NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commitd623eeb

authored

feat: delete API token in /logout API (#1770)

* delete API token in logout api* add deleteapikeybyid to databasefake* set blank cookie on logout always* refactor logout flow, add unit tests* update logout messsage* use read-only file mode for windows* fix file mode on windows for cleanup* change file permissions on windows* assert error is not nil* refactor cli* try different file mode on windows* try different file mode on windows* try keeping the files open on Windows* fix the error message on Windows

1 parentd0ed107 commitd623eebCopy full SHA for d623eeb

File tree

10 files changed

+239

-65

lines changed

cli
- logout.go
- logout_test.go
coderd
- coderd.go
- coderd_test.go
- database
  - databasefake
    - databasefake.go
  - querier.go
  - queries
    - apikeys.sql
  - queries.sql.go
- users.go
- users_test.go

10 files changed

+239

-65

lines changed

`‎cli/logout.go`

Lines changed: 30 additions & 22 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@ package cli`
`3`	`3`	`import (`
`4`	`4`	`"fmt"`
`5`	`5`	`"os"`
	`6`	`+"strings"`
`6`	`7`
`7`	`8`	`"github.com/spf13/cobra"`
`8`	`9`	`"golang.org/x/xerrors"`
`@@ -15,11 +16,16 @@ func logout() *cobra.Command {`
`15`	`16`	`Use:"logout",`
`16`	`17`	`Short:"Remove the local authenticated session",`
`17`	`18`	`RunE:func(cmd*cobra.Command,args []string)error {`
`18`		`-varisLoggedOutbool`
	`19`	`+client,err:=createClient(cmd)`
	`20`	`+iferr!=nil {`
	`21`	`+returnerr`
	`22`	`+}`
	`23`	`+`
	`24`	`+varerrors []error`
`19`	`25`
`20`	`26`	`config:=createConfig(cmd)`
`21`	`27`
`22`		`-_,err:=cliui.Prompt(cmd, cliui.PromptOptions{`
	`28`	`+_,err=cliui.Prompt(cmd, cliui.PromptOptions{`
`23`	`29`	`Text:"Are you sure you want to logout?",`
`24`	`30`	`IsConfirm:true,`
`25`	`31`	`Default:"yes",`
`@@ -28,38 +34,40 @@ func logout() *cobra.Command {`
`28`	`34`	`returnerr`
`29`	`35`	`}`
`30`	`36`
`31`		`-err=config.URL().Delete()`
	`37`	`+err=client.Logout(cmd.Context())`
`32`	`38`	`iferr!=nil {`
`33`		`-// Only throw error if the URL configuration file is present,`
`34`		`-// otherwise the user is already logged out, and we proceed`
`35`		`-if!os.IsNotExist(err) {`
`36`		`-returnxerrors.Errorf("remove URL file: %w",err)`
`37`		`-}`
`38`		`-isLoggedOut=true`
	`39`	`+errors=append(errors,xerrors.Errorf("logout api: %w",err))`
	`40`	`+}`
	`41`	`+`
	`42`	`+err=config.URL().Delete()`
	`43`	`+// Only throw error if the URL configuration file is present,`
	`44`	`+// otherwise the user is already logged out, and we proceed`
	`45`	`+iferr!=nil&&!os.IsNotExist(err) {`
	`46`	`+errors=append(errors,xerrors.Errorf("remove URL file: %w",err))`
`39`	`47`	`}`
`40`	`48`
`41`	`49`	`err=config.Session().Delete()`
`42`		`-iferr!=nil {`
`43`		`-// Only throw error if the session configuration file is present,`
`44`		`-// otherwise the user is already logged out, and we proceed`
`45`		`-if!os.IsNotExist(err) {`
`46`		`-returnxerrors.Errorf("remove session file: %w",err)`
`47`		`-}`
`48`		`-isLoggedOut=true`
	`50`	`+// Only throw error if the session configuration file is present,`
	`51`	`+// otherwise the user is already logged out, and we proceed`
	`52`	`+iferr!=nil&&!os.IsNotExist(err) {`
	`53`	`+errors=append(errors,xerrors.Errorf("remove session file: %w",err))`
`49`	`54`	`}`
`50`	`55`
`51`	`56`	`err=config.Organization().Delete()`
`52`	`57`	`// If the organization configuration file is absent, we still proceed`
`53`	`58`	`iferr!=nil&&!os.IsNotExist(err) {`
`54`		`-returnxerrors.Errorf("remove organization file: %w",err)`
	`59`	`+errors=append(errors,xerrors.Errorf("remove organization file: %w",err))`
`55`	`60`	`}`
`56`	`61`
`57`		`-// If the user was already logged out, we show them a different message`
`58`		`-ifisLoggedOut {`
`59`		`-_,_=fmt.Fprintf(cmd.OutOrStdout(),notLoggedInMessage+"\n")`
`60`		`-}else {`
`61`		`-_,_=fmt.Fprintf(cmd.OutOrStdout(),caret+"Successfully logged out.\n")`
	`62`	`+iflen(errors)>0 {`
	`63`	`+varerrorStringBuilder strings.Builder`
	`64`	`+for_,err:=rangeerrors {`
	`65`	`+_,_=fmt.Fprint(&errorStringBuilder,"\t"+err.Error()+"\n")`
	`66`	`+}`
	`67`	`+errorString:=strings.TrimRight(errorStringBuilder.String(),"\n")`
	`68`	`+returnxerrors.New("Failed to log out.\n"+errorString)`
`62`	`69`	`}`
	`70`	`+_,_=fmt.Fprintf(cmd.OutOrStdout(),caret+"You are no longer logged in. You can log in using 'coder login <url>'.\n")`
`63`	`71`	`returnnil`
`64`	`72`	`},`
`65`	`73`	`}`

`‎cli/logout_test.go`

Lines changed: 73 additions & 16 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,10 @@`
`1`	`1`	`package cli_test`
`2`	`2`
`3`	`3`	`import (`
	`4`	`+"fmt"`
`4`	`5`	`"os"`
	`6`	`+"regexp"`
	`7`	`+"runtime"`
`5`	`8`	`"testing"`
`6`	`9`
`7`	`10`	`"github.com/stretchr/testify/assert"`
`@@ -21,7 +24,7 @@ func TestLogout(t *testing.T) {`
`21`	`24`	`pty:=ptytest.New(t)`
`22`	`25`	`config:=login(t,pty)`
`23`	`26`
`24`		`-//ensure session files exist`
	`27`	`+//Ensure session files exist.`
`25`	`28`	`require.FileExists(t,string(config.URL()))`
`26`	`29`	`require.FileExists(t,string(config.Session()))`
`27`	`30`
`@@ -40,7 +43,7 @@ func TestLogout(t *testing.T) {`
`40`	`43`
`41`	`44`	`pty.ExpectMatch("Are you sure you want to logout?")`
`42`	`45`	`pty.WriteLine("yes")`
`43`		`-pty.ExpectMatch("Successfullyloggedout")`
	`46`	`+pty.ExpectMatch("You are no longerloggedin. You can log in using 'coder login <url>'.")`
`44`	`47`	`<-logoutChan`
`45`	`48`	`})`
`46`	`49`	`t.Run("SkipPrompt",func(t*testing.T) {`
`@@ -49,7 +52,7 @@ func TestLogout(t *testing.T) {`
`49`	`52`	`pty:=ptytest.New(t)`
`50`	`53`	`config:=login(t,pty)`
`51`	`54`
`52`		`-//ensure session files exist`
	`55`	`+//Ensure session files exist.`
`53`	`56`	`require.FileExists(t,string(config.URL()))`
`54`	`57`	`require.FileExists(t,string(config.Session()))`
`55`	`58`
`@@ -66,7 +69,7 @@ func TestLogout(t *testing.T) {`
`66`	`69`	`assert.NoFileExists(t,string(config.Session()))`
`67`	`70`	`}()`
`68`	`71`
`69`		`-pty.ExpectMatch("Successfullyloggedout")`
	`72`	`+pty.ExpectMatch("You are no longerloggedin. You can log in using 'coder login <url>'.")`
`70`	`73`	`<-logoutChan`
`71`	`74`	`})`
`72`	`75`	`t.Run("NoURLFile",func(t*testing.T) {`
`@@ -75,7 +78,7 @@ func TestLogout(t *testing.T) {`
`75`	`78`	`pty:=ptytest.New(t)`
`76`	`79`	`config:=login(t,pty)`
`77`	`80`
`78`		`-//ensure session files exist`
	`81`	`+//Ensure session files exist.`
`79`	`82`	`require.FileExists(t,string(config.URL()))`
`80`	`83`	`require.FileExists(t,string(config.Session()))`
`81`	`84`
`@@ -91,14 +94,9 @@ func TestLogout(t *testing.T) {`
`91`	`94`	`gofunc() {`
`92`	`95`	`deferclose(logoutChan)`
`93`	`96`	`err:=logout.Execute()`
`94`		`-assert.NoError(t,err)`
`95`		`-assert.NoFileExists(t,string(config.URL()))`
`96`		`-assert.NoFileExists(t,string(config.Session()))`
	`97`	`+assert.EqualError(t,err,"You are not logged in. Try logging in using 'coder login <url>'.")`
`97`	`98`	`}()`
`98`	`99`
`99`		`-pty.ExpectMatch("Are you sure you want to logout?")`
`100`		`-pty.WriteLine("yes")`
`101`		`-pty.ExpectMatch("You are not logged in. Try logging in using 'coder login <url>'.")`
`102`	`100`	`<-logoutChan`
`103`	`101`	`})`
`104`	`102`	`t.Run("NoSessionFile",func(t*testing.T) {`
`@@ -107,7 +105,7 @@ func TestLogout(t *testing.T) {`
`107`	`105`	`pty:=ptytest.New(t)`
`108`	`106`	`config:=login(t,pty)`
`109`	`107`
`110`		`-//ensure session files exist`
	`108`	`+//Ensure session files exist.`
