Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commita78d1ab

Browse files
mafredripull[bot]
authored andcommitted
fix: Protect codersdk.Client SessionToken so it can be updated (#4965)
This feature is used by the coder agent to exchange a new token. Byprotecting the SessionToken via mutex we ensure there are no data raceswhen accessing it.
1 parenta32c344 commita78d1ab

25 files changed

+82
-64
lines changed

‎cli/agent.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,7 @@ func workspaceAgent() *cobra.Command {
9797
iferr!=nil {
9898
returnxerrors.Errorf("CODER_AGENT_TOKEN must be set for token auth: %w",err)
9999
}
100-
client.SessionToken=token
100+
client.SetSessionToken(token)
101101
case"google-instance-identity":
102102
// This is *only* done for testing to mock client authentication.
103103
// This will never be set in a production scenario.
@@ -153,13 +153,13 @@ func workspaceAgent() *cobra.Command {
153153
Logger:logger,
154154
ExchangeToken:func(ctx context.Context) (string,error) {
155155
ifexchangeToken==nil {
156-
returnclient.SessionToken,nil
156+
returnclient.SessionToken(),nil
157157
}
158158
resp,err:=exchangeToken(ctx)
159159
iferr!=nil {
160160
return"",err
161161
}
162-
client.SessionToken=resp.SessionToken
162+
client.SetSessionToken(resp.SessionToken)
163163
returnresp.SessionToken,nil
164164
},
165165
EnvironmentVariables:map[string]string{

‎cli/clitest/clitest.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ func NewWithSubcommands(
4343

4444
// SetupConfig applies the URL and SessionToken of the client to the config.
4545
funcSetupConfig(t*testing.T,client*codersdk.Client,root config.Root) {
46-
err:=root.Session().Write(client.SessionToken)
46+
err:=root.Session().Write(client.SessionToken())
4747
require.NoError(t,err)
4848
err=root.URL().Write(client.URL.String())
4949
require.NoError(t,err)

‎cli/configssh_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ func TestConfigSSH(t *testing.T) {
105105
workspace:=coderdtest.CreateWorkspace(t,client,user.OrganizationID,template.ID)
106106
coderdtest.AwaitWorkspaceBuildJob(t,client,workspace.LatestBuild.ID)
107107
agentClient:=codersdk.New(client.URL)
108-
agentClient.SessionToken=authToken
108+
agentClient.SetSessionToken(authToken)
109109
agentCloser:=agent.New(agent.Options{
110110
Client:agentClient,
111111
Logger:slogtest.Make(t,nil).Named("agent"),

‎cli/login.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -214,7 +214,7 @@ func login() *cobra.Command {
214214
Text:"Paste your token here:",
215215
Secret:true,
216216
Validate:func(tokenstring)error {
217-
client.SessionToken=token
217+
client.SetSessionToken(token)
218218
_,err:=client.User(cmd.Context(),codersdk.Me)
219219
iferr!=nil {
220220
returnxerrors.New("That's not a valid token!")
@@ -228,7 +228,7 @@ func login() *cobra.Command {
228228
}
229229

230230
// Login to get user data - verify it is OK before persisting
231-
client.SessionToken=sessionToken
231+
client.SetSessionToken(sessionToken)
232232
resp,err:=client.User(cmd.Context(),codersdk.Me)
233233
iferr!=nil {
234234
returnxerrors.Errorf("get user: %w",err)

‎cli/login_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -148,7 +148,7 @@ func TestLogin(t *testing.T) {
148148
}()
149149

150150
pty.ExpectMatch("Paste your token here:")
151-
pty.WriteLine(client.SessionToken)
151+
pty.WriteLine(client.SessionToken())
152152
pty.ExpectMatch("Welcome to Coder")
153153
<-doneChan
154154
})
@@ -183,11 +183,11 @@ func TestLogin(t *testing.T) {
183183
t.Parallel()
184184
client:=coderdtest.New(t,nil)
185185
coderdtest.CreateFirstUser(t,client)
186-
root,cfg:=clitest.New(t,"login",client.URL.String(),"--token",client.SessionToken)
186+
root,cfg:=clitest.New(t,"login",client.URL.String(),"--token",client.SessionToken())
187187
err:=root.Execute()
188188
require.NoError(t,err)
189189
sessionFile,err:=cfg.Session().Read()
190190
require.NoError(t,err)
191-
require.Equal(t,client.SessionToken,sessionFile)
191+
require.Equal(t,client.SessionToken(),sessionFile)
192192
})
193193
}

‎cli/logout_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -209,7 +209,7 @@ func login(t *testing.T, pty *ptytest.PTY) config.Root {
209209
}()
210210

211211
pty.ExpectMatch("Paste your token here:")
212-
pty.WriteLine(client.SessionToken)
212+
pty.WriteLine(client.SessionToken())
213213
pty.ExpectMatch("Welcome to Coder")
214214
<-doneChan
215215

