
`35`	`34`	`workspaceBuild,err:=db.GetWorkspaceBuildByID(r.Context(),workspaceBuildID)`
`36`	`35`	`iferrors.Is(err,sql.ErrNoRows) {`
`37`		`-httpapi.Write(rw,http.StatusNotFound, httpapi.Response{`
`38`		`-Message:fmt.Sprintf("Workspace build %q does not exist.",workspaceBuildID),`
`39`		`-})`
	`36`	`+httpapi.ResourceNotFound(rw)`
`40`	`37`	`return`
`41`	`38`	`}`
`42`	`39`	`iferr!=nil {`

`‎coderd/httpmw/workspaceparam.go`

Lines changed: 1 addition & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,6 @@ import (`
`4`	`4`	`"context"`
`5`	`5`	`"database/sql"`
`6`	`6`	`"errors"`
`7`		`-"fmt"`
`8`	`7`	`"net/http"`
`9`	`8`
`10`	`9`	`"github.com/coder/coder/coderd/database"`
`@@ -32,9 +31,7 @@ func ExtractWorkspaceParam(db database.Store) func(http.Handler) http.Handler {`
`32`	`31`	`}`
`33`	`32`	`workspace,err:=db.GetWorkspaceByID(r.Context(),workspaceID)`
`34`	`33`	`iferrors.Is(err,sql.ErrNoRows) {`
`35`		`-httpapi.Write(rw,http.StatusNotFound, httpapi.Response{`
`36`		`-Message:fmt.Sprintf("Workspace %q does not exist.",workspaceID),`
`37`		`-})`
	`34`	`+httpapi.ResourceNotFound(rw)`
`38`	`35`	`return`
`39`	`36`	`}`
`40`	`37`	`iferr!=nil {`

`‎coderd/members.go`

Lines changed: 4 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -39,13 +39,15 @@ func (api API) putMemberRoles(rw http.ResponseWriter, r http.Request) {`
`39`	`39`	`added,removed:=rbac.ChangeRoleSet(member.Roles,impliedTypes)`
`40`	`40`	`for_,roleName:=rangeadded {`
`41`	`41`	`// Assigning a role requires the create permission.`
`42`		`-if!api.Authorize(rw,r,rbac.ActionCreate,rbac.ResourceOrgRoleAssignment.WithID(roleName).InOrg(organization.ID)) {`
	`42`	`+if!api.Authorize(r,rbac.ActionCreate,rbac.ResourceOrgRoleAssignment.WithID(roleName).InOrg(organization.ID)) {`
	`43`	`+httpapi.Forbidden(rw)`
`43`	`44`	`return`
`44`	`45`	`}`
`45`	`46`	`}`
`46`	`47`	`for_,roleName:=rangeremoved {`
`47`	`48`	`// Removing a role requires the delete permission.`
`48`		`-if!api.Authorize(rw,r,rbac.ActionDelete,rbac.ResourceOrgRoleAssignment.WithID(roleName).InOrg(organization.ID)) {`
	`49`	`+if!api.Authorize(r,rbac.ActionDelete,rbac.ResourceOrgRoleAssignment.WithID(roleName).InOrg(organization.ID)) {`
	`50`	`+httpapi.Forbidden(rw)`
`49`	`51`	`return`
`50`	`52`	`}`
`51`	`53`	`}`

`‎coderd/organizations.go`

Lines changed: 4 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -19,9 +19,10 @@ import (`
`19`	`19`	`func (apiAPI)organization(rw http.ResponseWriter,rhttp.Request) {`
`20`	`20`	`organization:=httpmw.OrganizationParam(r)`
`21`	`21`
`22`		`-if!api.Authorize(rw,r,rbac.ActionRead,rbac.ResourceOrganization.`
	`22`	`+if!api.Authorize(r,rbac.ActionRead,rbac.ResourceOrganization.`
`23`	`23`	`InOrg(organization.ID).`
`24`	`24`	`WithID(organization.ID.String())) {`
	`25`	`+httpapi.ResourceNotFound(rw)`
`25`	`26`	`return`
`26`	`27`	`}`
`27`	`28`
`@@ -32,8 +33,8 @@ func (api API) postOrganizations(rw http.ResponseWriter, r http.Request) {`
`32`	`33`	`apiKey:=httpmw.APIKey(r)`
`33`	`34`	`// Create organization uses the organization resource without an OrgID.`
`34`	`35`	`// This means you need the site wide permission to make a new organization.`
`35`		`-if!api.Authorize(rw,r,rbac.ActionCreate,`
`36`		`-rbac.ResourceOrganization) {`
	`36`	`+if!api.Authorize(r,rbac.ActionCreate,rbac.ResourceOrganization) {`
	`37`	`+httpapi.Forbidden(rw)`
`37`	`38`	`return`
`38`	`39`	`}`
`39`	`40`

`‎coderd/organizations_test.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ func TestOrganizationByUserAndName(t *testing.T) {`
`30`	`30`	`_,err:=client.OrganizationByName(context.Background(),codersdk.Me,"nothing")`
`31`	`31`	`varapiErr*codersdk.Error`
`32`	`32`	`require.ErrorAs(t,err,&apiErr)`
`33`		`-require.Equal(t,http.StatusForbidden,apiErr.StatusCode())`
	`33`	`+require.Equal(t,http.StatusNotFound,apiErr.StatusCode())`
`34`	`34`	`})`
`35`	`35`
`36`	`36`	`t.Run("NoMember",func(t*testing.T) {`
`@@ -45,7 +45,7 @@ func TestOrganizationByUserAndName(t *testing.T) {`
`45`	`45`	`_,err=other.OrganizationByName(context.Background(),codersdk.Me,org.Name)`
`46`	`46`	`varapiErr*codersdk.Error`
`47`	`47`	`require.ErrorAs(t,err,&apiErr)`
`48`		`-require.Equal(t,http.StatusForbidden,apiErr.StatusCode())`
	`48`	`+require.Equal(t,http.StatusNotFound,apiErr.StatusCode())`
`49`	`49`	`})`
`50`	`50`
`51`	`51`	`t.Run("Valid",func(t*testing.T) {`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit2513167

File tree

31 files changed

31 files changed

`‎cli/autostart_test.go`

`‎cli/ttl_test.go`

`‎coderd/authorize.go`

`‎coderd/coderd_test.go`

`‎coderd/files.go`

`‎coderd/files_test.go`

`‎coderd/gitsshkey.go`

`‎coderd/httpapi/httpapi.go`

`‎coderd/httpmw/organizationparam.go`

`‎coderd/httpmw/organizationparam_test.go`

`‎coderd/httpmw/templateparam.go`

`‎coderd/httpmw/templateversionparam.go`

`‎coderd/httpmw/userparam.go`

`‎coderd/httpmw/workspacebuildparam.go`

`‎coderd/httpmw/workspaceparam.go`

`‎coderd/members.go`

`‎coderd/organizations.go`

`‎coderd/organizations_test.go`

0 commit comments