NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commite94fe20

authored

fix: handlegetUser error (#3285)

1 parent4658b3f commite94fe20Copy full SHA for e94fe20

File tree

5 files changed

+67

-20

lines changed

coderd/httpmw
- apikey.go
site/src
- components
  - RequireAuth
    - RequireAuth.tsx
  - SignInForm
    - SignInForm.stories.tsx
    - SignInForm.tsx
- pages/LoginPage
  - LoginPage.tsx

5 files changed

+67

-20

lines changed

`‎coderd/httpmw/apikey.go`

Lines changed: 27 additions & 13 deletions

Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,11 @@ type OAuth2Configs struct {`
`51`	`51`	`GithubOAuth2Config`
`52`	`52`	`}`
`53`	`53`
	`54`	`+const (`
	`55`	`+signedOutErrorMessagestring="You are signed out or your session has expired. Please sign in again to continue."`
	`56`	`+internalErrorMessagestring="An internal error occurred. Please try again or contact the system administrator."`
	`57`	`+)`
	`58`	`+`
`54`	`59`	`// ExtractAPIKey requires authentication using a valid API key.`
`55`	`60`	`// It handles extending an API key if it comes close to expiry,`
`56`	`61`	`// updating the last used time in the database.`
`@@ -83,15 +88,17 @@ func ExtractAPIKey(db database.Store, oauth *OAuth2Configs, redirectToLogin bool`
`83`	`88`	`}`
`84`	`89`	`ifcookieValue=="" {`
`85`	`90`	`write(http.StatusUnauthorized, codersdk.Response{`
`86`		`-Message:fmt.Sprintf("Cookie %q or query parameter must be provided.",codersdk.SessionTokenKey),`
	`91`	`+Message:signedOutErrorMessage,`
	`92`	`+Detail:fmt.Sprintf("Cookie %q or query parameter must be provided.",codersdk.SessionTokenKey),`
`87`	`93`	`})`
`88`	`94`	`return`
`89`	`95`	`}`
`90`	`96`	`parts:=strings.Split(cookieValue,"-")`
`91`	`97`	`// APIKeys are formatted: ID-SECRET`
`92`	`98`	`iflen(parts)!=2 {`
`93`	`99`	`write(http.StatusUnauthorized, codersdk.Response{`
`94`		`-Message:fmt.Sprintf("Invalid %q cookie API key format.",codersdk.SessionTokenKey),`
	`100`	`+Message:signedOutErrorMessage,`
	`101`	`+Detail:fmt.Sprintf("Invalid %q cookie API key format.",codersdk.SessionTokenKey),`
`95`	`102`	`})`
`96`	`103`	`return`
`97`	`104`	`}`
`@@ -100,27 +107,30 @@ func ExtractAPIKey(db database.Store, oauth *OAuth2Configs, redirectToLogin bool`
`100`	`107`	`// Ensuring key lengths are valid.`
`101`	`108`	`iflen(keyID)!=10 {`
`102`	`109`	`write(http.StatusUnauthorized, codersdk.Response{`
`103`		`-Message:fmt.Sprintf("Invalid %q cookie API key id.",codersdk.SessionTokenKey),`
	`110`	`+Message:signedOutErrorMessage,`
	`111`	`+Detail:fmt.Sprintf("Invalid %q cookie API key id.",codersdk.SessionTokenKey),`
`104`	`112`	`})`
`105`	`113`	`return`
`106`	`114`	`}`
`107`	`115`	`iflen(keySecret)!=22 {`
`108`	`116`	`write(http.StatusUnauthorized, codersdk.Response{`
`109`		`-Message:fmt.Sprintf("Invalid %q cookie API key secret.",codersdk.SessionTokenKey),`
	`117`	`+Message:signedOutErrorMessage,`
	`118`	`+Detail:fmt.Sprintf("Invalid %q cookie API key secret.",codersdk.SessionTokenKey),`
`110`	`119`	`})`
`111`	`120`	`return`
`112`	`121`	`}`
`113`	`122`	`key,err:=db.GetAPIKeyByID(r.Context(),keyID)`
`114`	`123`	`iferr!=nil {`
`115`	`124`	`iferrors.Is(err,sql.ErrNoRows) {`
`116`	`125`	`write(http.StatusUnauthorized, codersdk.Response{`
`117`		`-Message:"API key is invalid.",`
	`126`	`+Message:signedOutErrorMessage,`
	`127`	`+Detail:"API key is invalid.",`
`118`	`128`	`})`
`119`	`129`	`return`
`120`	`130`	`}`
`121`	`131`	`write(http.StatusInternalServerError, codersdk.Response{`
`122`		`-Message:"Internal error fetching API key by id.",`
`123`		`-Detail:err.Error(),`
	`132`	`+Message:internalErrorMessage,`
	`133`	`+Detail:fmt.Sprintf("Internal error fetching API key by id. %s",err.Error()),`
`124`	`134`	`})`
`125`	`135`	`return`
`126`	`136`	`}`
`@@ -129,7 +139,8 @@ func ExtractAPIKey(db database.Store, oauth *OAuth2Configs, redirectToLogin bool`
`129`	`139`	`// Checking to see if the secret is valid.`
`130`	`140`	`ifsubtle.ConstantTimeCompare(key.HashedSecret,hashed[:])!=1 {`
`131`	`141`	`write(http.StatusUnauthorized, codersdk.Response{`
`132`		`-Message:"API key secret is invalid.",`
	`142`	`+Message:signedOutErrorMessage,`
	`143`	`+Detail:"API key secret is invalid.",`
`133`	`144`	`})`
`134`	`145`	`return`
`135`	`146`	`}`
`@@ -146,7 +157,8 @@ func ExtractAPIKey(db database.Store, oauth *OAuth2Configs, redirectToLogin bool`
`146`	`157`	`oauthConfig=oauth.Github`
`147`	`158`	`default:`
`148`	`159`	`write(http.StatusInternalServerError, codersdk.Response{`
`149`		`-Message:fmt.Sprintf("Unexpected authentication type %q.",key.LoginType),`
	`160`	`+Message:internalErrorMessage,`
	`161`	`+Detail:fmt.Sprintf("Unexpected authentication type %q.",key.LoginType),`
`150`	`162`	`})`
`151`	`163`	`return`
`152`	`164`	`}`
`@@ -174,7 +186,8 @@ func ExtractAPIKey(db database.Store, oauth *OAuth2Configs, redirectToLogin bool`
`174`	`186`	`// Checking if the key is expired.`
`175`	`187`	`ifkey.ExpiresAt.Before(now) {`
`176`	`188`	`write(http.StatusUnauthorized, codersdk.Response{`
`177`		`-Message:fmt.Sprintf("API key expired at %q.",key.ExpiresAt.String()),`
	`189`	`+Message:signedOutErrorMessage,`
	`190`	`+Detail:fmt.Sprintf("API key expired at %q.",key.ExpiresAt.String()),`
`178`	`191`	`})`
`179`	`192`	`return`
`180`	`193`	`}`
`@@ -216,7 +229,8 @@ func ExtractAPIKey(db database.Store, oauth *OAuth2Configs, redirectToLogin bool`
`216`	`229`	`})`
`217`	`230`	`iferr!=nil {`
`218`	`231`	`write(http.StatusInternalServerError, codersdk.Response{`
`219`		`-Message:fmt.Sprintf("API key couldn't update: %s.",err.Error()),`
	`232`	`+Message:internalErrorMessage,`
	`233`	`+Detail:fmt.Sprintf("API key couldn't update: %s.",err.Error()),`
`220`	`234`	`})`
`221`	`235`	`return`
`222`	`236`	`}`
`@@ -228,8 +242,8 @@ func ExtractAPIKey(db database.Store, oauth *OAuth2Configs, redirectToLogin bool`
`228`	`242`	`roles,err:=db.GetAuthorizationUserRoles(r.Context(),key.UserID)`
`229`	`243`	`iferr!=nil {`
`230`	`244`	`write(http.StatusUnauthorized, codersdk.Response{`
`231`		`-Message:"Internal error fetching user's roles.",`
`232`		`-Detail:err.Error(),`
	`245`	`+Message:internalErrorMessage,`
	`246`	`+Detail:fmt.Sprintf("Internal error fetching user's roles. %s",err.Error()),`
`233`	`247`	`})`
`234`	`248`	`return`
`235`	`249`	`}`

`‎site/src/components/RequireAuth/RequireAuth.tsx`

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -13,9 +13,10 @@ export const RequireAuth: React.FC<RequireAuthProps> = ({ children }) => {`
`13`	`13`	`constxServices=useContext(XServiceContext)`
`14`	`14`	`const[authState]=useActor(xServices.authXService)`
`15`	`15`	`constlocation=useLocation()`
`16`		`-constnavigateTo=location.pathname==="/" ?"/login" :embedRedirect(location.pathname)`
	`16`	`+constisHomePage=location.pathname==="/"`
	`17`	`+constnavigateTo=isHomePage ?"/login" :embedRedirect(location.pathname)`
`17`	`18`	`if(authState.matches("signedOut")){`
`18`		`-return<Navigateto={navigateTo}/>`
	`19`	`+return<Navigateto={navigateTo}state={{isRedirect:!isHomePage}}/>`
`19`	`20`	`}elseif(authState.hasTag("loading")){`
`20`	`21`	`return<FullScreenLoader/>`
`21`	`22`	`}else{`

`‎site/src/components/SignInForm/SignInForm.stories.tsx`

Lines changed: 23 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,17 @@ WithLoginError.args = {`
`51`	`51`	`},`
`52`	`52`	`}`
`53`	`53`
	`54`	`+exportconstWithGetUserError=Template.bind({})`
	`55`	`+WithGetUserError.args={`
	`56`	`+ ...SignedOut.args,`
	`57`	`+loginErrors:{`
	`58`	`+[LoginErrors.GET_USER_ERROR]:makeMockApiError({`
	`59`	`+message:"You are logged out. Please log in to continue.",`
	`60`	`+detail:"API Key is invalid.",`
	`61`	`+}),`
	`62`	`+},`
	`63`	`+}`
	`64`	`+`
`54`	`65`	`exportconstWithCheckPermissionsError=Template.bind({})`
`55`	`66`	`WithCheckPermissionsError.args={`
`56`	`67`	`...SignedOut.args,`
`@@ -70,6 +81,18 @@ WithAuthMethodsError.args = {`
`70`	`81`	`},`
`71`	`82`	`}`
`72`	`83`
	`84`	`+exportconstWithGetUserAndAuthMethodsError=Template.bind({})`
	`85`	`+WithGetUserAndAuthMethodsError.args={`
	`86`	`+ ...SignedOut.args,`
	`87`	`+loginErrors:{`
	`88`	`+[LoginErrors.GET_USER_ERROR]:makeMockApiError({`
	`89`	`+message:"You are logged out. Please log in to continue.",`
	`90`	`+detail:"API Key is invalid.",`
	`91`	`+}),`
	`92`	`+[LoginErrors.GET_METHODS_ERROR]:newError("Failed to fetch auth methods"),`
	`93`	`+},`
	`94`	`+}`
	`95`	`+`
`73`	`96`	`exportconstWithGithub=Template.bind({})`
`74`	`97`	`WithGithub.args={`
`75`	`98`	`...SignedOut.args,`

`‎site/src/components/SignInForm/SignInForm.tsx`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@ interface BuiltInAuthFormValues {`
`25`	`25`
`26`	`26`	`exportenumLoginErrors{`
`27`	`27`	`AUTH_ERROR="authError",`
	`28`	`+GET_USER_ERROR="getUserError",`
`28`	`29`	`CHECK_PERMISSIONS_ERROR="checkPermissionsError",`
`29`	`30`	`GET_METHODS_ERROR="getMethodsError",`
`30`	`31`	`}`
`@@ -36,6 +37,7 @@ export const Language = {`
`36`	`37`	`emailRequired:"Please enter an email address.",`
`37`	`38`	`errorMessages:{`
`38`	`39`	`[LoginErrors.AUTH_ERROR]:"Incorrect email or password.",`
	`40`	`+[LoginErrors.GET_USER_ERROR]:"Failed to fetch user details.",`
`39`	`41`	`[LoginErrors.CHECK_PERMISSIONS_ERROR]:"Unable to fetch user permissions.",`
`40`	`42`	`[LoginErrors.GET_METHODS_ERROR]:"Unable to fetch auth methods.",`
`41`	`43`	`},`

`‎site/src/pages/LoginPage/LoginPage.tsx`

Lines changed: 12 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ import React, { useContext } from "react"`
`4`	`4`	`import{Helmet}from"react-helmet"`
`5`	`5`	`import{Navigate,useLocation}from"react-router-dom"`
`6`	`6`	`import{Footer}from"../../components/Footer/Footer"`
`7`		`-import{SignInForm}from"../../components/SignInForm/SignInForm"`
	`7`	`+import{LoginErrors,SignInForm}from"../../components/SignInForm/SignInForm"`
`8`	`8`	`import{pageTitle}from"../../util/page"`
`9`	`9`	`import{retrieveRedirect}from"../../util/redirect"`
`10`	`10`	`import{XServiceContext}from"../../xServices/StateContext"`
`@@ -28,19 +28,25 @@ export const useStyles = makeStyles((theme) => ({`
`28`	`28`	`},`
`29`	`29`	`}))`
`30`	`30`
	`31`	`+interfaceLocationState{`
	`32`	`+isRedirect:boolean`
	`33`	`+}`
	`34`	`+`
`31`	`35`	`exportconstLoginPage:React.FC=()=>{`
`32`	`36`	`conststyles=useStyles()`
`33`	`37`	`constlocation=useLocation()`
`34`	`38`	`constxServices=useContext(XServiceContext)`
`35`	`39`	`const[authState,authSend]=useActor(xServices.authXService)`
`36`	`40`	`constisLoading=authState.hasTag("loading")`
`37`	`41`	`constredirectTo=retrieveRedirect(location.search)`
	`42`	`+constlocationState=location.state ?(location.stateasLocationState) :null`
	`43`	`+constisRedirected=locationState ?locationState.isRedirect :false`
`38`	`44`
`39`	`45`	`constonSubmit=async({ email, password}:{email:string;password:string})=>{`
`40`	`46`	`authSend({type:"SIGN_IN", email, password})`
`41`	`47`	`}`
`42`	`48`
`43`		`-const{ authError, checkPermissionsError, getMethodsError}=authState.context`
	`49`	`+const{ authError,getUserError,checkPermissionsError, getMethodsError}=authState.context`
`44`	`50`
`45`	`51`	`if(authState.matches("signedIn")){`
`46`	`52`	`return<Navigateto={redirectTo}replace/>`
`@@ -57,9 +63,10 @@ export const LoginPage: React.FC = () => {`
`57`	`63`	`redirectTo={redirectTo}`
`58`	`64`	`isLoading={isLoading}`
`59`	`65`	`loginErrors={{`
`60`		`- authError,`
`61`		`- checkPermissionsError,`
`62`		`- getMethodsError,`
	`66`	`+[LoginErrors.AUTH_ERROR]:authError,`
	`67`	`+[LoginErrors.GET_USER_ERROR]:isRedirected ?getUserError :null,`
	`68`	`+[LoginErrors.CHECK_PERMISSIONS_ERROR]:checkPermissionsError,`
	`69`	`+[LoginErrors.GET_METHODS_ERROR]:getMethodsError,`
`63`	`70`	`}}`
`64`	`71`	`onSubmit={onSubmit}`
`65`	`72`	`/>`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commite94fe20

File tree

5 files changed

5 files changed

`‎coderd/httpmw/apikey.go`

`‎site/src/components/RequireAuth/RequireAuth.tsx`

`‎site/src/components/SignInForm/SignInForm.stories.tsx`

`‎site/src/components/SignInForm/SignInForm.tsx`

`‎site/src/pages/LoginPage/LoginPage.tsx`

0 commit comments