NotificationsYou must be signed in to change notification settings
Fork1.1k
Star11.8k

Commitb7e55ef

committed

Lint, fmt, and fix some tests

1 parentfe2c91c commitb7e55efCopy full SHA for b7e55ef

File tree

13 files changed

+239

-237

lines changed

coderd
- apikey
  - apikey_test.go
- coderdtest/oidctest
  - helper.go
  - idp.go
- database
  - db2sdk
    - db2sdk.go
  - modelmethods.go
enterprise/coderd
- coderd.go
- identityprovider
- oauth2_test.go
scripts/renderstatics
- main.go
site
- src/pages/UserSettingsPage/OAuth2ProviderPage
  - OAuth2ProviderPage.tsx
- static
  - oauth2allow.html

13 files changed

+239

-237

lines changed

`‎coderd/apikey/apikey_test.go‎`

Lines changed: 51 additions & 42 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,11 +10,9 @@ import (`
`10`	`10`	`"github.com/stretchr/testify/assert"`
`11`	`11`	`"github.com/stretchr/testify/require"`
`12`	`12`
`13`		`-"github.com/coder/coder/v2/cli/clibase"`
`14`	`13`	`"github.com/coder/coder/v2/coderd/apikey"`
`15`	`14`	`"github.com/coder/coder/v2/coderd/database"`
`16`	`15`	`"github.com/coder/coder/v2/coderd/database/dbtime"`
`17`		`-"github.com/coder/coder/v2/codersdk"`
`18`	`16`	`)`
`19`	`17`
`20`	`18`	`funcTestGenerate(t*testing.T) {`
`@@ -30,69 +28,80 @@ func TestGenerate(t *testing.T) {`
`30`	`28`	`{`
`31`	`29`	`name:"OK",`
`32`	`30`	`params: apikey.CreateParams{`
`33`		`-UserID:uuid.New(),`
`34`		`-LoginType:database.LoginTypeOIDC,`
`35`		`-DeploymentValues:&codersdk.DeploymentValues{},`
`36`		`-ExpiresAt:time.Now().Add(time.Hour),`
`37`		`-LifetimeSeconds:int64(time.Hour.Seconds()),`
`38`		`-TokenName:"hello",`
`39`		`-RemoteAddr:"1.2.3.4",`
`40`		`-Scope:database.APIKeyScopeApplicationConnect,`
	`31`	`+UserID:uuid.New(),`
	`32`	`+LoginType:database.LoginTypeOIDC,`
	`33`	`+DefaultLifetime:time.Duration(0),`
	`34`	`+ExpiresAt:time.Now().Add(time.Hour),`
	`35`	`+LifetimeSeconds:int64(time.Hour.Seconds()),`
	`36`	`+TokenName:"hello",`
	`37`	`+RemoteAddr:"1.2.3.4",`
	`38`	`+Scope:database.APIKeyScopeApplicationConnect,`
`41`	`39`	`},`
`42`	`40`	`},`
`43`	`41`	`{`
`44`	`42`	`name:"InvalidScope",`
`45`	`43`	`params: apikey.CreateParams{`
`46`		`-UserID:uuid.New(),`
`47`		`-LoginType:database.LoginTypeOIDC,`
`48`		`-DeploymentValues:&codersdk.DeploymentValues{},`
`49`		`-ExpiresAt:time.Now().Add(time.Hour),`
`50`		`-LifetimeSeconds:int64(time.Hour.Seconds()),`
`51`		`-TokenName:"hello",`
`52`		`-RemoteAddr:"1.2.3.4",`
`53`		`-Scope:database.APIKeyScope("test"),`
	`44`	`+UserID:uuid.New(),`
	`45`	`+LoginType:database.LoginTypeOIDC,`
	`46`	`+DefaultLifetime:time.Duration(0),`
	`47`	`+ExpiresAt:time.Now().Add(time.Hour),`
	`48`	`+LifetimeSeconds:int64(time.Hour.Seconds()),`
	`49`	`+TokenName:"hello",`
	`50`	`+RemoteAddr:"1.2.3.4",`
	`51`	`+Scope:database.APIKeyScope("test"),`
`54`	`52`	`},`
`55`	`53`	`fail:true,`
`56`	`54`	`},`
`57`	`55`	`{`
`58`	`56`	`name:"DeploymentSessionDuration",`
`59`	`57`	`params: apikey.CreateParams{`
`60`		`-UserID:uuid.New(),`
`61`		`-LoginType:database.LoginTypeOIDC,`
`62`		`-DeploymentValues:&codersdk.DeploymentValues{`
`63`		`-SessionDuration:clibase.Duration(time.Hour),`
`64`		`-},`
	`58`	`+UserID:uuid.New(),`
	`59`	`+LoginType:database.LoginTypeOIDC,`
	`60`	`+DefaultLifetime:time.Hour,`
`65`	`61`	`LifetimeSeconds:0,`
`66`	`62`	`ExpiresAt: time.Time{},`
`67`	`63`	`TokenName:"hello",`
`68`	`64`	`RemoteAddr:"1.2.3.4",`
`69`	`65`	`Scope:database.APIKeyScopeApplicationConnect,`
`70`	`66`	`},`
`71`	`67`	`},`
	`68`	`+{`
	`69`	`+name:"LifetimeSeconds",`
	`70`	`+params: apikey.CreateParams{`
	`71`	`+UserID:uuid.New(),`
	`72`	`+LoginType:database.LoginTypeOIDC,`
	`73`	`+DefaultLifetime:time.Duration(0),`
	`74`	`+LifetimeSeconds:int64(time.Hour.Seconds()),`
	`75`	`+ExpiresAt: time.Time{},`
	`76`	`+TokenName:"hello",`
	`77`	`+RemoteAddr:"1.2.3.4",`
	`78`	`+Scope:database.APIKeyScopeApplicationConnect,`
	`79`	`+},`
	`80`	`+},`
`72`	`81`	`{`
`73`	`82`	`name:"DefaultIP",`
`74`	`83`	`params: apikey.CreateParams{`
`75`		`-UserID:uuid.New(),`
`76`		`-LoginType:database.LoginTypeOIDC,`
`77`		`-DeploymentValues:&codersdk.DeploymentValues{},`
`78`		`-ExpiresAt:time.Now().Add(time.Hour),`
`79`		`-LifetimeSeconds:int64(time.Hour.Seconds()),`
`80`		`-TokenName:"hello",`
`81`		`-RemoteAddr:"",`
`82`		`-Scope:database.APIKeyScopeApplicationConnect,`
	`84`	`+UserID:uuid.New(),`
	`85`	`+LoginType:database.LoginTypeOIDC,`
	`86`	`+DefaultLifetime:time.Duration(0),`
	`87`	`+ExpiresAt:time.Now().Add(time.Hour),`
	`88`	`+LifetimeSeconds:int64(time.Hour.Seconds()),`
	`89`	`+TokenName:"hello",`
	`90`	`+RemoteAddr:"",`
	`91`	`+Scope:database.APIKeyScopeApplicationConnect,`
`83`	`92`	`},`
`84`	`93`	`},`
`85`	`94`	`{`
`86`	`95`	`name:"DefaultScope",`
`87`	`96`	`params: apikey.CreateParams{`
`88`		`-UserID:uuid.New(),`
`89`		`-LoginType:database.LoginTypeOIDC,`
`90`		`-DeploymentValues:&codersdk.DeploymentValues{},`
`91`		`-ExpiresAt:time.Now().Add(time.Hour),`
`92`		`-LifetimeSeconds:int64(time.Hour.Seconds()),`
`93`		`-TokenName:"hello",`
`94`		`-RemoteAddr:"1.2.3.4",`
`95`		`-Scope:"",`
	`97`	`+UserID:uuid.New(),`
	`98`	`+LoginType:database.LoginTypeOIDC,`
	`99`	`+DefaultLifetime:time.Duration(0),`
	`100`	`+ExpiresAt:time.Now().Add(time.Hour),`
	`101`	`+LifetimeSeconds:int64(time.Hour.Seconds()),`
	`102`	`+TokenName:"hello",`
	`103`	`+RemoteAddr:"1.2.3.4",`
	`104`	`+Scope:"",`
`96`	`105`	`},`
`97`	`106`	`},`
`98`	`107`	`}`
`@@ -131,15 +140,15 @@ func TestGenerate(t *testing.T) {`
`131`	`140`	`// Should not be a delta greater than 5 seconds.`
`132`	`141`	`assert.InDelta(t,time.Until(tc.params.ExpiresAt).Seconds(),key.LifetimeSeconds,5)`
`133`	`142`	`}else {`
`134`		`-assert.Equal(t,int64(tc.params.DeploymentValues.SessionDuration.Value().Seconds()),key.LifetimeSeconds)`
	`143`	`+assert.Equal(t,int64(tc.params.DefaultLifetime.Seconds()),key.LifetimeSeconds)`
`135`	`144`	`}`
`136`	`145`
`137`	`146`	`if!tc.params.ExpiresAt.IsZero() {`
`138`	`147`	`assert.Equal(t,tc.params.ExpiresAt.UTC(),key.ExpiresAt)`
`139`	`148`	`}elseiftc.params.LifetimeSeconds>0 {`
`140`		`-assert.WithinDuration(t,dbtime.Now().Add(time.Duration(tc.params.LifetimeSeconds)),key.ExpiresAt,time.Second*5)`
	`149`	`+assert.WithinDuration(t,dbtime.Now().Add(time.Duration(tc.params.LifetimeSeconds)time.Second),key.ExpiresAt,time.Second5)`
`141`	`150`	`}else {`
`142`		`-assert.WithinDuration(t,dbtime.Now().Add(tc.params.DeploymentValues.SessionDuration.Value()),key.ExpiresAt,time.Second*5)`
	`151`	`+assert.WithinDuration(t,dbtime.Now().Add(tc.params.DefaultLifetime),key.ExpiresAt,time.Second*5)`
`143`	`152`	`}`
`144`	`153`
`145`	`154`	`iftc.params.RemoteAddr!="" {`

`‎coderd/coderdtest/oidctest/helper.go‎`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,6 @@ import (`
`4`	`4`	`"context"`
`5`	`5`	`"database/sql"`
`6`	`6`	`"encoding/json"`
`7`		`-"fmt"`
`8`	`7`	`"net/http"`
`9`	`8`	`"net/url"`
`10`	`9`	`"testing"`
`@@ -162,7 +161,7 @@ func OAuth2GetCode(authURL string, state string, doRequest func(req *http.Reques`
`162`	`161`
`163`	`162`	`newState:=toURL.Query().Get("state")`
`164`	`163`	`ifnewState!=state {`
`165`		`-return"",fmt.Errorf("expected state %q, got %q",state,newState)`
	`164`	`+return"",xerrors.Errorf("expected state %q, got %q",state,newState)`
`166`	`165`	`}`
`167`	`166`	`returncode,nil`
`168`	`167`	`}`

`‎coderd/coderdtest/oidctest/idp.go‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -424,7 +424,7 @@ func (f FakeIDP) ExternalLogin(t testing.TB, client codersdk.Client, opts ...f`
`424`	`424`	`// unit tests, it's easier to skip this step sometimes. It does make an actual`
`425`	`425`	`// request to the IDP, so it should be equivalent to doing this "manually" with`
`426`	`426`	`// actual requests.`
`427`		`-func (fFakeIDP)CreateAuthCode(t testing.TB,statestring,opts...func(rhttp.Request))string {`
	`427`	`+func (f*FakeIDP)CreateAuthCode(t testing.TB,statestring)string {`
`428`	`428`	`// We need to store some claims, because this is also an OIDC provider, and`
`429`	`429`	`// it expects some claims to be present.`
`430`	`430`	`f.stateToIDTokenClaims.Store(state, jwt.MapClaims{})`

