Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit71dbd0c

Browse files
authored
fix: nil ptr deref when removing OIDC from deployment and accessing old users (#17501)
If OIDC is removed from a deployment, trying to create a workspace for a previous useron OIDC would panic.
1 parentc106aee commit71dbd0c

File tree

2 files changed

+51
-1
lines changed

2 files changed

+51
-1
lines changed

‎coderd/provisionerdserver/provisionerdserver.go‎

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -515,7 +515,9 @@ func (s *server) acquireProtoJob(ctx context.Context, job database.ProvisionerJo
515515
}
516516

517517
varworkspaceOwnerOIDCAccessTokenstring
518-
ifs.OIDCConfig!=nil {
518+
// The check `s.OIDCConfig != nil` is not as strict, since it can be an interface
519+
// pointing to a typed nil.
520+
if!reflect.ValueOf(s.OIDCConfig).IsNil() {
519521
workspaceOwnerOIDCAccessToken,err=obtainOIDCAccessToken(ctx,s.Database,s.OIDCConfig,owner.ID)
520522
iferr!=nil {
521523
returnnil,failJob(fmt.Sprintf("obtain OIDC access token: %s",err))

‎coderd/workspaces_test.go‎

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4349,3 +4349,51 @@ func TestWorkspaceTimings(t *testing.T) {
43494349
require.Contains(t,err.Error(),"not found")
43504350
})
43514351
}
4352+
4353+
// TestOIDCRemoved emulates a user logging in with OIDC, then that OIDC
4354+
// auth method being removed.
4355+
funcTestOIDCRemoved(t*testing.T) {
4356+
t.Parallel()
4357+
4358+
owner,db:=coderdtest.NewWithDatabase(t,&coderdtest.Options{
4359+
IncludeProvisionerDaemon:true,
4360+
})
4361+
first:=coderdtest.CreateFirstUser(t,owner)
4362+
4363+
user,userData:=coderdtest.CreateAnotherUser(t,owner,first.OrganizationID,rbac.ScopedRoleOrgAdmin(first.OrganizationID))
4364+
4365+
ctx:=testutil.Context(t,testutil.WaitMedium)
4366+
//nolint:gocritic // unit test
4367+
_,err:=db.UpdateUserLoginType(dbauthz.AsSystemRestricted(ctx), database.UpdateUserLoginTypeParams{
4368+
NewLoginType:database.LoginTypeOIDC,
4369+
UserID:userData.ID,
4370+
})
4371+
require.NoError(t,err)
4372+
4373+
//nolint:gocritic // unit test
4374+
_,err=db.InsertUserLink(dbauthz.AsSystemRestricted(ctx), database.InsertUserLinkParams{
4375+
UserID:userData.ID,
4376+
LoginType:database.LoginTypeOIDC,
4377+
LinkedID:"random",
4378+
OAuthAccessToken:"foobar",
4379+
OAuthAccessTokenKeyID: sql.NullString{},
4380+
OAuthRefreshToken:"refresh",
4381+
OAuthRefreshTokenKeyID: sql.NullString{},
4382+
OAuthExpiry:time.Now().Add(time.Hour*-1),
4383+
Claims: database.UserLinkClaims{},
4384+
})
4385+
require.NoError(t,err)
4386+
4387+
version:=coderdtest.CreateTemplateVersion(t,owner,first.OrganizationID,nil)
4388+
_=coderdtest.AwaitTemplateVersionJobCompleted(t,owner,version.ID)
4389+
template:=coderdtest.CreateTemplate(t,owner,first.OrganizationID,version.ID)
4390+
4391+
wrk:=coderdtest.CreateWorkspace(t,user,template.ID)
4392+
coderdtest.AwaitWorkspaceBuildJobCompleted(t,owner,wrk.LatestBuild.ID)
4393+
4394+
deleteBuild,err:=owner.CreateWorkspaceBuild(ctx,wrk.ID, codersdk.CreateWorkspaceBuildRequest{
4395+
Transition:codersdk.WorkspaceTransitionDelete,
4396+
})
4397+
require.NoError(t,err,"delete the workspace")
4398+
coderdtest.AwaitWorkspaceBuildJobCompleted(t,owner,deleteBuild.ID)
4399+
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp