NotificationsYou must be signed in to change notification settings
Fork925
Star10.1k

Commit5d0489b

committed

refactor validate to check expiary

1 parent3b6a39f commit5d0489bCopy full SHA for 5d0489b

File tree

5 files changed

+22

-6

lines changed

coderd
- database
  - modelmethods.go
- externalauth
  - externalauth.go
- externalauth.go
- promoauth
  - oauth2_test.go
- workspaceagents.go

5 files changed

+22

-6

lines changed

`‎coderd/database/modelmethods.go`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ import (`
`6`	`6`	`"time"`
`7`	`7`
`8`	`8`	`"golang.org/x/exp/maps"`
	`9`	`+"golang.org/x/oauth2"`
`9`	`10`
`10`	`11`	`"github.com/coder/coder/v2/coderd/database/dbtime"`
`11`	`12`	`"github.com/coder/coder/v2/coderd/rbac"`
`@@ -268,6 +269,14 @@ func (u ExternalAuthLink) RBACObject() rbac.Object {`
`268`	`269`	`returnrbac.ResourceUserData.WithID(u.UserID).WithOwner(u.UserID.String())`
`269`	`270`	`}`
`270`	`271`
	`272`	`+func (uExternalAuthLink)OAuthToken()*oauth2.Token {`
	`273`	`+return&oauth2.Token{`
	`274`	`+AccessToken:u.OAuthAccessToken,`
	`275`	`+RefreshToken:u.OAuthRefreshToken,`
	`276`	`+Expiry:u.OAuthExpiry,`
	`277`	`+}`
	`278`	`+}`
	`279`	`+`
`271`	`280`	`func (uUserLink)RBACObject() rbac.Object {`
`272`	`281`	`// I assume UserData is ok?`
`273`	`282`	`returnrbac.ResourceUserData.WithOwner(u.UserID.String()).WithID(u.UserID)`

`‎coderd/externalauth.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,7 @@ func (api API) externalAuthByID(w http.ResponseWriter, r http.Request) {`
`57`	`57`	`}`
`58`	`58`	`vareg errgroup.Group`
`59`	`59`	`eg.Go(func() (errerror) {`
`60`		`-res.Authenticated,res.User,err=config.ValidateToken(ctx,link.OAuthAccessToken)`
	`60`	`+res.Authenticated,res.User,err=config.ValidateToken(ctx,link.OAuthToken())`
`61`	`61`	`returnerr`
`62`	`62`	`})`
`63`	`63`	`eg.Go(func() (errerror) {`

`‎coderd/externalauth/externalauth.go`

Lines changed: 10 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -138,7 +138,7 @@ func (c *Config) RefreshToken(ctx context.Context, db database.Store, externalAu`
`138`	`138`	`retryCtx,retryCtxCancel:=context.WithTimeout(ctx,time.Second)`
`139`	`139`	`deferretryCtxCancel()`
`140`	`140`	`validate:`
`141`		`-valid,_,err:=c.ValidateToken(ctx,token.AccessToken)`
	`141`	`+valid,_,err:=c.ValidateToken(ctx,token)`
`142`	`142`	`iferr!=nil {`
`143`	`143`	`returnexternalAuthLink,false,xerrors.Errorf("validate external auth token: %w",err)`
`144`	`144`	`}`
`@@ -179,7 +179,14 @@ validate:`
`179`	`179`
`180`	`180`	`// ValidateToken ensures the Git token provided is valid!`
`181`	`181`	`// The user is optionally returned if the provider supports it.`
`182`		`-func (cConfig)ValidateToken(ctx context.Context,tokenstring) (bool,codersdk.ExternalAuthUser,error) {`
	`182`	`+func (cConfig)ValidateToken(ctx context.Context,linkoauth2.Token) (bool,*codersdk.ExternalAuthUser,error) {`
	`183`	`+iflink==nil {`
	`184`	`+returnfalse,nil,xerrors.New("validate external auth token: token is nil")`
	`185`	`+}`
	`186`	`+if!link.Expiry.IsZero()&&link.Expiry.Before(dbtime.Now()) {`
	`187`	`+returnfalse,nil,nil`
	`188`	`+}`
	`189`	`+`
`183`	`190`	`ifc.ValidateURL=="" {`
`184`	`191`	`// Default that the token is valid if no validation URL is provided.`
`185`	`192`	`returntrue,nil,nil`
`@@ -189,7 +196,7 @@ func (c Config) ValidateToken(ctx context.Context, token string) (bool, coders`
`189`	`196`	`returnfalse,nil,err`
`190`	`197`	`}`
`191`	`198`
`192`		`-req.Header.Set("Authorization",fmt.Sprintf("Bearer %s",token))`
	`199`	`+req.Header.Set("Authorization",fmt.Sprintf("Bearer %s",link.AccessToken))`
`193`	`200`	`res,err:=c.InstrumentedOAuth2Config.Do(ctx,promoauth.SourceValidateToken,req)`
`194`	`201`	`iferr!=nil {`
`195`	`202`	`returnfalse,nil,err`

`‎coderd/promoauth/oauth2_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ func TestInstrument(t *testing.T) {`
`75`	`75`	`require.Equal(t,count("TokenSource"),1)`
`76`	`76`
`77`	`77`	`// Try a validate`
`78`		`-valid,_,err:=cfg.ValidateToken(ctx,refreshed.AccessToken)`
	`78`	`+valid,_,err:=cfg.ValidateToken(ctx,refreshed)`
`79`	`79`	`require.NoError(t,err)`
`80`	`80`	`require.True(t,valid)`
`81`	`81`	`require.Equal(t,count("ValidateToken"),1)`

`‎coderd/workspaceagents.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -2143,7 +2143,7 @@ func (api *API) workspaceAgentsExternalAuthListen(rw http.ResponseWriter, ctx co`
`2143`	`2143`	`continue`
`2144`	`2144`	`}`
`2145`	`2145`
`2146`		`-valid,_,err:=externalAuthConfig.ValidateToken(ctx,externalAuthLink.OAuthAccessToken)`
	`2146`	`+valid,_,err:=externalAuthConfig.ValidateToken(ctx,externalAuthLink.OAuthToken())`
`2147`	`2147`	`iferr!=nil {`
`2148`	`2148`	`api.Logger.Warn(ctx,"failed to validate external auth token",`
`2149`	`2149`	`slog.F("workspace_owner_id",workspace.OwnerID.String()),`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit5d0489b

File tree

5 files changed

5 files changed

`‎coderd/database/modelmethods.go`

`‎coderd/externalauth.go`

`‎coderd/externalauth/externalauth.go`

`‎coderd/promoauth/oauth2_test.go`

`‎coderd/workspaceagents.go`

0 commit comments