Skip to content

Commit 2d3f8f4

Browse files
ethanndicksonethanndickson
committed
chore: make cli session keys respect --session-duration 
1 parent 9da6467 commit 2d3f8f4

File tree

2 files changed

+38
-5
lines changed

2 files changed

+38
-5
lines changed

coderd/apikey.go

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -125,16 +125,11 @@ func (api *API) postAPIKey(rw http.ResponseWriter, r *http.Request) {
125125
ctx := r.Context()
126126
user := httpmw.UserParam(r)
127127

128-
lifeTime := time.Hour * 24 * 7
129128
cookie, _, err := api.createAPIKey(ctx, apikey.CreateParams{
130129
UserID: user.ID,
131130
DefaultLifetime: api.DeploymentValues.Sessions.DefaultDuration.Value(),
132131
LoginType: database.LoginTypePassword,
133132
RemoteAddr: r.RemoteAddr,
134-
// All api generated keys will last 1 week. Browser login tokens have
135-
// a shorter life.
136-
ExpiresAt: dbtime.Now().Add(lifeTime),
137-
LifetimeSeconds: int64(lifeTime.Seconds()),
138133
})
139134
if err != nil {
140135
httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{

coderd/apikey_test.go

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -224,3 +224,41 @@ func TestAPIKey_Deleted(t *testing.T) {
224224
require.ErrorAs(t, err, &apiErr)
225225
require.Equal(t, http.StatusBadRequest, apiErr.StatusCode())
226226
}
227+
228+
func TestAPIKey_Refresh(t *testing.T) {
229+
t.Parallel()
230+
231+
db, pubsub := dbtestutil.NewDB(t)
232+
client := coderdtest.New(t, &coderdtest.Options{
233+
Database: db,
234+
Pubsub: pubsub,
235+
})
236+
owner := coderdtest.CreateFirstUser(t, client)
237+
238+
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
239+
defer cancel()
240+
241+
token, err := client.CreateAPIKey(ctx, owner.UserID.String())
242+
require.NoError(t, err)
243+
split := strings.Split(token.Key, "-")
244+
apiKey1, err := client.APIKeyByID(ctx, owner.UserID.String(), split[0])
245+
require.NoError(t, err)
246+
require.Equal(t, int64(86400), apiKey1.LifetimeSeconds, "default should be 24 hours")
247+
248+
err = db.UpdateAPIKeyByID(ctx, database.UpdateAPIKeyByIDParams{
249+
ID: apiKey1.ID,
250+
LastUsed: apiKey1.LastUsed,
251+
// Cross the no-refresh threshold
252+
ExpiresAt: apiKey1.ExpiresAt.Add(time.Hour * -2),
253+
})
254+
require.NoError(t, err, "update login key")
255+
256+
// Refresh the token
257+
client.SetSessionToken(token.Key)
258+
_, err = client.User(ctx, codersdk.Me)
259+
require.NoError(t, err)
260+
261+
apiKey2, err := client.APIKeyByID(ctx, owner.UserID.String(), split[0])
262+
require.NoError(t, err)
263+
require.True(t, apiKey2.ExpiresAt.After(apiKey1.ExpiresAt), "token should have a later expiry")
264+
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy