Skip to content

Commit 26ab0d3

Browse files
mafredrimafredri
authored
fix: Protect codersdk.Client SessionToken so it can be updated (#4965)
This feature is used by the coder agent to exchange a new token. By protecting the SessionToken via mutex we ensure there are no data races when accessing it.
1 parent 8cadb33 commit 26ab0d3

25 files changed

+82
-64
lines changed

cli/agent.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,7 @@ func workspaceAgent() *cobra.Command {
9797
if err != nil {
9898
return xerrors.Errorf("CODER_AGENT_TOKEN must be set for token auth: %w", err)
9999
}
100-
client.SessionToken = token
100+
client.SetSessionToken(token)
101101
case "google-instance-identity":
102102
// This is *only* done for testing to mock client authentication.
103103
// This will never be set in a production scenario.
@@ -153,13 +153,13 @@ func workspaceAgent() *cobra.Command {
153153
Logger: logger,
154154
ExchangeToken: func(ctx context.Context) (string, error) {
155155
if exchangeToken == nil {
156-
return client.SessionToken, nil
156+
return client.SessionToken(), nil
157157
}
158158
resp, err := exchangeToken(ctx)
159159
if err != nil {
160160
return "", err
161161
}
162-
client.SessionToken = resp.SessionToken
162+
client.SetSessionToken(resp.SessionToken)
163163
return resp.SessionToken, nil
164164
},
165165
EnvironmentVariables: map[string]string{

cli/clitest/clitest.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ func NewWithSubcommands(
4343

4444
// SetupConfig applies the URL and SessionToken of the client to the config.
4545
func SetupConfig(t *testing.T, client *codersdk.Client, root config.Root) {
46-
err := root.Session().Write(client.SessionToken)
46+
err := root.Session().Write(client.SessionToken())
4747
require.NoError(t, err)
4848
err = root.URL().Write(client.URL.String())
4949
require.NoError(t, err)

cli/configssh_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ func TestConfigSSH(t *testing.T) {
105105
workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID)
106106
coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID)
107107
agentClient := codersdk.New(client.URL)
108-
agentClient.SessionToken = authToken
108+
agentClient.SetSessionToken(authToken)
109109
agentCloser := agent.New(agent.Options{
110110
Client: agentClient,
111111
Logger: slogtest.Make(t, nil).Named("agent"),

cli/login.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -214,7 +214,7 @@ func login() *cobra.Command {
214214
Text: "Paste your token here:",
215215
Secret: true,
216216
Validate: func(token string) error {
217-
client.SessionToken = token
217+
client.SetSessionToken(token)
218218
_, err := client.User(cmd.Context(), codersdk.Me)
219219
if err != nil {
220220
return xerrors.New("That's not a valid token!")
@@ -228,7 +228,7 @@ func login() *cobra.Command {
228228
}
229229

230230
// Login to get user data - verify it is OK before persisting
231-
client.SessionToken = sessionToken
231+
client.SetSessionToken(sessionToken)
232232
resp, err := client.User(cmd.Context(), codersdk.Me)
233233
if err != nil {
234234
return xerrors.Errorf("get user: %w", err)

cli/login_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -148,7 +148,7 @@ func TestLogin(t *testing.T) {
148148
}()
149149

150150
pty.ExpectMatch("Paste your token here:")
151-
pty.WriteLine(client.SessionToken)
151+
pty.WriteLine(client.SessionToken())
152152
pty.ExpectMatch("Welcome to Coder")
153153
<-doneChan
154154
})
@@ -183,11 +183,11 @@ func TestLogin(t *testing.T) {
183183
t.Parallel()
184184
client := coderdtest.New(t, nil)
185185
coderdtest.CreateFirstUser(t, client)
186-
root, cfg := clitest.New(t, "login", client.URL.String(), "--token", client.SessionToken)
186+
root, cfg := clitest.New(t, "login", client.URL.String(), "--token", client.SessionToken())
187187
err := root.Execute()
188188
require.NoError(t, err)
189189
sessionFile, err := cfg.Session().Read()
190190
require.NoError(t, err)
191-
require.Equal(t, client.SessionToken, sessionFile)
191+
require.Equal(t, client.SessionToken(), sessionFile)
192192
})
193193
}

cli/logout_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -209,7 +209,7 @@ func login(t *testing.T, pty *ptytest.PTY) config.Root {
209209
}()
210210

211211
pty.ExpectMatch("Paste your token here:")
212-
pty.WriteLine(client.SessionToken)
212+
pty.WriteLine(client.SessionToken())
213213
pty.ExpectMatch("Welcome to Coder")
214214
<-doneChan
215215

cli/root.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -306,7 +306,7 @@ func CreateClient(cmd *cobra.Command) (*codersdk.Client, error) {
306306
if err != nil {
307307
return nil, err
308308
}
309-
client.SessionToken = token
309+
client.SetSessionToken(token)
310310
return client, nil
311311
}
312312

@@ -347,7 +347,7 @@ func createAgentClient(cmd *cobra.Command) (*codersdk.Client, error) {
347347
return nil, err
348348
}
349349
client := codersdk.New(serverURL)
350-
client.SessionToken = token
350+
client.SetSessionToken(token)
351351
return client, nil
352352
}
353353

cli/speedtest_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ func TestSpeedtest(t *testing.T) {
2222
}
2323
client, workspace, agentToken := setupWorkspaceForAgent(t)
2424
agentClient := codersdk.New(client.URL)
25-
agentClient.SessionToken = agentToken
25+
agentClient.SetSessionToken(agentToken)
2626
agentCloser := agent.New(agent.Options{
2727
Client: agentClient,
2828
Logger: slogtest.Make(t, nil).Named("agent"),

cli/ssh_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,7 @@ func TestSSH(t *testing.T) {
8787
pty.ExpectMatch("Waiting")
8888

8989
agentClient := codersdk.New(client.URL)
90-
agentClient.SessionToken = agentToken
90+
agentClient.SetSessionToken(agentToken)
9191
agentCloser := agent.New(agent.Options{
9292
Client: agentClient,
9393
Logger: slogtest.Make(t, nil).Named("agent"),
@@ -107,7 +107,7 @@ func TestSSH(t *testing.T) {
107107
// Run this async so the SSH command has to wait for
108108
// the build and agent to connect!
109109
agentClient := codersdk.New(client.URL)
110-
agentClient.SessionToken = agentToken
110+
agentClient.SetSessionToken(agentToken)
111111
agentCloser := agent.New(agent.Options{
112112
Client: agentClient,
113113
Logger: slogtest.Make(t, nil).Named("agent"),
@@ -174,7 +174,7 @@ func TestSSH(t *testing.T) {
174174
client, workspace, agentToken := setupWorkspaceForAgent(t)
175175

176176
agentClient := codersdk.New(client.URL)
177-
agentClient.SessionToken = agentToken
177+
agentClient.SetSessionToken(agentToken)
178178
agentCloser := agent.New(agent.Options{
179179
Client: agentClient,
180180
Logger: slogtest.Make(t, nil).Named("agent"),

coderd/coderdtest/coderdtest.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -360,7 +360,7 @@ func CreateFirstUser(t *testing.T, client *codersdk.Client) codersdk.CreateFirst
360360
Password: FirstUserParams.Password,
361361
})
362362
require.NoError(t, err)
363-
client.SessionToken = login.SessionToken
363+
client.SetSessionToken(login.SessionToken)
364364
return resp
365365
}
366366

@@ -400,7 +400,7 @@ func createAnotherUserRetry(t *testing.T, client *codersdk.Client, organizationI
400400
require.NoError(t, err)
401401

402402
other := codersdk.New(client.URL)
403-
other.SessionToken = login.SessionToken
403+
other.SetSessionToken(login.SessionToken)
404404

405405
if len(roles) > 0 {
406406
// Find the roles for the org vs the site wide roles

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy