NotificationsYou must be signed in to change notification settings
Fork1k
Star11.1k

Commitaca2f6a

committed

chore: add OAuth2 device flow test scripts

Change-Id: Ic232851727e683ab3d8b7ce970c505588da2f827Signed-off-by: Thomas Kosiewski <tk@coder.com>

1 parent395f736 commitaca2f6aCopy full SHA for aca2f6a

File tree

46 files changed

+1359

-803

lines changed

.claude/scripts
- format.sh
coderd
- apidoc
  - docs.go
  - swagger.json
- audit
  - diff.go
  - request.go
- coderd.go
- database
  - dbauthz
    - dbauthz.go
    - dbauthz_test.go
  - dbgen
    - dbgen.go
  - dbmetrics
    - querymetrics.go
  - dbmock
    - dbmock.go
  - dump.sql
  - migrations
  - models.go
  - querier.go
  - queries.sql.go
  - queries
    - oauth2.sql
- oauth2.go
- oauth2_test.go
- oauth2provider
- rbac
  - object_gen.go
  - policy
    - policy.go
  - roles_test.go
codersdk
- audit.go
- rbacresources_gen.go
docs
- admin/security
  - audit-logs.md
- reference/api
  - schemas.md
enterprise/audit
- table.go
scripts/oauth2
- README.md
- device
  - server.go
- setup-test-app.sh
- test-device-flow.sh
site
- src/api
  - rbacresourcesGenerated.ts
  - typesGenerated.ts
- static

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

46 files changed

+1359

-803

lines changed

`‎.claude/scripts/format.sh‎`

Lines changed: 16 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -101,30 +101,36 @@ fi`
`101`	`101`	`# Get the file extension to determine the appropriate formatter`
`102`	`102`	`file_ext="${file_path##*.}"`
`103`	`103`
	`104`	`+# Helper function to run formatter and handle errors`
	`105`	`+run_formatter() {`
	`106`	`+local target="$1"`
	`107`	`+local file_type="$2"`
	`108`	`+`
	`109`	`+if! make FILE="$file_path""$target";then`
	`110`	`+echo"Error: Failed to format$file_type file:$file_path">&2`
	`111`	`+exit 2`
	`112`	`+fi`
	`113`	`+echo"✓ Formatted$file_type file:$file_path"`
	`114`	`+}`
`104`	`115`	`# Change to the project root directory (where the Makefile is located)`
`105`	`116`	`cd"$(dirname"$0")/../.."`
`106`	`117`
`107`	`118`	`# Call the appropriate Makefile target based on file extension`
`108`	`119`	`case"$file_ext"in`
`109`	`120`	`go)`
`110`		`-make fmt/go FILE="$file_path"`
`111`		`-echo"✓ Formatted Go file:$file_path"`
	`121`	`+run_formatter"fmt/go""Go"`
`112`	`122`	`;;`
`113`	`123`	`js \| jsx \| ts \| tsx)`
`114`		`-make fmt/ts FILE="$file_path"`
`115`		`-echo"✓ Formatted TypeScript/JavaScript file:$file_path"`
	`124`	`+run_formatter"fmt/ts""TypeScript/JavaScript"`
`116`	`125`	`;;`
`117`	`126`	`tf \| tfvars)`
`118`		`-make fmt/terraform FILE="$file_path"`
`119`		`-echo"✓ Formatted Terraform file:$file_path"`
	`127`	`+run_formatter"fmt/terraform""Terraform"`
`120`	`128`	`;;`
`121`	`129`	`sh)`
`122`		`-make fmt/shfmt FILE="$file_path"`
`123`		`-echo"✓ Formatted shell script:$file_path"`
	`130`	`+run_formatter"fmt/shfmt""shell script"`
`124`	`131`	`;;`
`125`	`132`	`md)`
`126`		`-make fmt/markdown FILE="$file_path"`
`127`		`-echo"✓ Formatted Markdown file:$file_path"`
	`133`	`+run_formatter"fmt/markdown""Markdown"`
`128`	`134`	`;;`
`129`	`135`	`*)`
`130`	`136`	`echo"No formatter available for file extension:$file_ext"`

`‎coderd/apidoc/docs.go‎`

Lines changed: 2 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/apidoc/swagger.json‎`

Lines changed: 2 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/audit/diff.go‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ type Auditable interface {`
`24`	`24`	`database.NotificationsSettings\|`
`25`	`25`	`database.OAuth2ProviderApp\|`
`26`	`26`	`database.OAuth2ProviderAppSecret\|`
	`27`	`+database.OAuth2ProviderDeviceCode\|`
`27`	`28`	`database.PrebuildsSettings\|`
`28`	`29`	`database.CustomRole\|`
`29`	`30`	`database.AuditableOrganizationMember\|`

`‎coderd/audit/request.go‎`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -117,6 +117,8 @@ func ResourceTarget[T Auditable](tgt T) string {`
`117`	`117`	`returntyped.Name`
`118`	`118`	`case database.OAuth2ProviderAppSecret:`
`119`	`119`	`returntyped.DisplaySecret`
	`120`	`+case database.OAuth2ProviderDeviceCode:`
	`121`	`+returntyped.UserCode`
`120`	`122`	`case database.CustomRole:`
`121`	`123`	`returntyped.Name`
`122`	`124`	`case database.AuditableOrganizationMember:`
`@@ -179,6 +181,8 @@ func ResourceID[T Auditable](tgt T) uuid.UUID {`
`179`	`181`	`returntyped.ID`
`180`	`182`	`case database.OAuth2ProviderAppSecret:`
`181`	`183`	`returntyped.ID`
	`184`	`+case database.OAuth2ProviderDeviceCode:`
	`185`	`+returntyped.ID`
`182`	`186`	`case database.CustomRole:`
`183`	`187`	`returntyped.ID`
`184`	`188`	`case database.AuditableOrganizationMember:`
`@@ -232,6 +236,8 @@ func ResourceType[T Auditable](tgt T) database.ResourceType {`
`232`	`236`	`returndatabase.ResourceTypeOauth2ProviderApp`
`233`	`237`	`case database.OAuth2ProviderAppSecret:`
`234`	`238`	`returndatabase.ResourceTypeOauth2ProviderAppSecret`
	`239`	`+case database.OAuth2ProviderDeviceCode:`
	`240`	`+returndatabase.ResourceTypeOauth2ProviderDeviceCode`
`235`	`241`	`case database.CustomRole:`
`236`	`242`	`returndatabase.ResourceTypeCustomRole`
`237`	`243`	`case database.AuditableOrganizationMember:`
`@@ -288,6 +294,8 @@ func ResourceRequiresOrgID[T Auditable]() bool {`
`288`	`294`	`returnfalse`
`289`	`295`	`case database.OAuth2ProviderAppSecret:`
`290`	`296`	`returnfalse`
	`297`	`+case database.OAuth2ProviderDeviceCode:`
	`298`	`+returnfalse`
`291`	`299`	`case database.CustomRole:`
`292`	`300`	`returntrue`
`293`	`301`	`case database.AuditableOrganizationMember:`

`‎coderd/coderd.go‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -996,7 +996,7 @@ func New(options Options) API {`
`996`	`996`	`r.Route("/device",func(r chi.Router) {`
`997`	`997`	`r.Post("/",api.postOAuth2DeviceAuthorization())// RFC 8628 compliant endpoint`
`998`	`998`	`r.Route("/verify",func(r chi.Router) {`
`999`		`-r.Use(apiKeyMiddleware)`
	`999`	`+r.Use(apiKeyMiddlewareRedirect)`
`1000`	`1000`	`r.Get("/",api.getOAuth2DeviceVerification())`
`1001`	`1001`	`r.Post("/",api.postOAuth2DeviceVerification())`
`1002`	`1002`	`})`

`‎coderd/database/dbauthz/dbauthz.go‎`

Lines changed: 76 additions & 32 deletions

Original file line number	Diff line number	Diff line change
`@@ -417,6 +417,35 @@ var (`
`417`	`417`	`rbac.ResourceProvisionerJobs.Type: {policy.ActionRead,policy.ActionUpdate,policy.ActionCreate},`
`418`	`418`	`rbac.ResourceOauth2App.Type: {policy.ActionCreate,policy.ActionRead,policy.ActionUpdate,policy.ActionDelete},`
`419`	`419`	`rbac.ResourceOauth2AppSecret.Type: {policy.ActionCreate,policy.ActionRead,policy.ActionUpdate,policy.ActionDelete},`
	`420`	`+rbac.ResourceOauth2AppCodeToken.Type: {policy.ActionCreate,policy.ActionRead,policy.ActionUpdate,policy.ActionDelete},`
	`421`	`+}),`
	`422`	`+Org:map[string][]rbac.Permission{},`
	`423`	`+User: []rbac.Permission{},`
	`424`	`+},`
	`425`	`+}),`
	`426`	`+Scope:rbac.ScopeAll,`
	`427`	`+}.WithCachedASTValue()`
	`428`	`+`
	`429`	`+subjectSystemOAuth2= rbac.Subject{`
	`430`	`+Type:rbac.SubjectTypeSystemRestricted,`
	`431`	`+FriendlyName:"System OAuth2",`
	`432`	`+ID:uuid.Nil.String(),`
	`433`	`+Roles:rbac.Roles([]rbac.Role{`
	`434`	`+{`
	`435`	`+Identifier: rbac.RoleIdentifier{Name:"system-oauth2"},`
	`436`	`+DisplayName:"System OAuth2",`
	`437`	`+Site:rbac.Permissions(map[string][]policy.Action{`
	`438`	`+// OAuth2 resources - full CRUD permissions`
	`439`	`+rbac.ResourceOauth2App.Type:rbac.ResourceOauth2App.AvailableActions(),`
	`440`	`+rbac.ResourceOauth2AppSecret.Type:rbac.ResourceOauth2AppSecret.AvailableActions(),`
	`441`	`+rbac.ResourceOauth2AppCodeToken.Type:rbac.ResourceOauth2AppCodeToken.AvailableActions(),`
	`442`	`+`
	`443`	`+// API key permissions needed for OAuth2 token revocation`
	`444`	`+rbac.ResourceApiKey.Type: {policy.ActionRead,policy.ActionDelete},`
	`445`	`+`
	`446`	`+// Minimal read permissions that might be needed for OAuth2 operations`
	`447`	`+rbac.ResourceUser.Type: {policy.ActionRead},`
	`448`	`+rbac.ResourceOrganization.Type: {policy.ActionRead},`
`420`	`449`	`}),`
`421`	`450`	`Org:map[string][]rbac.Permission{},`
`422`	`451`	`User: []rbac.Permission{},`
`@@ -567,6 +596,12 @@ func AsSystemRestricted(ctx context.Context) context.Context {`
`567`	`596`	`returnAs(ctx,subjectSystemRestricted)`
`568`	`597`	`}`
`569`	`598`
	`599`	`+// AsSystemOAuth2 returns a context with an actor that has permissions`
	`600`	`+// required for OAuth2 provider operations (token revocation, device codes, registration).`
	`601`	`+funcAsSystemOAuth2(ctx context.Context) context.Context {`
	`602`	`+returnAs(ctx,subjectSystemOAuth2)`
	`603`	`+}`
	`604`	`+`
`570`	`605`	`// AsSystemReadProvisionerDaemons returns a context with an actor that has permissions`
`571`	`606`	`// to read provisioner daemons.`
`572`	`607`	`funcAsSystemReadProvisionerDaemons(ctx context.Context) context.Context {`
