NotificationsYou must be signed in to change notification settings
Fork1.1k
Star11.4k

Commit9b364e0

committed

fix: Protect codersdk.Client SessionToken so it can be updated

This feature is used by the coder agent to exchange a new token. Byprotecting the SessionToken via mutex we ensure there are no data raceswhen accessing it.

1 parentd82364b commit9b364e0Copy full SHA for 9b364e0

File tree

25 files changed

+84

-66

lines changed

cli
coderd
codersdk
enterprise/coderd
- replicas_test.go
- workspaceagents_test.go
loadtest
- agentconn
  - run_test.go
- workspacebuild
  - run_test.go

25 files changed

+84

-66

lines changed

`‎cli/agent.go‎`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ func workspaceAgent() *cobra.Command {`
`97`	`97`	`iferr!=nil {`
`98`	`98`	`returnxerrors.Errorf("CODER_AGENT_TOKEN must be set for token auth: %w",err)`
`99`	`99`	`}`
`100`		`-client.SessionToken=token`
	`100`	`+client.SetSessionToken(token)`
`101`	`101`	`case"google-instance-identity":`
`102`	`102`	`// This is only done for testing to mock client authentication.`
`103`	`103`	`// This will never be set in a production scenario.`
`@@ -153,14 +153,14 @@ func workspaceAgent() *cobra.Command {`
`153`	`153`	`Logger:logger,`
`154`	`154`	`ExchangeToken:func(ctx context.Context) (string,error) {`
`155`	`155`	`ifexchangeToken==nil {`
`156`		`-returnclient.SessionToken,nil`
	`156`	`+returnclient.SessionToken(),nil`
`157`	`157`	`}`
`158`	`158`	`resp,err:=exchangeToken(ctx)`
`159`	`159`	`iferr!=nil {`
`160`	`160`	`return"",err`
`161`	`161`	`}`
`162`		`-client.SessionToken=resp.SessionToken`
`163`		`-returnresp.SessionToken,nil`
	`162`	`+client.SetSessionToken(resp.SessionToken())`
	`163`	`+returnresp.SessionToken(),nil`
`164`	`164`	`},`
`165`	`165`	`EnvironmentVariables:map[string]string{`
`166`	`166`	`"GIT_ASKPASS":executablePath,`

`‎cli/clitest/clitest.go‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ func NewWithSubcommands(`
`43`	`43`
`44`	`44`	`// SetupConfig applies the URL and SessionToken of the client to the config.`
`45`	`45`	`funcSetupConfig(ttesting.T,clientcodersdk.Client,root config.Root) {`
`46`		`-err:=root.Session().Write(client.SessionToken)`
	`46`	`+err:=root.Session().Write(client.SessionToken())`
`47`	`47`	`require.NoError(t,err)`
`48`	`48`	`err=root.URL().Write(client.URL.String())`
`49`	`49`	`require.NoError(t,err)`

`‎cli/configssh_test.go‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -105,7 +105,7 @@ func TestConfigSSH(t *testing.T) {`
`105`	`105`	`workspace:=coderdtest.CreateWorkspace(t,client,user.OrganizationID,template.ID)`
`106`	`106`	`coderdtest.AwaitWorkspaceBuildJob(t,client,workspace.LatestBuild.ID)`
`107`	`107`	`agentClient:=codersdk.New(client.URL)`
`108`		`-agentClient.SessionToken=authToken`
	`108`	`+agentClient.SetSessionToken(authToken)`
`109`	`109`	`agentCloser:=agent.New(agent.Options{`
`110`	`110`	`Client:agentClient,`
`111`	`111`	`Logger:slogtest.Make(t,nil).Named("agent"),`

`‎cli/login.go‎`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -179,7 +179,7 @@ func login() *cobra.Command {`
`179`	`179`	`returnxerrors.Errorf("login with password: %w",err)`
`180`	`180`	`}`
`181`	`181`
`182`		`-sessionToken:=resp.SessionToken`
	`182`	`+sessionToken:=resp.SessionToken()`
`183`	`183`	`config:=createConfig(cmd)`
`184`	`184`	`err=config.Session().Write(sessionToken)`
`185`	`185`	`iferr!=nil {`
`@@ -214,7 +214,7 @@ func login() *cobra.Command {`
`214`	`214`	`Text:"Paste your token here:",`
`215`	`215`	`Secret:true,`
`216`	`216`	`Validate:func(tokenstring)error {`
`217`		`-client.SessionToken=token`
	`217`	`+client.SetSessionToken(token)`
`218`	`218`	`_,err:=client.User(cmd.Context(),codersdk.Me)`
`219`	`219`	`iferr!=nil {`
`220`	`220`	`returnxerrors.New("That's not a valid token!")`
`@@ -228,7 +228,7 @@ func login() *cobra.Command {`
`228`	`228`	`}`
`229`	`229`
`230`	`230`	`// Login to get user data - verify it is OK before persisting`
`231`		`-client.SessionToken=sessionToken`
	`231`	`+client.SetSessionToken(sessionToken)`
`232`	`232`	`resp,err:=client.User(cmd.Context(),codersdk.Me)`
`233`	`233`	`iferr!=nil {`
`234`	`234`	`returnxerrors.Errorf("get user: %w",err)`

`‎cli/login_test.go‎`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -148,7 +148,7 @@ func TestLogin(t *testing.T) {`
`148`	`148`	`}()`
`149`	`149`
`150`	`150`	`pty.ExpectMatch("Paste your token here:")`
`151`		`-pty.WriteLine(client.SessionToken)`
	`151`	`+pty.WriteLine(client.SessionToken())`
`152`	`152`	`pty.ExpectMatch("Welcome to Coder")`
`153`	`153`	`<-doneChan`
`154`	`154`	`})`
`@@ -183,11 +183,11 @@ func TestLogin(t *testing.T) {`
`183`	`183`	`t.Parallel()`
`184`	`184`	`client:=coderdtest.New(t,nil)`
`185`	`185`	`coderdtest.CreateFirstUser(t,client)`
`186`		`-root,cfg:=clitest.New(t,"login",client.URL.String(),"--token",client.SessionToken)`
	`186`	`+root,cfg:=clitest.New(t,"login",client.URL.String(),"--token",client.SessionToken())`
`187`	`187`	`err:=root.Execute()`
`188`	`188`	`require.NoError(t,err)`
`189`	`189`	`sessionFile,err:=cfg.Session().Read()`
`190`	`190`	`require.NoError(t,err)`
`191`		`-require.Equal(t,client.SessionToken,sessionFile)`
	`191`	`+require.Equal(t,client.SessionToken(),sessionFile)`
`192`	`192`	`})`
`193`	`193`	`}`

`‎cli/logout_test.go‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -209,7 +209,7 @@ func login(t testing.T, pty ptytest.PTY) config.Root {`
`209`	`209`	`}()`
`210`	`210`
`211`	`211`	`pty.ExpectMatch("Paste your token here:")`
`212`		`-pty.WriteLine(client.SessionToken)`
	`212`	`+pty.WriteLine(client.SessionToken())`
`213`	`213`	`pty.ExpectMatch("Welcome to Coder")`
`214`	`214`	`<-doneChan`
`215`	`215`

`‎cli/root.go‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -306,7 +306,7 @@ func CreateClient(cmd cobra.Command) (codersdk.Client, error) {`
`306`	`306`	`iferr!=nil {`
`307`	`307`	`returnnil,err`
`308`	`308`	`}`
`309`		`-client.SessionToken=token`
	`309`	`+client.SetSessionToken(token)`
`310`	`310`	`returnclient,nil`
`311`	`311`	`}`
`312`	`312`
`@@ -347,7 +347,7 @@ func createAgentClient(cmd cobra.Command) (codersdk.Client, error) {`
`347`	`347`	`returnnil,err`
`348`	`348`	`}`
`349`	`349`	`client:=codersdk.New(serverURL)`
`350`		`-client.SessionToken=token`
	`350`	`+client.SetSessionToken(token)`
`351`	`351`	`returnclient,nil`
`352`	`352`	`}`
`353`	`353`

