Oct 31, 2024 · Oct 30, 2024 · Oct 30, 2024 · Oct 30, 2024 · Oct 30, 2024 · Oct 30, 2024
diff --git a/cli/server_createadminuser.go b/cli/server_createadminuser.go
 UpdatedAt:      dbtime.Now(),
 RBACRoles:      []string{rbac.RoleOwner().String()},
 LoginType:      database.LoginTypePassword,
 Status:         "",
 })
 if err != nil {
 return xerrors.Errorf("insert user: %w", err)
diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go
diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json
diff --git a/coderd/audit/fields.go b/coderd/audit/fields.go
 package audit

 import (
 "context"
 "encoding/json"

 "cdr.dev/slog"
 )

 type BackgroundSubsystem string

 const (
 BackgroundSubsystemDormancy BackgroundSubsystem = "dormancy"
 )

 func BackgroundTaskFields(subsystem BackgroundSubsystem) map[string]string {
 return map[string]string{
 "automatic_actor":     "coder",
 "automatic_subsystem": string(subsystem),
 }
 }

 func BackgroundTaskFieldsBytes(ctx context.Context, logger slog.Logger, subsystem BackgroundSubsystem) []byte {
 af := BackgroundTaskFields(subsystem)

 wriBytes, err := json.Marshal(af)
 if err != nil {
 logger.Error(ctx, "marshal additional fields for dormancy audit", slog.Error(err))
 return []byte("{}")
 }

 return wriBytes
 }
diff --git a/coderd/audit/request.go b/coderd/audit/request.go
 Audit Auditor
 Log   slog.Logger

 UserID           uuid.UUID
 RequestID        uuid.UUID
 Status           int
 Action           database.AuditAction
 OrganizationID   uuid.UUID
 IP               string
 UserID         uuid.UUID
 RequestID      uuid.UUID
 Status         int
 Action         database.AuditAction
 OrganizationID uuid.UUID
 IP             string
 // todo: this should automatically marshal an interface{} instead of accepting a raw message.
 AdditionalFields json.RawMessage

 New T
diff --git a/coderd/coderd.go b/coderd/coderd.go

 apiKeyMiddleware := httpmw.ExtractAPIKeyMW(httpmw.ExtractAPIKeyConfig{
 DB:                            options.Database,
 ActivateDormantUser:           ActivateDormantUser(options.Logger, &api.Auditor, options.Database),
 OAuth2Configs:                 oauthConfigs,
 RedirectToLogin:               false,
 DisableSessionExpiryRefresh:   options.DeploymentValues.Sessions.DisableExpiryRefresh.Value(),
diff --git a/coderd/coderdtest/coderdtest.go b/coderd/coderdtest/coderdtest.go
 Name:            RandomName(t),
 Password:        "SomeSecurePassword!",
 OrganizationIDs: organizationIDs,
 // Always create users as active in tests to ignore an extra audit log
 // when logging in.
 UserStatus: ptr.Ref(codersdk.UserStatusActive),
 }
 for _, m := range mutators {
 m(&req)
diff --git a/coderd/database/dbgen/dbgen.go b/coderd/database/dbgen/dbgen.go
 UpdatedAt:      takeFirst(orig.UpdatedAt, dbtime.Now()),
 RBACRoles:      takeFirstSlice(orig.RBACRoles, []string{}),
 LoginType:      takeFirst(orig.LoginType, database.LoginTypePassword),
 Status:         string(takeFirst(orig.Status, database.UserStatusDormant)),
 })
 require.NoError(t, err, "insert user")

diff --git a/coderd/database/dbmem/dbmem.go b/coderd/database/dbmem/dbmem.go
 }
 }

 status := database.UserStatusDormant
 if arg.Status != "" {
 status = database.UserStatus(arg.Status)
 }

 user := database.User{
 ID:             arg.ID,
 Email:          arg.Email,
 UpdatedAt:      arg.UpdatedAt,
 Username:       arg.Username,
 Name:           arg.Name,
 Status:database.UserStatusDormant,
 Status:status,
 RBACRoles:      arg.RBACRoles,
 LoginType:      arg.LoginType,
 }
 updated = append(updated, database.UpdateInactiveUsersToDormantRow{
 ID:         user.ID,
 Email:      user.Email,
 Username:   user.Username,
 LastSeenAt: user.LastSeenAt,
 })
 }
diff --git a/coderd/database/queries.sql.go b/coderd/database/queries.sql.go
diff --git a/coderd/database/queries/users.sql b/coderd/database/queries/users.sql
 created_at,
 updated_at,
 rbac_roles,
 login_type
 login_type,
 status
 )
 VALUES
 ($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING *;
 ($1, $2, $3, $4, $5, $6, $7, $8, $9,
 -- if the status passed in is empty, fallback to dormant, which is what
 -- we were doing before.
 COALESCE(NULLIF(@status::text, '')::user_status, 'dormant'::user_status)
 ) RETURNING *;

 -- name: UpdateUserProfile :one
 UPDATE
 WHERE
    last_seen_at < @last_seen_after :: timestamp
    AND status = 'active'::user_status
 RETURNING id, email, last_seen_at;
 RETURNING id, email,username,last_seen_at;