`@@ -1346,6 +1381,14 @@ func (q *querier) CleanTailnetTunnels(ctx context.Context) error {`
`1346`	`1381`	`returnq.db.CleanTailnetTunnels(ctx)`
`1347`	`1382`	`}`
`1348`	`1383`
	`1384`	`+func (q*querier)ConsumeOAuth2ProviderAppCodeByPrefix(ctx context.Context,secretPrefix []byte) (database.OAuth2ProviderAppCode,error) {`
	`1385`	`+returnupdateWithReturn(q.log,q.auth,q.db.GetOAuth2ProviderAppCodeByPrefix,q.db.ConsumeOAuth2ProviderAppCodeByPrefix)(ctx,secretPrefix)`
	`1386`	`+}`
	`1387`	`+`
	`1388`	`+func (q*querier)ConsumeOAuth2ProviderDeviceCodeByPrefix(ctx context.Context,deviceCodePrefixstring) (database.OAuth2ProviderDeviceCode,error) {`
	`1389`	`+returnupdateWithReturn(q.log,q.auth,q.db.GetOAuth2ProviderDeviceCodeByPrefix,q.db.ConsumeOAuth2ProviderDeviceCodeByPrefix)(ctx,deviceCodePrefix)`
	`1390`	`+}`
	`1391`	`+`
`1349`	`1392`	`func (q*querier)CountAuditLogs(ctx context.Context,arg database.CountAuditLogsParams) (int64,error) {`
`1350`	`1393`	`// Shortcut if the user is an owner. The SQL filter is noticeable,`
`1351`	`1394`	`// and this is an easy win for owners. Which is the common case.`
`@@ -1489,7 +1532,7 @@ func (q *querier) DeleteExpiredOAuth2ProviderDeviceCodes(ctx context.Context) er`
`1489`	`1532`	`func (q*querier)DeleteExternalAuthLink(ctx context.Context,arg database.DeleteExternalAuthLinkParams)error {`
`1490`	`1533`	`returnfetchAndExec(q.log,q.auth,policy.ActionUpdatePersonal,func(ctx context.Context,arg database.DeleteExternalAuthLinkParams) (database.ExternalAuthLink,error) {`
`1491`	`1534`	`//nolint:gosimple`
`1492`		`-returnq.db.GetExternalAuthLink(ctx, database.GetExternalAuthLinkParams{UserID:arg.UserID,ProviderID:arg.ProviderID})`
	`1535`	`+returnq.db.GetExternalAuthLink(ctx,database.GetExternalAuthLinkParams(arg))`
`1493`	`1536`	`},q.db.DeleteExternalAuthLink)(ctx,arg)`
`1494`	`1537`	`}`
`1495`	`1538`
`@@ -1568,27 +1611,30 @@ func (q *querier) DeleteOAuth2ProviderAppTokensByAppAndUserID(ctx context.Contex`
`1568`	`1611`	`returnq.db.DeleteOAuth2ProviderAppTokensByAppAndUserID(ctx,arg)`
`1569`	`1612`	`}`
`1570`	`1613`
`1571`		`-func (q*querier)DeleteOldAuditLogConnectionEvents(ctx context.Context,threshold database.DeleteOldAuditLogConnectionEventsParams)error {`
`1572`		-// `ResourceSystem` is deprecated, but it doesn't make sense to add
`1573`		-// `policy.ActionDelete` to `ResourceAuditLog`, since this is the one and
`1574`		`-// only time we'll be deleting from the audit log.`
`1575`		`-iferr:=q.authorizeContext(ctx,policy.ActionDelete,rbac.ResourceSystem);err!=nil {`
`1576`		`-returnerr`
`1577`		`-}`
`1578`		`-returnq.db.DeleteOldAuditLogConnectionEvents(ctx,threshold)`
`1579`		`-}`
`1580`		`-`
`1581`	`1614`	`func (q*querier)DeleteOAuth2ProviderDeviceCodeByID(ctx context.Context,id uuid.UUID)error {`
`1582`	`1615`	`// Fetch the device code first to check authorization`
`1583`	`1616`	`deviceCode,err:=q.db.GetOAuth2ProviderDeviceCodeByID(ctx,id)`
`1584`	`1617`	`iferr!=nil {`
`1585`		`-returnerr`
	`1618`	`+returnxerrors.Errorf("get oauth2 provider device code: %w",err)`
`1586`	`1619`	`}`
`1587`	`1620`	`iferr:=q.authorizeContext(ctx,policy.ActionDelete,deviceCode);err!=nil {`
`1588`		`-returnerr`
	`1621`	`+returnxerrors.Errorf("authorize oauth2 provider device code deletion: %w",err)`
`1589`	`1622`	`}`
`1590`	`1623`
`1591`		`-returnq.db.DeleteOAuth2ProviderDeviceCodeByID(ctx,id)`
	`1624`	`+iferr:=q.db.DeleteOAuth2ProviderDeviceCodeByID(ctx,id);err!=nil {`
	`1625`	`+returnxerrors.Errorf("delete oauth2 provider device code: %w",err)`
	`1626`	`+}`
	`1627`	`+returnnil`
	`1628`	`+}`
	`1629`	`+`
	`1630`	`+func (q*querier)DeleteOldAuditLogConnectionEvents(ctx context.Context,threshold database.DeleteOldAuditLogConnectionEventsParams)error {`
	`1631`	+// `ResourceSystem` is deprecated, but it doesn't make sense to add
	`1632`	+// `policy.ActionDelete` to `ResourceAuditLog`, since this is the one and
	`1633`	`+// only time we'll be deleting from the audit log.`
	`1634`	`+iferr:=q.authorizeContext(ctx,policy.ActionDelete,rbac.ResourceSystem);err!=nil {`
	`1635`	`+returnerr`
	`1636`	`+}`
	`1637`	`+returnq.db.DeleteOldAuditLogConnectionEvents(ctx,threshold)`
`1592`	`1638`	`}`
`1593`	`1639`
`1594`	`1640`	`func (q*querier)DeleteOldNotificationMessages(ctx context.Context)error {`
`@@ -1620,7 +1666,7 @@ func (q *querier) DeleteOldWorkspaceAgentStats(ctx context.Context) error {`
`1620`	`1666`	`}`
`1621`	`1667`
`1622`	`1668`	`func (q*querier)DeleteOrganizationMember(ctx context.Context,arg database.DeleteOrganizationMemberParams)error {`
`1623`		`-returndeleteQ[database.OrganizationMember](q.log,q.auth,func(ctx context.Context,arg database.DeleteOrganizationMemberParams) (database.OrganizationMember,error) {`
	`1669`	`+returndeleteQ(q.log,q.auth,func(ctx context.Context,arg database.DeleteOrganizationMemberParams) (database.OrganizationMember,error) {`
`1624`	`1670`	`member,err:=database.ExpectOne(q.OrganizationMembers(ctx, database.OrganizationMembersParams{`
`1625`	`1671`	`OrganizationID:arg.OrganizationID,`
`1626`	`1672`	`UserID:arg.UserID,`
`@@ -2213,7 +2259,7 @@ func (q *querier) GetLicenseByID(ctx context.Context, id int32) (database.Licens`
`2213`	`2259`	`}`
`2214`	`2260`
`2215`	`2261`	`func (q*querier)GetLicenses(ctx context.Context) ([]database.License,error) {`
`2216`		`-fetch:=func(ctx context.Context,_interface{}) ([]database.License,error) {`
	`2262`	`+fetch:=func(ctx context.Context,_any) ([]database.License,error) {`
`2217`	`2263`	`returnq.db.GetLicenses(ctx)`
`2218`	`2264`	`}`
`2219`	`2265`	`returnfetchWithPostFilter(q.auth,policy.ActionRead,fetch)(ctx,nil)`
`@@ -2377,8 +2423,8 @@ func (q *querier) GetOAuth2ProviderDeviceCodeByUserCode(ctx context.Context, use`
`2377`	`2423`	`}`
`2378`	`2424`
`2379`	`2425`	`func (q*querier)GetOAuth2ProviderDeviceCodesByClientID(ctx context.Context,clientID uuid.UUID) ([]database.OAuth2ProviderDeviceCode,error) {`
`2380`		`-// This requires access to readtheOAuth2 app`
`2381`		`-iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceOauth2App);err!=nil {`
	`2426`	`+// This requires access to read OAuth2 app code tokens`
	`2427`	`+iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceOauth2AppCodeToken);err!=nil {`
`2382`	`2428`	`return []database.OAuth2ProviderDeviceCode{},err`
`2383`	`2429`	`}`
`2384`	`2430`	`returnq.db.GetOAuth2ProviderDeviceCodesByClientID(ctx,clientID)`
`@@ -2435,7 +2481,7 @@ func (q *querier) GetOrganizationResourceCountByID(ctx context.Context, organiza`
`2435`	`2481`	`}`
`2436`	`2482`
`2437`	`2483`	`func (q*querier)GetOrganizations(ctx context.Context,args database.GetOrganizationsParams) ([]database.Organization,error) {`
`2438`		`-fetch:=func(ctx context.Context,_interface{}) ([]database.Organization,error) {`
	`2484`	`+fetch:=func(ctx context.Context,_any) ([]database.Organization,error) {`
`2439`	`2485`	`returnq.db.GetOrganizations(ctx,args)`
`2440`	`2486`	`}`
`2441`	`2487`	`returnfetchWithPostFilter(q.auth,policy.ActionRead,fetch)(ctx,nil)`
`@@ -2563,7 +2609,7 @@ func (q *querier) GetPreviousTemplateVersion(ctx context.Context, arg database.G`
`2563`	`2609`	`}`
`2564`	`2610`
`2565`	`2611`	`func (q*querier)GetProvisionerDaemons(ctx context.Context) ([]database.ProvisionerDaemon,error) {`
`2566`		`-fetch:=func(ctx context.Context,_interface{}) ([]database.ProvisionerDaemon,error) {`
	`2612`	`+fetch:=func(ctx context.Context,_any) ([]database.ProvisionerDaemon,error) {`
`2567`	`2613`	`returnq.db.GetProvisionerDaemons(ctx)`
`2568`	`2614`	`}`
`2569`	`2615`	`returnfetchWithPostFilter(q.auth,policy.ActionRead,fetch)(ctx,nil)`
`@@ -3554,7 +3600,7 @@ func (q *querier) GetWorkspaceModulesCreatedAfter(ctx context.Context, createdAt`
`3554`	`3600`	`}`
`3555`	`3601`
`3556`	`3602`	`func (q*querier)GetWorkspaceProxies(ctx context.Context) ([]database.WorkspaceProxy,error) {`
`3557`		`-returnfetchWithPostFilter(q.auth,policy.ActionRead,func(ctx context.Context,_interface{}) ([]database.WorkspaceProxy,error) {`
	`3603`	`+returnfetchWithPostFilter(q.auth,policy.ActionRead,func(ctx context.Context,_any) ([]database.WorkspaceProxy,error) {`
`3558`	`3604`	`returnq.db.GetWorkspaceProxies(ctx)`
`3559`	`3605`	`})(ctx,nil)`
`3560`	`3606`	`}`
`@@ -3848,8 +3894,8 @@ func (q *querier) InsertOAuth2ProviderAppToken(ctx context.Context, arg database`
`3848`	`3894`	`}`
`3849`	`3895`
`3850`	`3896`	`func (q*querier)InsertOAuth2ProviderDeviceCode(ctx context.Context,arg database.InsertOAuth2ProviderDeviceCodeParams) (database.OAuth2ProviderDeviceCode,error) {`
`3851`		`-// Creating device codes requires OAuth2 app access`
`3852`		`-iferr:=q.authorizeContext(ctx,policy.ActionCreate,rbac.ResourceOauth2App);err!=nil {`
	`3897`	`+// Creating device codes requires OAuth2 appcode token creationaccess`
	`3898`	`+iferr:=q.authorizeContext(ctx,policy.ActionCreate,rbac.ResourceOauth2AppCodeToken);err!=nil {`
`3853`	`3899`	`return database.OAuth2ProviderDeviceCode{},err`
`3854`	`3900`	`}`
`3855`	`3901`	`returnq.db.InsertOAuth2ProviderDeviceCode(ctx,arg)`
`@@ -4156,10 +4202,11 @@ func (q *querier) InsertWorkspaceBuild(ctx context.Context, arg database.InsertW`
`4156`	`4202`	`returnxerrors.Errorf("get workspace by id: %w",err)`
`4157`	`4203`	`}`
`4158`	`4204`
`4159`		`-varaction policy.Action=policy.ActionWorkspaceStart`
`4160`		`-ifarg.Transition==database.WorkspaceTransitionDelete {`
	`4205`	`+action:=policy.ActionWorkspaceStart`
	`4206`	`+switcharg.Transition {`
	`4207`	`+casedatabase.WorkspaceTransitionDelete:`
`4161`	`4208`	`action=policy.ActionDelete`
`4162`		`-}elseifarg.Transition==database.WorkspaceTransitionStop {`
	`4209`	`+casedatabase.WorkspaceTransitionStop:`
`4163`	`4210`	`action=policy.ActionWorkspaceStop`
`4164`	`4211`	`}`
`4165`	`4212`
`@@ -4536,13 +4583,10 @@ func (q *querier) UpdateOAuth2ProviderAppSecretByID(ctx context.Context, arg dat`
`4536`	`4583`	`}`
`4537`	`4584`
`4538`	`4585`	`func (q*querier)UpdateOAuth2ProviderDeviceCodeAuthorization(ctx context.Context,arg database.UpdateOAuth2ProviderDeviceCodeAuthorizationParams) (database.OAuth2ProviderDeviceCode,error) {`
`4539`		`-// Verify the user is authenticated for device code authorization`
`4540`		`-_,ok:=ActorFromContext(ctx)`
`4541`		`-if!ok {`
`4542`		`-return database.OAuth2ProviderDeviceCode{},ErrNoActor`
	`4586`	`+fetch:=func(ctx context.Context,arg database.UpdateOAuth2ProviderDeviceCodeAuthorizationParams) (database.OAuth2ProviderDeviceCode,error) {`
	`4587`	`+returnq.db.GetOAuth2ProviderDeviceCodeByID(ctx,arg.ID)`
`4543`	`4588`	`}`
`4544`		`-`
`4545`		`-returnq.db.UpdateOAuth2ProviderDeviceCodeAuthorization(ctx,arg)`
	`4589`	`+returnupdateWithReturn(q.log,q.auth,fetch,q.db.UpdateOAuth2ProviderDeviceCodeAuthorization)(ctx,arg)`
`4546`	`4590`	`}`
`4547`	`4591`
`4548`	`4592`	`func (q*querier)UpdateOrganization(ctx context.Context,arg database.UpdateOrganizationParams) (database.Organization,error) {`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitaca2f6a

File tree

46 files changed

Some content is hidden

46 files changed

`‎.claude/scripts/format.sh‎`

`‎coderd/apidoc/docs.go‎`

`‎coderd/apidoc/swagger.json‎`

`‎coderd/audit/diff.go‎`

`‎coderd/audit/request.go‎`

`‎coderd/coderd.go‎`

`‎coderd/database/dbauthz/dbauthz.go‎`

0 commit comments