`‎coderd/database/db2sdk/db2sdk.go‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -234,7 +234,7 @@ func OAuth2ProviderApp(accessURL *url.URL, dbApp database.OAuth2ProviderApp) cod`
`234`	`234`	`Icon:dbApp.Icon,`
`235`	`235`	`Endpoints: codersdk.OAuth2ProviderAppEndpoints{`
`236`	`236`	`Authorization:accessURL.ResolveReference(&url.URL{`
`237`		`-Path:fmt.Sprintf("/login/oauth2/authorize"),`
	`237`	`+Path:"/login/oauth2/authorize",`
`238`	`238`	`}).String(),`
`239`	`239`	`Token:accessURL.ResolveReference(&url.URL{`
`240`	`240`	`Path:"/login/oauth2/tokens",`

`‎coderd/database/modelmethods.go‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -281,11 +281,11 @@ func (c OAuth2ProviderAppCode) RBACObject() rbac.Object {`
`281`	`281`	`returnrbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(c.UserID.String())`
`282`	`282`	`}`
`283`	`283`
`284`		`-func (sOAuth2ProviderAppSecret)RBACObject() rbac.Object {`
	`284`	`+func (OAuth2ProviderAppSecret)RBACObject() rbac.Object {`
`285`	`285`	`returnrbac.ResourceOAuth2ProviderAppSecret`
`286`	`286`	`}`
`287`	`287`
`288`		`-func (sOAuth2ProviderApp)RBACObject() rbac.Object {`
	`288`	`+func (OAuth2ProviderApp)RBACObject() rbac.Object {`
`289`	`289`	`returnrbac.ResourceOAuth2ProviderApp`
`290`	`290`	`}`
`291`	`291`

`‎enterprise/coderd/coderd.go‎`

Lines changed: 0 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -167,7 +167,6 @@ func New(ctx context.Context, options Options) (_ API, err error) {`
`167`	`167`	`r.Get("/authorize",api.postOAuth2ProviderAppAuthorize())`
`168`	`168`	`r.Post("/tokens",api.postOAuth2ProviderAppToken())`
`169`	`169`	`})`
`170`		`-`
`171`	`170`	`})`
`172`	`171`	`})`
`173`	`172`

`‎enterprise/coderd/identityprovider/authorize.go‎`

Lines changed: 11 additions & 17 deletions

Original file line number	Diff line number	Diff line change
`@@ -18,13 +18,14 @@ import (`
`18`	`18`	`"github.com/coder/coder/v2/cryptorand"`
`19`	`19`	`)`
`20`	`20`
`21`		`-// TODO: Comment this up`
	`21`	`+/**`
	`22`	`+ * Authorize displays an HTML for authorizing an application when the user has`
	`23`	`+ * first been redirected to this path and generates a code and redirects to the`
	`24`	`+ * app's callback URL after the user clicks "allow" on that page.`
	`25`	`+ */`
`22`	`26`	`funcAuthorize(db database.Store,accessURL*url.URL) http.HandlerFunc {`
`23`	`27`	`handler:=func(rw http.ResponseWriter,r*http.Request) {`
`24`	`28`	`// TODO: audit? and other endpoints?`
`25`		`-// TODO: @Emyrk this has to serve the html payload for clicking "allow".`
`26`		`-// We need a method to determine if someone hit this endpoint clicking "Allow",`
`27`		`-//or they got here for the first time.`
`28`	`29`	`ctx:=r.Context()`
`29`	`30`	`apiKey,ok:=httpmw.APIKeyOptional(r)`
`30`	`31`	`if!ok {`
`@@ -34,17 +35,13 @@ func Authorize(db database.Store, accessURL *url.URL) http.HandlerFunc {`
`34`	`35`	`return`
`35`	`36`	`}`
`36`	`37`
`37`		`-// If this request is coming from a different host, we need to show the`
`38`		`-// user an html page where they can click allow.`
`39`		`-// TODO: Is there a smarter way to do this?`
`40`		`-// TODO: Skip this step if the user has already clicked allow before, and we`
`41`		`-// can just reuse the token.`
`42`		`-`
`43`	`38`	`app:=httpmw.OAuth2ProviderApp(r)`
`44`	`39`
`45`	`40`	`// TODO: @emyrk this should always work, maybe make callbackURL a *url.URL?`
`46`	`41`	`callbackURL,_:=url.Parse(app.CallbackURL)`
`47`	`42`
	`43`	`+// TODO: Should validate these on the HTML page as well and show errors`
	`44`	`+// there rather than wait until this endpoint to show them.`
`48`	`45`	`p:=httpapi.NewQueryParamParser()`
`49`	`46`	`vals:=r.URL.Query()`
`50`	`47`	`p.Required("state","response_type")`
`@@ -75,7 +72,7 @@ func Authorize(db database.Store, accessURL *url.URL) http.HandlerFunc {`
`75`	`72`	`}`
`76`	`73`
`77`	`74`	`// TODO: @emyrk handle scope?`
`78`		`-var_=scope`
	`75`	`+_=scope`
`79`	`76`
`80`	`77`	`iferr:=validateRedirectURL(app.CallbackURL,redirectURL.String());err!=nil {`
`81`	`78`	`httpapi.Write(r.Context(),rw,http.StatusBadRequest, codersdk.Response{`
`@@ -91,7 +88,6 @@ func Authorize(db database.Store, accessURL *url.URL) http.HandlerFunc {`
`91`	`88`	`})`
`92`	`89`	`return`
`93`	`90`	`}`
`94`		`-// TODO: We are ignoring scopes for now.`
`95`	`91`	`hashed:=sha256.Sum256([]byte(rawSecret))`
`96`	`92`	`_,err=db.InsertOAuth2ProviderAppCode(ctx, database.InsertOAuth2ProviderAppCodeParams{`
`97`	`93`	`ID:uuid.New(),`
`@@ -110,8 +106,6 @@ func Authorize(db database.Store, accessURL *url.URL) http.HandlerFunc {`
`110`	`106`	`return`
`111`	`107`	`}`
`112`	`108`
`113`		`-// TODO: @emyrk we need to possibly serve an html page from this endpoint.`
`114`		`-// this currently skips the user in the loop part where they click allow.`
`115`	`109`	`newQuery:=redirectURL.Query()`
`116`	`110`	`newQuery.Add("code",rawSecret)`
`117`	`111`	`newQuery.Add("state",state)`
`@@ -135,9 +129,9 @@ func validateRedirectURL(baseURL string, redirectURL string) error {`
`135`	`129`	`iferr!=nil {`
`136`	`130`	`returnerr`
`137`	`131`	`}`
`138`		`-// It can be a sub-domain ora sub-directory.`
`139`		`-if (redirect.Host!=base.Host&&!strings.HasSuffix(redirect.Host,"."+base.Host))\|\|`
`140`		`-!strings.HasPrefix(redirect.Path,base.Path) {`
	`132`	`+// It can be a sub-directory but nota sub-domain, as we have apps on`
	`133`	`+// sub-domains so it seems too dangerous.`
	`134`	`+ifredirect.Host!=base.Host\|\|!strings.HasPrefix(redirect.Path,base.Path) {`
`141`	`135`	`returnxerrors.New("invalid redirect URL")`
`142`	`136`	`}`
`143`	`137`	`returnnil`

`‎enterprise/coderd/identityprovider/middleware.go‎`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,8 @@ func authorizeMW(accessURL *url.URL) func(next http.Handler) http.Handler {`
`39`	`39`
`40`	`40`	`app:=httpmw.OAuth2ProviderApp(r)`
`41`	`41`	`// If the request comes from outside, then we show the html allow page.`
	`42`	`+// TODO: Skip this step if the user has already clicked allow before, and`
	`43`	`+// we can just reuse the token.`
`42`	`44`	`iforiginU.Hostname()!=accessURL.Hostname()&&refererU.Path!="/login/oauth2/authorize" {`
`43`	`45`	`ifr.URL.Query().Get("redirected")!="" {`
`44`	`46`	`site.RenderStaticErrorPage(rw,r, site.ErrorPageData{`

`‎enterprise/coderd/identityprovider/tokens.go‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ func Tokens(db database.Store, defaultLifetime time.Duration) http.HandlerFunc {`
`55`	`55`	`}`
`56`	`56`
`57`	`57`	`// TODO: Not sure what to do with this yet.`
`58`		`-var_=redirectURL`
	`58`	`+_=redirectURL`
`59`	`59`
`60`	`60`	`vartoken oauth2.Token`
`61`	`61`	`switchcodersdk.OAuth2ProviderGrantType(grantType) {`

`‎enterprise/coderd/oauth2_test.go‎`

Lines changed: 8 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -202,12 +202,16 @@ func TestOAuth2ProviderApps(t *testing.T) {`
`202`	`202`
`203`	`203`	`// Should be able to add apps.`
`204`	`204`	`expected:=generateApps(ctx,t,client)`
	`205`	`+expectedOrder:= []codersdk.OAuth2ProviderApp{`
	`206`	`+expected.Default,expected.NoPort,expected.Subdomain,`
	`207`	`+expected.Extra[0],expected.Extra[1],`
	`208`	`+}`
`205`	`209`
`206`	`210`	`// Should get all the apps now.`
`207`	`211`	`apps,err=another.OAuth2ProviderApps(ctx, codersdk.OAuth2ProviderAppFilter{})`
`208`	`212`	`require.NoError(t,err)`
`209`	`213`	`require.Len(t,apps,5)`
`210`		`-require.Equal(t,expected,apps)`
	`214`	`+require.Equal(t,expectedOrder,apps)`
`211`	`215`
`212`	`216`	`// Should be able to keep the same name when updating.`
`213`	`217`	`req:= codersdk.PutOAuth2ProviderAppRequest{`
`@@ -252,13 +256,7 @@ func TestOAuth2ProviderApps(t *testing.T) {`
`252`	`256`	`require.NoError(t,err)`
`253`	`257`	`require.Len(t,newApps,4)`
`254`	`258`
`255`		`-filtered:=make([]codersdk.OAuth2ProviderApp,0,len(newApps))`
`256`		`-for_,app:=rangenewApps {`
`257`		`-ifapp.ID!=expected.Default.ID {`
`258`		`-filtered=append(filtered,app)`
`259`		`-}`
`260`		`-}`
`261`		`-require.Equal(t,filtered,newApps)`
	`259`	`+require.Equal(t,expectedOrder[1:],newApps)`
`262`	`260`	`})`
`263`	`261`
`264`	`262`	`t.Run("ByUser",func(t*testing.T) {`
`@@ -632,14 +630,13 @@ func TestOAuth2ProviderTokenExchange(t *testing.T) {`
`632`	`630`	`code=*test.defaultCode`
`633`	`631`	`}else {`
`634`	`632`	`code,err=authorizationFlow(userClient,valid)`
`635`		`-iftest.authError=="" {`
`636`		`-require.NoError(t,err)`
`637`		`-}else {`
	`633`	`+iftest.authError!="" {`
`638`	`634`	`require.Error(t,err)`
`639`	`635`	`require.ErrorContains(t,err,test.authError)`
`640`	`636`	`// If this errors the token exchange will fail. So end here.`
`641`	`637`	`return`
`642`	`638`	`}`
	`639`	`+require.NoError(t,err)`
`643`	`640`	`}`
`644`	`641`
`645`	`642`	`// Mutate the valid config for the exchange.`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitb7e55ef

File tree

13 files changed

13 files changed

`‎coderd/apikey/apikey_test.go‎`

`‎coderd/coderdtest/oidctest/helper.go‎`

`‎coderd/coderdtest/oidctest/idp.go‎`

`‎coderd/database/db2sdk/db2sdk.go‎`

`‎coderd/database/modelmethods.go‎`

`‎enterprise/coderd/coderd.go‎`

`‎enterprise/coderd/identityprovider/authorize.go‎`

`‎enterprise/coderd/identityprovider/middleware.go‎`

`‎enterprise/coderd/identityprovider/tokens.go‎`

`‎enterprise/coderd/oauth2_test.go‎`

0 commit comments