`111`	`109`	`require.FileExists(t,string(config.URL()))`
`112`	`110`	`require.FileExists(t,string(config.Session()))`
`113`	`111`
`@@ -123,14 +121,73 @@ func TestLogout(t *testing.T) {`
`123`	`121`	`gofunc() {`
`124`	`122`	`deferclose(logoutChan)`
`125`	`123`	`err=logout.Execute()`
`126`		`-assert.NoError(t,err)`
`127`		`-assert.NoFileExists(t,string(config.URL()))`
`128`		`-assert.NoFileExists(t,string(config.Session()))`
	`124`	`+assert.EqualError(t,err,"You are not logged in. Try logging in using 'coder login <url>'.")`
	`125`	`+}()`
	`126`	`+`
	`127`	`+<-logoutChan`
	`128`	`+})`
	`129`	`+t.Run("CannotDeleteFiles",func(t*testing.T) {`
	`130`	`+t.Parallel()`
	`131`	`+`
	`132`	`+pty:=ptytest.New(t)`
	`133`	`+config:=login(t,pty)`
	`134`	`+`
	`135`	`+// Ensure session files exist.`
	`136`	`+require.FileExists(t,string(config.URL()))`
	`137`	`+require.FileExists(t,string(config.Session()))`
	`138`	`+`
	`139`	`+var (`
	`140`	`+errerror`
	`141`	`+urlFile*os.File`
	`142`	`+sessionFile*os.File`
	`143`	`+)`
	`144`	`+ifruntime.GOOS=="windows" {`
	`145`	`+// Opening the files so Windows does not allow deleting them.`
	`146`	`+urlFile,err=os.Open(string(config.URL()))`
	`147`	`+require.NoError(t,err)`
	`148`	`+sessionFile,err=os.Open(string(config.Session()))`
	`149`	`+require.NoError(t,err)`
	`150`	`+}else {`
	`151`	`+// Changing the permissions to throw error during deletion.`
	`152`	`+err=os.Chmod(string(config),0500)`
	`153`	`+require.NoError(t,err)`
	`154`	`+}`
	`155`	`+t.Cleanup(func() {`
	`156`	`+ifruntime.GOOS=="windows" {`
	`157`	`+// Closing the opened files for cleanup.`
	`158`	`+err=urlFile.Close()`
	`159`	`+require.NoError(t,err)`
	`160`	`+err=sessionFile.Close()`
	`161`	`+require.NoError(t,err)`
	`162`	`+}else {`
	`163`	`+// Setting the permissions back for cleanup.`
	`164`	`+err=os.Chmod(string(config),0700)`
	`165`	`+require.NoError(t,err)`
	`166`	`+}`
	`167`	`+})`
	`168`	`+`
	`169`	`+logoutChan:=make(chanstruct{})`
	`170`	`+logout,_:=clitest.New(t,"logout","--global-config",string(config))`
	`171`	`+`
	`172`	`+logout.SetIn(pty.Input())`
	`173`	`+logout.SetOut(pty.Output())`
	`174`	`+`
	`175`	`+gofunc() {`
	`176`	`+deferclose(logoutChan)`
	`177`	`+err:=logout.Execute()`
	`178`	`+assert.NotNil(t,err)`
	`179`	`+varerrorMessagestring`
	`180`	`+ifruntime.GOOS=="windows" {`
	`181`	`+errorMessage="The process cannot access the file because it is being used by another process."`
	`182`	`+}else {`
	`183`	`+errorMessage="permission denied"`
	`184`	`+}`
	`185`	`+errRegex:=regexp.MustCompile(fmt.Sprintf("Failed to log out.\n\tremove URL file: .+: %s\n\tremove session file: .+: %s",errorMessage,errorMessage))`
	`186`	`+assert.Regexp(t,errRegex,err.Error())`
`129`	`187`	`}()`
`130`	`188`
`131`	`189`	`pty.ExpectMatch("Are you sure you want to logout?")`
`132`	`190`	`pty.WriteLine("yes")`
`133`		`-pty.ExpectMatch("You are not logged in. Try logging in using 'coder login <url>'.")`
`134`	`191`	`<-logoutChan`
`135`	`192`	`})`
`136`	`193`	`}`

`‎coderd/coderd.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -219,7 +219,6 @@ func New(options Options) API {`
`219`	`219`	`r.Get("/first",api.firstUser)`
`220`	`220`	`r.Post("/first",api.postFirstUser)`
`221`	`221`	`r.Post("/login",api.postLogin)`
`222`		`-r.Post("/logout",api.postLogout)`
`223`	`222`	`r.Get("/authmethods",api.userAuthMethods)`
`224`	`223`	`r.Route("/oauth2",func(r chi.Router) {`
`225`	`224`	`r.Route("/github",func(r chi.Router) {`
`@@ -234,6 +233,7 @@ func New(options Options) API {`
`234`	`233`	`)`
`235`	`234`	`r.Post("/",api.postUser)`
`236`	`235`	`r.Get("/",api.users)`
	`236`	`+r.Post("/logout",api.postLogout)`
`237`	`237`	`// These routes query information about site wide roles.`
`238`	`238`	`r.Route("/roles",func(r chi.Router) {`
`239`	`239`	`r.Get("/",api.assignableSiteRoles)`

`‎coderd/coderd_test.go`

Lines changed: 16 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -104,6 +104,10 @@ func TestAuthorizeAllEndpoints(t *testing.T) {`
`104`	`104`	`workspaceRBACObj:=rbac.ResourceWorkspace.InOrg(organization.ID).WithID(workspace.ID.String()).WithOwner(workspace.OwnerID.String())`
`105`	`105`
`106`	`106`	`// skipRoutes allows skipping routes from being checked.`
	`107`	`+skipRoutes:=map[string]string{`
	`108`	`+"POST:/api/v2/users/logout":"Logging out deletes the API Key for other routes",`
	`109`	`+}`
	`110`	`+`
`107`	`111`	`typerouteCheckstruct {`
`108`	`112`	`NoAuthorizebool`
`109`	`113`	`AssertAction rbac.Action`
`@@ -117,7 +121,6 @@ func TestAuthorizeAllEndpoints(t *testing.T) {`
`117`	`121`	`"GET:/api/v2/users/first": {NoAuthorize:true},`
`118`	`122`	`"POST:/api/v2/users/first": {NoAuthorize:true},`
`119`	`123`	`"POST:/api/v2/users/login": {NoAuthorize:true},`
`120`		`-"POST:/api/v2/users/logout": {NoAuthorize:true},`
`121`	`124`	`"GET:/api/v2/users/authmethods": {NoAuthorize:true},`
`122`	`125`	`"POST:/api/v2/csp/reports": {NoAuthorize:true},`
`123`	`126`
`@@ -310,8 +313,20 @@ func TestAuthorizeAllEndpoints(t *testing.T) {`
`310`	`313`	`assertRoute[noTrailSlash]=v`
`311`	`314`	`}`
`312`	`315`
	`316`	`+fork,v:=rangeskipRoutes {`
	`317`	`+noTrailSlash:=strings.TrimRight(k,"/")`
	`318`	`+if_,ok:=skipRoutes[noTrailSlash];ok&&noTrailSlash!=k {`
	`319`	`+t.Errorf("route %q & %q is declared twice",noTrailSlash,k)`
	`320`	`+t.FailNow()`
	`321`	`+}`
	`322`	`+skipRoutes[noTrailSlash]=v`
	`323`	`+}`
	`324`	`+`
`313`	`325`	`err=chi.Walk(api.Handler,func(methodstring,routestring,handler http.Handler,middlewares...func(http.Handler) http.Handler)error {`
`314`	`326`	`name:=method+":"+route`
	`327`	`+if_,ok:=skipRoutes[strings.TrimRight(name,"/")];ok {`
	`328`	`+returnnil`
	`329`	`+}`
`315`	`330`	`t.Run(name,func(t*testing.T) {`
`316`	`331`	`authorizer.reset()`
`317`	`332`	`routeAssertions,ok:=assertRoute[strings.TrimRight(name,"/")]`

`‎coderd/database/databasefake/databasefake.go`

Lines changed: 15 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -126,6 +126,21 @@ func (q *fakeQuerier) GetAPIKeyByID(_ context.Context, id string) (database.APIK`
`126`	`126`	`return database.APIKey{},sql.ErrNoRows`
`127`	`127`	`}`
`128`	`128`
	`129`	`+func (q*fakeQuerier)DeleteAPIKeyByID(_ context.Context,idstring)error {`
	`130`	`+q.mutex.Lock()`
	`131`	`+deferq.mutex.Unlock()`
	`132`	`+`
	`133`	`+forindex,apiKey:=rangeq.apiKeys {`
	`134`	`+ifapiKey.ID!=id {`
	`135`	`+continue`
	`136`	`+}`
	`137`	`+q.apiKeys[index]=q.apiKeys[len(q.apiKeys)-1]`
	`138`	`+q.apiKeys=q.apiKeys[:len(q.apiKeys)-1]`
	`139`	`+returnnil`
	`140`	`+}`
	`141`	`+returnsql.ErrNoRows`
	`142`	`+}`
	`143`	`+`
`129`	`144`	`func (q*fakeQuerier)GetFileByHash(_ context.Context,hashstring) (database.File,error) {`
`130`	`145`	`q.mutex.RLock()`
`131`	`146`	`deferq.mutex.RUnlock()`

`‎coderd/database/querier.go`

Lines changed: 1 addition & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries.sql.go`

Lines changed: 13 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries/apikeys.sql`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -38,3 +38,10 @@ SET`
`38`	`38`	`oauth_expiry= $6`
`39`	`39`	`WHERE`
`40`	`40`	`id= $1;`
	`41`	`+`
	`42`	`+-- name: DeleteAPIKeyByID :exec`
	`43`	`+DELETE`
	`44`	`+FROM`
	`45`	`+api_keys`
	`46`	`+WHERE`
	`47`	`+id= $1;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitd623eeb

File tree

10 files changed

10 files changed

`‎cli/logout.go`

`‎cli/logout_test.go`

`‎coderd/coderd.go`

`‎coderd/coderd_test.go`

`‎coderd/database/databasefake/databasefake.go`

`‎coderd/database/querier.go`

`‎coderd/database/queries.sql.go`

`‎coderd/database/queries/apikeys.sql`

0 commit comments