`‎cli/speedtest_test.go‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ func TestSpeedtest(t *testing.T) {`
`22`	`22`	`}`
`23`	`23`	`client,workspace,agentToken:=setupWorkspaceForAgent(t)`
`24`	`24`	`agentClient:=codersdk.New(client.URL)`
`25`		`-agentClient.SessionToken=agentToken`
	`25`	`+agentClient.SetSessionToken(agentToken)`
`26`	`26`	`agentCloser:=agent.New(agent.Options{`
`27`	`27`	`Client:agentClient,`
`28`	`28`	`Logger:slogtest.Make(t,nil).Named("agent"),`

`‎cli/ssh_test.go‎`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ func TestSSH(t *testing.T) {`
`87`	`87`	`pty.ExpectMatch("Waiting")`
`88`	`88`
`89`	`89`	`agentClient:=codersdk.New(client.URL)`
`90`		`-agentClient.SessionToken=agentToken`
	`90`	`+agentClient.SetSessionToken(agentToken)`
`91`	`91`	`agentCloser:=agent.New(agent.Options{`
`92`	`92`	`Client:agentClient,`
`93`	`93`	`Logger:slogtest.Make(t,nil).Named("agent"),`
`@@ -107,7 +107,7 @@ func TestSSH(t *testing.T) {`
`107`	`107`	`// Run this async so the SSH command has to wait for`
`108`	`108`	`// the build and agent to connect!`
`109`	`109`	`agentClient:=codersdk.New(client.URL)`
`110`		`-agentClient.SessionToken=agentToken`
	`110`	`+agentClient.SetSessionToken(agentToken)`
`111`	`111`	`agentCloser:=agent.New(agent.Options{`
`112`	`112`	`Client:agentClient,`
`113`	`113`	`Logger:slogtest.Make(t,nil).Named("agent"),`
`@@ -174,7 +174,7 @@ func TestSSH(t *testing.T) {`
`174`	`174`	`client,workspace,agentToken:=setupWorkspaceForAgent(t)`
`175`	`175`
`176`	`176`	`agentClient:=codersdk.New(client.URL)`
`177`		`-agentClient.SessionToken=agentToken`
	`177`	`+agentClient.SetSessionToken(agentToken)`
`178`	`178`	`agentCloser:=agent.New(agent.Options{`
`179`	`179`	`Client:agentClient,`
`180`	`180`	`Logger:slogtest.Make(t,nil).Named("agent"),`

`‎coderd/coderdtest/coderdtest.go‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -360,7 +360,7 @@ func CreateFirstUser(t testing.T, client codersdk.Client) codersdk.CreateFirst`
`360`	`360`	`Password:FirstUserParams.Password,`
`361`	`361`	`})`
`362`	`362`	`require.NoError(t,err)`
`363`		`-client.SessionToken=login.SessionToken`
	`363`	`+client.SetSessionToken(login.SessionToken())`
`364`	`364`	`returnresp`
`365`	`365`	`}`
`366`	`366`
`@@ -400,7 +400,7 @@ func createAnotherUserRetry(t testing.T, client codersdk.Client, organizationI`
`400`	`400`	`require.NoError(t,err)`
`401`	`401`
`402`	`402`	`other:=codersdk.New(client.URL)`
`403`		`-other.SessionToken=login.SessionToken`
	`403`	`+other.SetSessionToken(login.SessionToken())`
`404`	`404`
`405`	`405`	`iflen(roles)>0 {`
`406`	`406`	`// Find the roles for the org vs the site wide roles`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit9b364e0

File tree

25 files changed

25 files changed

`‎cli/agent.go‎`

`‎cli/clitest/clitest.go‎`

`‎cli/configssh_test.go‎`

`‎cli/login.go‎`

`‎cli/login_test.go‎`

`‎cli/logout_test.go‎`

`‎cli/root.go‎`

`‎cli/speedtest_test.go‎`

`‎cli/ssh_test.go‎`

`‎coderd/coderdtest/coderdtest.go‎`

0 commit comments