‎cli/root.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -306,7 +306,7 @@ func CreateClient(cmd *cobra.Command) (*codersdk.Client, error) {
306306
iferr!=nil {
307307
returnnil,err
308308
}
309-
client.SessionToken=token
309+
client.SetSessionToken(token)
310310
returnclient,nil
311311
}
312312

@@ -347,7 +347,7 @@ func createAgentClient(cmd *cobra.Command) (*codersdk.Client, error) {
347347
returnnil,err
348348
}
349349
client:=codersdk.New(serverURL)
350-
client.SessionToken=token
350+
client.SetSessionToken(token)
351351
returnclient,nil
352352
}
353353

‎cli/speedtest_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ func TestSpeedtest(t *testing.T) {
2222
}
2323
client,workspace,agentToken:=setupWorkspaceForAgent(t)
2424
agentClient:=codersdk.New(client.URL)
25-
agentClient.SessionToken=agentToken
25+
agentClient.SetSessionToken(agentToken)
2626
agentCloser:=agent.New(agent.Options{
2727
Client:agentClient,
2828
Logger:slogtest.Make(t,nil).Named("agent"),

‎cli/ssh_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,7 @@ func TestSSH(t *testing.T) {
8787
pty.ExpectMatch("Waiting")
8888

8989
agentClient:=codersdk.New(client.URL)
90-
agentClient.SessionToken=agentToken
90+
agentClient.SetSessionToken(agentToken)
9191
agentCloser:=agent.New(agent.Options{
9292
Client:agentClient,
9393
Logger:slogtest.Make(t,nil).Named("agent"),
@@ -107,7 +107,7 @@ func TestSSH(t *testing.T) {
107107
// Run this async so the SSH command has to wait for
108108
// the build and agent to connect!
109109
agentClient:=codersdk.New(client.URL)
110-
agentClient.SessionToken=agentToken
110+
agentClient.SetSessionToken(agentToken)
111111
agentCloser:=agent.New(agent.Options{
112112
Client:agentClient,
113113
Logger:slogtest.Make(t,nil).Named("agent"),
@@ -174,7 +174,7 @@ func TestSSH(t *testing.T) {
174174
client,workspace,agentToken:=setupWorkspaceForAgent(t)
175175

176176
agentClient:=codersdk.New(client.URL)
177-
agentClient.SessionToken=agentToken
177+
agentClient.SetSessionToken(agentToken)
178178
agentCloser:=agent.New(agent.Options{
179179
Client:agentClient,
180180
Logger:slogtest.Make(t,nil).Named("agent"),

‎coderd/coderdtest/coderdtest.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -360,7 +360,7 @@ func CreateFirstUser(t *testing.T, client *codersdk.Client) codersdk.CreateFirst
360360
Password:FirstUserParams.Password,
361361
})
362362
require.NoError(t,err)
363-
client.SessionToken=login.SessionToken
363+
client.SetSessionToken(login.SessionToken)
364364
returnresp
365365
}
366366

@@ -400,7 +400,7 @@ func createAnotherUserRetry(t *testing.T, client *codersdk.Client, organizationI
400400
require.NoError(t,err)
401401

402402
other:=codersdk.New(client.URL)
403-
other.SessionToken=login.SessionToken
403+
other.SetSessionToken(login.SessionToken)
404404

405405
iflen(roles)>0 {
406406
// Find the roles for the org vs the site wide roles

‎coderd/gitsshkey_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -134,7 +134,7 @@ func TestAgentGitSSHKey(t *testing.T) {
134134
coderdtest.AwaitWorkspaceBuildJob(t,client,workspace.LatestBuild.ID)
135135

136136
agentClient:=codersdk.New(client.URL)
137-
agentClient.SessionToken=authToken
137+
agentClient.SetSessionToken(authToken)
138138

139139
ctx,cancel:=context.WithTimeout(context.Background(),testutil.WaitLong)
140140
defercancel()

‎coderd/templates_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -601,7 +601,7 @@ func TestTemplateMetrics(t *testing.T) {
601601
coderdtest.AwaitWorkspaceBuildJob(t,client,workspace.LatestBuild.ID)
602602

603603
agentClient:=codersdk.New(client.URL)
604-
agentClient.SessionToken=authToken
604+
agentClient.SetSessionToken(authToken)
605605
agentCloser:=agent.New(agent.Options{
606606
Logger:slogtest.Make(t,nil),
607607
Client:agentClient,

‎coderd/userauth_test.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -275,7 +275,7 @@ func TestUserOAuth2Github(t *testing.T) {
275275
resp:=oauth2Callback(t,client)
276276
require.Equal(t,http.StatusTemporaryRedirect,resp.StatusCode)
277277

278-
client.SessionToken=authCookieValue(resp.Cookies())
278+
client.SetSessionToken(authCookieValue(resp.Cookies()))
279279
user,err:=client.User(context.Background(),"me")
280280
require.NoError(t,err)
281281
require.Equal(t,"kyle@coder.com",user.Email)
@@ -485,14 +485,14 @@ func TestUserOIDC(t *testing.T) {
485485
ctx,_:=testutil.Context(t)
486486

487487
iftc.Username!="" {
488-
client.SessionToken=authCookieValue(resp.Cookies())
488+
client.SetSessionToken(authCookieValue(resp.Cookies()))
489489
user,err:=client.User(ctx,"me")
490490
require.NoError(t,err)
491491
require.Equal(t,tc.Username,user.Username)
492492
}
493493

494494
iftc.AvatarURL!="" {
495-
client.SessionToken=authCookieValue(resp.Cookies())
495+
client.SetSessionToken(authCookieValue(resp.Cookies()))
496496
user,err:=client.User(ctx,"me")
497497
require.NoError(t,err)
498498
require.Equal(t,tc.AvatarURL,user.AvatarURL)
@@ -520,7 +520,7 @@ func TestUserOIDC(t *testing.T) {
520520

521521
ctx,_:=testutil.Context(t)
522522

523-
client.SessionToken=authCookieValue(resp.Cookies())
523+
client.SetSessionToken(authCookieValue(resp.Cookies()))
524524
user,err:=client.User(ctx,"me")
525525
require.NoError(t,err)
526526
require.Equal(t,"jon",user.Username)
@@ -534,7 +534,7 @@ func TestUserOIDC(t *testing.T) {
534534
resp=oidcCallback(t,client,code)
535535
assert.Equal(t,http.StatusTemporaryRedirect,resp.StatusCode)
536536

537-
client.SessionToken=authCookieValue(resp.Cookies())
537+
client.SetSessionToken(authCookieValue(resp.Cookies()))
538538
user,err=client.User(ctx,"me")
539539
require.NoError(t,err)
540540
require.True(t,strings.HasPrefix(user.Username,"jon-"),"username %q should have prefix %q",user.Username,"jon-")

‎coderd/users_test.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -280,7 +280,7 @@ func TestPostLogin(t *testing.T) {
280280
ctx,cancel:=context.WithTimeout(context.Background(),testutil.WaitLong)
281281
defercancel()
282282

283-
split:=strings.Split(client.SessionToken,"-")
283+
split:=strings.Split(client.SessionToken(),"-")
284284
key,err:=client.GetAPIKey(ctx,admin.UserID.String(),split[0])
285285
require.NoError(t,err,"fetch login key")
286286
require.Equal(t,int64(86400),key.LifetimeSeconds,"default should be 86400")
@@ -356,7 +356,7 @@ func TestPostLogout(t *testing.T) {
356356
ctx,cancel:=context.WithTimeout(context.Background(),testutil.WaitLong)
357357
defercancel()
358358

359-
keyID:=strings.Split(client.SessionToken,"-")[0]
359+
keyID:=strings.Split(client.SessionToken(),"-")[0]
360360
apiKey,err:=client.GetAPIKey(ctx,admin.UserID.String(),keyID)
361361
require.NoError(t,err)
362362
require.Equal(t,keyID,apiKey.ID,"API key should exist in the database")
@@ -676,7 +676,7 @@ func TestUpdateUserPassword(t *testing.T) {
676676
})
677677
require.NoError(t,err)
678678

679-
client.SessionToken=resp.SessionToken
679+
client.SetSessionToken(resp.SessionToken)
680680

681681
// Trying to get an API key should fail since all keys are deleted
682682
// on password change.
@@ -1359,7 +1359,7 @@ func TestWorkspacesByUser(t *testing.T) {
13591359
require.NoError(t,err)
13601360

13611361
newUserClient:=codersdk.New(client.URL)
1362-
newUserClient.SessionToken=auth.SessionToken
1362+
newUserClient.SetSessionToken(auth.SessionToken)
13631363
version:=coderdtest.CreateTemplateVersion(t,client,user.OrganizationID,nil)
13641364
coderdtest.AwaitTemplateVersionJob(t,client,version.ID)
13651365
template:=coderdtest.CreateTemplate(t,client,user.OrganizationID,version.ID)

‎coderd/workspaceagents_test.go

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -113,7 +113,7 @@ func TestWorkspaceAgentListen(t *testing.T) {
113113
coderdtest.AwaitWorkspaceBuildJob(t,client,workspace.LatestBuild.ID)
114114