 -- AllUserIDs returns all UserIDs regardless of user status or deletion.
 -- name: AllUserIDs :many
diff --git a/coderd/httpmw/apikey.go b/coderd/httpmw/apikey.go

 type ExtractAPIKeyConfig struct {
 DB                          database.Store
 ActivateDormantUser         func(ctx context.Context, u database.User) (database.User, error)
 OAuth2Configs               *OAuth2Configs
 RedirectToLogin             bool
 DisableSessionExpiryRefresh bool
 })
 }

 if userStatus == database.UserStatusDormant {
 // If coder confirms that the dormant user is valid, it can switch their account to active.
 // nolint:gocritic
 u, err := cfg.DB.UpdateUserStatus(dbauthz.AsSystemRestricted(ctx), database.UpdateUserStatusParams{
 ID:        key.UserID,
 Status:    database.UserStatusActive,
 UpdatedAt: dbtime.Now(),
 if userStatus == database.UserStatusDormant && cfg.ActivateDormantUser != nil {
 id, _ := uuid.Parse(actor.ID)
 user, err := cfg.ActivateDormantUser(ctx, database.User{
 ID:       id,
 Username: actor.FriendlyName,
 Status:   userStatus,
 })
 if err != nil {
 return write(http.StatusInternalServerError, codersdk.Response{
 Message: internalErrorMessage,
 Detail:  fmt.Sprintf("can't activate a dormantuser: %s", err.Error()),
 Detail:  fmt.Sprintf("updateuser status: %s", err.Error()),
 })
 }
 userStatus =u.Status
 userStatus =user.Status
 }

 if userStatus != database.UserStatusActive {
diff --git a/coderd/provisionerdserver/provisionerdserver.go b/coderd/provisionerdserver/provisionerdserver.go
 wriBytes, err := json.Marshal(buildResourceInfo)
 if err != nil {
 s.Logger.Error(ctx, "marshal workspace resource info for failed job", slog.Error(err))
 wriBytes = []byte("{}")
 }

 bag := audit.BaggageFromContext(ctx)
Original file line number	Diff line number	Diff line change
Expand Up		@@ -197,6 +197,7 @@ func (r RootCmd) newCreateAdminUserCommand() serpent.Command {
		UpdatedAt: dbtime.Now(),
		RBACRoles: []string{rbac.RoleOwner().String()},
		LoginType: database.LoginTypePassword,
		Status: "",
Copy link Collaborator sreyaOct 31, 2024 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. why do we pass`""` here? Should we just pass`active`? Copy link ContributorAuthor coadlerOct 31, 2024 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. Ideally I would omit it but the linter doesn't like leaving it out. It doesn't really matter what this is created as, so`""` just does the default behavior which is dormant.
		})
		if err != nil {
		return xerrors.Errorf("insert user: %w", err)
Expand Down
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,33 @@
		package audit

		import (
		"context"
		"encoding/json"

		"cdr.dev/slog"
		)

		type BackgroundSubsystem string

		const (
		BackgroundSubsystemDormancy BackgroundSubsystem = "dormancy"
		)

		func BackgroundTaskFields(subsystem BackgroundSubsystem) map[string]string {
		return map[string]string{
		"automatic_actor": "coder",
		"automatic_subsystem": string(subsystem),
		}
		}

		func BackgroundTaskFieldsBytes(ctx context.Context, logger slog.Logger, subsystem BackgroundSubsystem) []byte {
		af := BackgroundTaskFields(subsystem)

		wriBytes, err := json.Marshal(af)
		if err != nil {
		logger.Error(ctx, "marshal additional fields for dormancy audit", slog.Error(err))
		return []byte("{}")
		}

		return wriBytes
		}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -62,12 +62,13 @@ type BackgroundAuditParams[T Auditable] struct {
		Audit Auditor
		Log slog.Logger

		UserID uuid.UUID
		RequestID uuid.UUID
		Status int
		Action database.AuditAction
		OrganizationID uuid.UUID
		IP string
		UserID uuid.UUID
		RequestID uuid.UUID
		Status int
		Action database.AuditAction
		OrganizationID uuid.UUID
		IP string
		// todo: this should automatically marshal an interface{} instead of accepting a raw message.
		AdditionalFields json.RawMessage

		New T
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -702,6 +702,7 @@ func New(options Options) API {

		apiKeyMiddleware := httpmw.ExtractAPIKeyMW(httpmw.ExtractAPIKeyConfig{
		DB: options.Database,
		ActivateDormantUser: ActivateDormantUser(options.Logger, &api.Auditor, options.Database),
		OAuth2Configs: oauthConfigs,
		RedirectToLogin: false,
		DisableSessionExpiryRefresh: options.DeploymentValues.Sessions.DisableExpiryRefresh.Value(),
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -719,6 +719,9 @@ func createAnotherUserRetry(t testing.TB, client *codersdk.Client, organizationI
		Name: RandomName(t),
		Password: "SomeSecurePassword!",
		OrganizationIDs: organizationIDs,
		// Always create users as active in tests to ignore an extra audit log
		// when logging in.
		UserStatus: ptr.Ref(codersdk.UserStatusActive),
		}
		for _, m := range mutators {
		m(&req)
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -342,6 +342,7 @@ func User(t testing.TB, db database.Store, orig database.User) database.User {
		UpdatedAt: takeFirst(orig.UpdatedAt, dbtime.Now()),
		RBACRoles: takeFirstSlice(orig.RBACRoles, []string{}),
		LoginType: takeFirst(orig.LoginType, database.LoginTypePassword),
		Status: string(takeFirst(orig.Status, database.UserStatusDormant)),
		})
		require.NoError(t, err, "insert user")

Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -7709,6 +7709,11 @@ func (q *FakeQuerier) InsertUser(_ context.Context, arg database.InsertUserParam
		}
		}

		status := database.UserStatusDormant
		if arg.Status != "" {
		status = database.UserStatus(arg.Status)
		}

		user := database.User{
		ID: arg.ID,
		Email: arg.Email,
Expand All		@@ -7717,7 +7722,7 @@ func (q *FakeQuerier) InsertUser(_ context.Context, arg database.InsertUserParam
		UpdatedAt: arg.UpdatedAt,
		Username: arg.Username,
		Name: arg.Name,
		Status:database.UserStatusDormant,
		Status:status,
		RBACRoles: arg.RBACRoles,
		LoginType: arg.LoginType,
		}
Expand DownExpand Up		@@ -8640,6 +8645,7 @@ func (q *FakeQuerier) UpdateInactiveUsersToDormant(_ context.Context, params dat
		updated = append(updated, database.UpdateInactiveUsersToDormantRow{
		ID: user.ID,
		Email: user.Email,
		Username: user.Username,
		LastSeenAt: user.LastSeenAt,
		})
		}
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -67,10 +67,15 @@ INSERT INTO
		created_at,
		updated_at,
		rbac_roles,
		login_type
		login_type,
		status
		)
		VALUES
		($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING *;
		($1, $2, $3, $4, $5, $6, $7, $8, $9,
		-- if the status passed in is empty, fallback to dormant, which is what
		-- we were doing before.
		COALESCE(NULLIF(@status::text, '')::user_status, 'dormant'::user_status)
		) RETURNING *;
Comment on lines +74 to +78 Copy link Collaborator sreyaOct 31, 2024 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. why do we handle this as a special case? Shouldn't we expect the status to be provided? Copy link ContributorAuthor coadlerOct 31, 2024 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. I didn't really want to leak the previous default behavior out into the API code. I think it makes more sense to do the default behavior here, which is what was happening before when it wasn't being inserted.

		-- name: UpdateUserProfile :one
		UPDATE
Expand DownExpand Up		@@ -286,7 +291,7 @@ SET
		WHERE
		last_seen_at < @last_seen_after :: timestamp
		AND status = 'active'::user_status
		RETURNING id, email, last_seen_at;
		RETURNING id, email,username,last_seen_at;

		-- AllUserIDs returns all UserIDs regardless of user status or deletion.
		-- name: AllUserIDs :many
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -82,6 +82,7 @@ const (

		type ExtractAPIKeyConfig struct {
		DB database.Store
		ActivateDormantUser func(ctx context.Context, u database.User) (database.User, error)
		OAuth2Configs *OAuth2Configs
		RedirectToLogin bool
		DisableSessionExpiryRefresh bool
Expand DownExpand Up		@@ -414,21 +415,20 @@ func ExtractAPIKey(rw http.ResponseWriter, r *http.Request, cfg ExtractAPIKeyCon
		})
		}

		if userStatus == database.UserStatusDormant {
		// If coder confirms that the dormant user is valid, it can switch their account to active.
		// nolint:gocritic
		u, err := cfg.DB.UpdateUserStatus(dbauthz.AsSystemRestricted(ctx), database.UpdateUserStatusParams{
		ID: key.UserID,
		Status: database.UserStatusActive,
		UpdatedAt: dbtime.Now(),
		if userStatus == database.UserStatusDormant && cfg.ActivateDormantUser != nil {
		id, _ := uuid.Parse(actor.ID)
		user, err := cfg.ActivateDormantUser(ctx, database.User{
		ID: id,
		Username: actor.FriendlyName,
		Status: userStatus,
		})
		if err != nil {
		return write(http.StatusInternalServerError, codersdk.Response{
		Message: internalErrorMessage,
		Detail: fmt.Sprintf("can't activate a dormantuser: %s", err.Error()),
		Detail: fmt.Sprintf("updateuser status: %s", err.Error()),
		})
		}
		userStatus =u.Status
		userStatus =user.Status
		}

		if userStatus != database.UserStatusActive {
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -1063,6 +1063,7 @@ func (s server) FailJob(ctx context.Context, failJob proto.FailedJob) (*proto.
		wriBytes, err := json.Marshal(buildResourceInfo)
		if err != nil {
		s.Logger.Error(ctx, "marshal workspace resource info for failed job", slog.Error(err))
		wriBytes = []byte("{}")
		}

		bag := audit.BaggageFromContext(ctx)
Expand Down