115115
agentClient:=codersdk.New(client.URL)
116-
agentClient.SessionToken=authToken
116+
agentClient.SetSessionToken(authToken)
117117
agentCloser:=agent.New(agent.Options{
118118
Client:agentClient,
119119
Logger:slogtest.Make(t,nil).Named("agent").Leveled(slog.LevelDebug),
@@ -205,7 +205,7 @@ func TestWorkspaceAgentListen(t *testing.T) {
205205
coderdtest.AwaitWorkspaceBuildJob(t,client,stopBuild.ID)
206206

207207
agentClient:=codersdk.New(client.URL)
208-
agentClient.SessionToken=authToken
208+
agentClient.SetSessionToken(authToken)
209209

210210
_,err=agentClient.ListenWorkspaceAgent(ctx)
211211
require.Error(t,err)
@@ -245,7 +245,7 @@ func TestWorkspaceAgentTailnet(t *testing.T) {
245245
daemonCloser.Close()
246246

247247
agentClient:=codersdk.New(client.URL)
248-
agentClient.SessionToken=authToken
248+
agentClient.SetSessionToken(authToken)
249249
agentCloser:=agent.New(agent.Options{
250250
Client:agentClient,
251251
Logger:slogtest.Make(t,nil).Named("agent").Leveled(slog.LevelDebug),
@@ -311,7 +311,7 @@ func TestWorkspaceAgentPTY(t *testing.T) {
311311
coderdtest.AwaitWorkspaceBuildJob(t,client,workspace.LatestBuild.ID)
312312

313313
agentClient:=codersdk.New(client.URL)
314-
agentClient.SessionToken=authToken
314+
agentClient.SetSessionToken(authToken)
315315
agentCloser:=agent.New(agent.Options{
316316
Client:agentClient,
317317
Logger:slogtest.Make(t,nil).Named("agent").Leveled(slog.LevelDebug),
@@ -408,7 +408,7 @@ func TestWorkspaceAgentListeningPorts(t *testing.T) {
408408
coderdtest.AwaitWorkspaceBuildJob(t,client,workspace.LatestBuild.ID)
409409

410410
agentClient:=codersdk.New(client.URL)
411-
agentClient.SessionToken=authToken
411+
agentClient.SetSessionToken(authToken)
412412
agentCloser:=agent.New(agent.Options{
413413
Client:agentClient,
414414
Logger:slogtest.Make(t,nil).Named("agent").Leveled(slog.LevelDebug),
@@ -670,7 +670,7 @@ func TestWorkspaceAgentAppHealth(t *testing.T) {
670670
defercancel()
671671

672672
agentClient:=codersdk.New(client.URL)
673-
agentClient.SessionToken=authToken
673+
agentClient.SetSessionToken(authToken)
674674

675675
metadata,err:=agentClient.WorkspaceAgentMetadata(ctx)
676676
require.NoError(t,err)
@@ -754,7 +754,7 @@ func TestWorkspaceAgentsGitAuth(t *testing.T) {
754754
coderdtest.AwaitWorkspaceBuildJob(t,client,workspace.LatestBuild.ID)
755755

756756
agentClient:=codersdk.New(client.URL)
757-
agentClient.SessionToken=authToken
757+
agentClient.SetSessionToken(authToken)
758758
_,err:=agentClient.WorkspaceAgentGitAuth(context.Background(),"github.com",false)
759759
varapiError*codersdk.Error
760760
require.ErrorAs(t,err,&apiError)
@@ -799,7 +799,7 @@ func TestWorkspaceAgentsGitAuth(t *testing.T) {
799799
coderdtest.AwaitWorkspaceBuildJob(t,client,workspace.LatestBuild.ID)
800800

801801
agentClient:=codersdk.New(client.URL)
802-
agentClient.SessionToken=authToken
802+
agentClient.SetSessionToken(authToken)
803803
token,err:=agentClient.WorkspaceAgentGitAuth(context.Background(),"github.com/asd/asd",false)
804804
require.NoError(t,err)
805805
require.True(t,strings.HasSuffix(token.URL,fmt.Sprintf("/gitauth/%s","github")))
@@ -879,7 +879,7 @@ func TestWorkspaceAgentsGitAuth(t *testing.T) {
879879
coderdtest.AwaitWorkspaceBuildJob(t,client,workspace.LatestBuild.ID)
880880

881881
agentClient:=codersdk.New(client.URL)
882-
agentClient.SessionToken=authToken
882+
agentClient.SetSessionToken(authToken)
883883

884884
token,err:=agentClient.WorkspaceAgentGitAuth(context.Background(),"github.com/asd/asd",false)
885885
require.NoError(t,err)
@@ -920,7 +920,7 @@ func gitAuthCallback(t *testing.T, id string, client *codersdk.Client) *http.Res
920920
})
921921
req.AddCookie(&http.Cookie{
922922
Name:codersdk.SessionTokenKey,
923-
Value:client.SessionToken,
923+
Value:client.SessionToken(),
924924
})
925925
res,err:=client.HTTPClient.Do(req)
926926
require.NoError(t,err)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp