Skip to content

Commit ae9bd18

Browse files
code-ashercode-asher
committed
Add OAuth2 provider codes and tokens to database
1 parent 4587ef0 commit ae9bd18

20 files changed

+1373
-82
lines changed

coderd/database/dbauthz/dbauthz.go

Lines changed: 82 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -812,13 +812,40 @@ func (q *querier) DeleteOAuth2ProviderAppByID(ctx context.Context, id uuid.UUID)
812812
return q.db.DeleteOAuth2ProviderAppByID(ctx, id)
813813
}
814814

815+
func (q *querier) DeleteOAuth2ProviderAppCodeByID(ctx context.Context, id uuid.UUID) error {
816+
code, err := q.db.GetOAuth2ProviderAppCodeByID(ctx, id)
817+
if err != nil {
818+
return err
819+
}
820+
if err := q.authorizeContext(ctx, rbac.ActionDelete, rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(code.UserID.String())); err != nil {
821+
return err
822+
}
823+
return q.db.DeleteOAuth2ProviderAppCodeByID(ctx, id)
824+
}
825+
826+
func (q *querier) DeleteOAuth2ProviderAppCodesByAppAndUserID(ctx context.Context, arg database.DeleteOAuth2ProviderAppCodesByAppAndUserIDParams) error {
827+
if err := q.authorizeContext(ctx, rbac.ActionDelete,
828+
rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(arg.UserID.String())); err != nil {
829+
return err
830+
}
831+
return q.db.DeleteOAuth2ProviderAppCodesByAppAndUserID(ctx, arg)
832+
}
833+
815834
func (q *querier) DeleteOAuth2ProviderAppSecretByID(ctx context.Context, id uuid.UUID) error {
816835
if err := q.authorizeContext(ctx, rbac.ActionDelete, rbac.ResourceOAuth2ProviderAppSecret); err != nil {
817836
return err
818837
}
819838
return q.db.DeleteOAuth2ProviderAppSecretByID(ctx, id)
820839
}
821840

841+
func (q *querier) DeleteOAuth2ProviderAppTokensByAppAndUserID(ctx context.Context, arg database.DeleteOAuth2ProviderAppTokensByAppAndUserIDParams) error {
842+
if err := q.authorizeContext(ctx, rbac.ActionDelete,
843+
rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(arg.UserID.String())); err != nil {
844+
return err
845+
}
846+
return q.db.DeleteOAuth2ProviderAppTokensByAppAndUserID(ctx, arg)
847+
}
848+
822849
func (q *querier) DeleteOldProvisionerDaemons(ctx context.Context) error {
823850
if err := q.authorizeContext(ctx, rbac.ActionDelete, rbac.ResourceSystem); err != nil {
824851
return err
@@ -1152,6 +1179,27 @@ func (q *querier) GetOAuth2ProviderAppByID(ctx context.Context, id uuid.UUID) (d
11521179
return q.db.GetOAuth2ProviderAppByID(ctx, id)
11531180
}
11541181

1182+
func (q *querier) GetOAuth2ProviderAppCodeByAppIDAndSecret(ctx context.Context, arg database.GetOAuth2ProviderAppCodeByAppIDAndSecretParams) (database.OAuth2ProviderAppCode, error) {
1183+
if err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceOAuth2ProviderAppCodeToken); err != nil {
1184+
return database.OAuth2ProviderAppCode{}, err
1185+
}
1186+
return q.db.GetOAuth2ProviderAppCodeByAppIDAndSecret(ctx, arg)
1187+
}
1188+
1189+
func (q *querier) GetOAuth2ProviderAppCodeByID(ctx context.Context, id uuid.UUID) (database.OAuth2ProviderAppCode, error) {
1190+
if err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceOAuth2ProviderAppCodeToken); err != nil {
1191+
return database.OAuth2ProviderAppCode{}, err
1192+
}
1193+
return q.db.GetOAuth2ProviderAppCodeByID(ctx, id)
1194+
}
1195+
1196+
func (q *querier) GetOAuth2ProviderAppSecretByAppIDAndSecret(ctx context.Context, arg database.GetOAuth2ProviderAppSecretByAppIDAndSecretParams) (database.OAuth2ProviderAppSecret, error) {
1197+
if err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceOAuth2ProviderAppSecret); err != nil {
1198+
return database.OAuth2ProviderAppSecret{}, err
1199+
}
1200+
return q.db.GetOAuth2ProviderAppSecretByAppIDAndSecret(ctx, arg)
1201+
}
1202+
11551203
func (q *querier) GetOAuth2ProviderAppSecretByID(ctx context.Context, id uuid.UUID) (database.OAuth2ProviderAppSecret, error) {
11561204
if err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceOAuth2ProviderAppSecret); err != nil {
11571205
return database.OAuth2ProviderAppSecret{}, err
@@ -1166,13 +1214,28 @@ func (q *querier) GetOAuth2ProviderAppSecretsByAppID(ctx context.Context, appID
11661214
return q.db.GetOAuth2ProviderAppSecretsByAppID(ctx, appID)
11671215
}
11681216

1217+
func (q *querier) GetOAuth2ProviderAppTokenByAppSecretIDAndSecret(ctx context.Context, arg database.GetOAuth2ProviderAppTokenByAppSecretIDAndSecretParams) (database.OAuth2ProviderAppToken, error) {
1218+
if err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceOAuth2ProviderAppCodeToken); err != nil {
1219+
return database.OAuth2ProviderAppToken{}, err
1220+
}
1221+
return q.db.GetOAuth2ProviderAppTokenByAppSecretIDAndSecret(ctx, arg)
1222+
}
1223+
11691224
func (q *querier) GetOAuth2ProviderApps(ctx context.Context) ([]database.OAuth2ProviderApp, error) {
11701225
if err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceOAuth2ProviderApp); err != nil {
11711226
return []database.OAuth2ProviderApp{}, err
11721227
}
11731228
return q.db.GetOAuth2ProviderApps(ctx)
11741229
}
11751230

1231+
func (q *querier) GetOAuth2ProviderAppsByUserID(ctx context.Context, userID uuid.UUID) ([]database.GetOAuth2ProviderAppsByUserIDRow, error) {
1232+
if err := q.authorizeContext(ctx, rbac.ActionRead,
1233+
rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(userID.String())); err != nil {
1234+
return []database.GetOAuth2ProviderAppsByUserIDRow{}, err
1235+
}
1236+
return q.db.GetOAuth2ProviderAppsByUserID(ctx, userID)
1237+
}
1238+
11761239
func (q *querier) GetOAuthSigningKey(ctx context.Context) (string, error) {
11771240
if err := q.authorizeContext(ctx, rbac.ActionUpdate, rbac.ResourceSystem); err != nil {
11781241
return "", err
@@ -2194,13 +2257,32 @@ func (q *querier) InsertOAuth2ProviderApp(ctx context.Context, arg database.Inse
21942257
return q.db.InsertOAuth2ProviderApp(ctx, arg)
21952258
}
21962259

2260+
func (q *querier) InsertOAuth2ProviderAppCode(ctx context.Context, arg database.InsertOAuth2ProviderAppCodeParams) (database.OAuth2ProviderAppCode, error) {
2261+
if err := q.authorizeContext(ctx, rbac.ActionCreate,
2262+
rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(arg.UserID.String())); err != nil {
2263+
return database.OAuth2ProviderAppCode{}, err
2264+
}
2265+
return q.db.InsertOAuth2ProviderAppCode(ctx, arg)
2266+
}
2267+
21972268
func (q *querier) InsertOAuth2ProviderAppSecret(ctx context.Context, arg database.InsertOAuth2ProviderAppSecretParams) (database.OAuth2ProviderAppSecret, error) {
21982269
if err := q.authorizeContext(ctx, rbac.ActionCreate, rbac.ResourceOAuth2ProviderAppSecret); err != nil {
21992270
return database.OAuth2ProviderAppSecret{}, err
22002271
}
22012272
return q.db.InsertOAuth2ProviderAppSecret(ctx, arg)
22022273
}
22032274

2275+
func (q *querier) InsertOAuth2ProviderAppToken(ctx context.Context, arg database.InsertOAuth2ProviderAppTokenParams) (database.OAuth2ProviderAppToken, error) {
2276+
key, err := q.db.GetAPIKeyByID(ctx, arg.APIKeyID)
2277+
if err != nil {
2278+
return database.OAuth2ProviderAppToken{}, err
2279+
}
2280+
if err := q.authorizeContext(ctx, rbac.ActionCreate, rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(key.UserID.String())); err != nil {
2281+
return database.OAuth2ProviderAppToken{}, err
2282+
}
2283+
return q.db.InsertOAuth2ProviderAppToken(ctx, arg)
2284+
}
2285+
22042286
func (q *querier) InsertOrganization(ctx context.Context, arg database.InsertOrganizationParams) (database.Organization, error) {
22052287
return insert(q.log, q.auth, rbac.ResourceOrganization, q.db.InsertOrganization)(ctx, arg)
22062288
}

coderd/database/dbauthz/dbauthz_test.go

Lines changed: 146 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2258,6 +2258,16 @@ func (s *MethodTestSuite) TestOAuth2ProviderAppSecrets() {
22582258
})
22592259
check.Args(secret.ID).Asserts(rbac.ResourceOAuth2ProviderAppSecret, rbac.ActionRead).Returns(secret)
22602260
}))
2261+
s.Run("GetOAuth2ProviderAppSecretByAppIDAndSecret", s.Subtest(func(db database.Store, check *expects) {
2262+
app := dbgen.OAuth2ProviderApp(s.T(), db, database.OAuth2ProviderApp{})
2263+
secret := dbgen.OAuth2ProviderAppSecret(s.T(), db, database.OAuth2ProviderAppSecret{
2264+
AppID: app.ID,
2265+
})
2266+
check.Args(database.GetOAuth2ProviderAppSecretByAppIDAndSecretParams{
2267+
AppID: app.ID,
2268+
HashedSecret: secret.HashedSecret,
2269+
}).Asserts(rbac.ResourceOAuth2ProviderAppSecret, rbac.ActionRead).Returns(secret)
2270+
}))
22612271
s.Run("InsertOAuth2ProviderAppSecret", s.Subtest(func(db database.Store, check *expects) {
22622272
app := dbgen.OAuth2ProviderApp(s.T(), db, database.OAuth2ProviderApp{})
22632273
check.Args(database.InsertOAuth2ProviderAppSecretParams{
@@ -2283,3 +2293,139 @@ func (s *MethodTestSuite) TestOAuth2ProviderAppSecrets() {
22832293
check.Args(secret.ID).Asserts(rbac.ResourceOAuth2ProviderAppSecret, rbac.ActionDelete)
22842294
}))
22852295
}
2296+
2297+
func (s *MethodTestSuite) TestOAuth2ProviderAppCodes() {
2298+
s.Run("GetOAuth2ProviderAppCodeByID", s.Subtest(func(db database.Store, check *expects) {
2299+
user := dbgen.User(s.T(), db, database.User{})
2300+
app := dbgen.OAuth2ProviderApp(s.T(), db, database.OAuth2ProviderApp{})
2301+
code := dbgen.OAuth2ProviderAppCode(s.T(), db, database.OAuth2ProviderAppCode{
2302+
AppID: app.ID,
2303+
UserID: user.ID,
2304+
})
2305+
check.Args(code.ID).Asserts(rbac.ResourceOAuth2ProviderAppCodeToken, rbac.ActionRead).Returns(code)
2306+
}))
2307+
s.Run("GetOAuth2ProviderAppCodeByAppIDAndSecret", s.Subtest(func(db database.Store, check *expects) {
2308+
user := dbgen.User(s.T(), db, database.User{})
2309+
app := dbgen.OAuth2ProviderApp(s.T(), db, database.OAuth2ProviderApp{})
2310+
code := dbgen.OAuth2ProviderAppCode(s.T(), db, database.OAuth2ProviderAppCode{
2311+
AppID: app.ID,
2312+
UserID: user.ID,
2313+
})
2314+
check.Args(database.GetOAuth2ProviderAppCodeByAppIDAndSecretParams{
2315+
AppID: app.ID,
2316+
HashedSecret: code.HashedSecret,
2317+
}).Asserts(rbac.ResourceOAuth2ProviderAppCodeToken, rbac.ActionRead).Returns(code)
2318+
}))
2319+
s.Run("InsertOAuth2ProviderAppCode", s.Subtest(func(db database.Store, check *expects) {
2320+
user := dbgen.User(s.T(), db, database.User{})
2321+
app := dbgen.OAuth2ProviderApp(s.T(), db, database.OAuth2ProviderApp{})
2322+
check.Args(database.InsertOAuth2ProviderAppCodeParams{
2323+
AppID: app.ID,
2324+
UserID: user.ID,
2325+
}).Asserts(rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(user.ID.String()), rbac.ActionCreate)
2326+
}))
2327+
s.Run("DeleteOAuth2ProviderAppCodeByID", s.Subtest(func(db database.Store, check *expects) {
2328+
user := dbgen.User(s.T(), db, database.User{})
2329+
app := dbgen.OAuth2ProviderApp(s.T(), db, database.OAuth2ProviderApp{})
2330+
code := dbgen.OAuth2ProviderAppCode(s.T(), db, database.OAuth2ProviderAppCode{
2331+
AppID: app.ID,
2332+
UserID: user.ID,
2333+
})
2334+
check.Args(code.ID).Asserts(rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(user.ID.String()), rbac.ActionDelete)
2335+
}))
2336+
s.Run("DeleteOAuth2ProviderAppCodesByAppAndUserID", s.Subtest(func(db database.Store, check *expects) {
2337+
user := dbgen.User(s.T(), db, database.User{})
2338+
app := dbgen.OAuth2ProviderApp(s.T(), db, database.OAuth2ProviderApp{})
2339+
for i := 0; i < 5; i++ {
2340+
_ = dbgen.OAuth2ProviderAppCode(s.T(), db, database.OAuth2ProviderAppCode{
2341+
AppID: app.ID,
2342+
UserID: user.ID,
2343+
})
2344+
}
2345+
check.Args(database.DeleteOAuth2ProviderAppCodesByAppAndUserIDParams{
2346+
AppID: app.ID,
2347+
UserID: user.ID,
2348+
}).Asserts(rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(user.ID.String()), rbac.ActionDelete)
2349+
}))
2350+
}
2351+
2352+
func (s *MethodTestSuite) TestOAuth2ProviderAppTokens() {
2353+
s.Run("GetOAuth2ProviderAppTokenByAppSecretIDAndSecret", s.Subtest(func(db database.Store, check *expects) {
2354+
user := dbgen.User(s.T(), db, database.User{})
2355+
key, _ := dbgen.APIKey(s.T(), db, database.APIKey{
2356+
UserID: user.ID,
2357+
})
2358+
app := dbgen.OAuth2ProviderApp(s.T(), db, database.OAuth2ProviderApp{})
2359+
secret := dbgen.OAuth2ProviderAppSecret(s.T(), db, database.OAuth2ProviderAppSecret{
2360+
AppID: app.ID,
2361+
})
2362+
token := dbgen.OAuth2ProviderAppToken(s.T(), db, database.OAuth2ProviderAppToken{
2363+
AppSecretID: secret.ID,
2364+
APIKeyID: key.ID,
2365+
})
2366+
check.Args(database.GetOAuth2ProviderAppTokenByAppSecretIDAndSecretParams{
2367+
AppSecretID: secret.ID,
2368+
HashedSecret: token.HashedSecret,
2369+
}).Asserts(rbac.ResourceOAuth2ProviderAppCodeToken, rbac.ActionRead).Returns(token)
2370+
}))
2371+
s.Run("GetOAuth2ProviderAppsByUserID", s.Subtest(func(db database.Store, check *expects) {
2372+
user := dbgen.User(s.T(), db, database.User{})
2373+
key, _ := dbgen.APIKey(s.T(), db, database.APIKey{
2374+
UserID: user.ID,
2375+
})
2376+
app := dbgen.OAuth2ProviderApp(s.T(), db, database.OAuth2ProviderApp{})
2377+
_ = dbgen.OAuth2ProviderApp(s.T(), db, database.OAuth2ProviderApp{})
2378+
secret := dbgen.OAuth2ProviderAppSecret(s.T(), db, database.OAuth2ProviderAppSecret{
2379+
AppID: app.ID,
2380+
})
2381+
for i := 0; i < 5; i++ {
2382+
_ = dbgen.OAuth2ProviderAppToken(s.T(), db, database.OAuth2ProviderAppToken{
2383+
AppSecretID: secret.ID,
2384+
APIKeyID: key.ID,
2385+
})
2386+
}
2387+
check.Args(user.ID).Asserts(rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(user.ID.String()), rbac.ActionRead).Returns([]database.GetOAuth2ProviderAppsByUserIDRow{
2388+
{
2389+
ID: app.ID,
2390+
CallbackURL: app.CallbackURL,
2391+
Icon: app.Icon,
2392+
Name: app.Name,
2393+
TokenCount: 5,
2394+
},
2395+
})
2396+
}))
2397+
s.Run("InsertOAuth2ProviderAppToken", s.Subtest(func(db database.Store, check *expects) {
2398+
user := dbgen.User(s.T(), db, database.User{})
2399+
key, _ := dbgen.APIKey(s.T(), db, database.APIKey{
2400+
UserID: user.ID,
2401+
})
2402+
app := dbgen.OAuth2ProviderApp(s.T(), db, database.OAuth2ProviderApp{})
2403+
secret := dbgen.OAuth2ProviderAppSecret(s.T(), db, database.OAuth2ProviderAppSecret{
2404+
AppID: app.ID,
2405+
})
2406+
check.Args(database.InsertOAuth2ProviderAppTokenParams{
2407+
AppSecretID: secret.ID,
2408+
APIKeyID: key.ID,
2409+
}).Asserts(rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(user.ID.String()), rbac.ActionCreate)
2410+
}))
2411+
s.Run("DeleteOAuth2ProviderAppTokensByAppAndUserID", s.Subtest(func(db database.Store, check *expects) {
2412+
user := dbgen.User(s.T(), db, database.User{})
2413+
key, _ := dbgen.APIKey(s.T(), db, database.APIKey{
2414+
UserID: user.ID,
2415+
})
2416+
app := dbgen.OAuth2ProviderApp(s.T(), db, database.OAuth2ProviderApp{})
2417+
secret := dbgen.OAuth2ProviderAppSecret(s.T(), db, database.OAuth2ProviderAppSecret{
2418+
AppID: app.ID,
2419+
})
2420+
for i := 0; i < 5; i++ {
2421+
_ = dbgen.OAuth2ProviderAppToken(s.T(), db, database.OAuth2ProviderAppToken{
2422+
AppSecretID: secret.ID,
2423+
APIKeyID: key.ID,
2424+
})
2425+
}
2426+
check.Args(database.DeleteOAuth2ProviderAppTokensByAppAndUserIDParams{
2427+
AppID: app.ID,
2428+
UserID: user.ID,
2429+
}).Asserts(rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(user.ID.String()), rbac.ActionDelete)
2430+
}))
2431+
}

coderd/database/dbgen/dbgen.go

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -704,6 +704,32 @@ func OAuth2ProviderAppSecret(t testing.TB, db database.Store, seed database.OAut
704704
return app
705705
}
706706

707+
func OAuth2ProviderAppCode(t testing.TB, db database.Store, seed database.OAuth2ProviderAppCode) database.OAuth2ProviderAppCode {
708+
code, err := db.InsertOAuth2ProviderAppCode(genCtx, database.InsertOAuth2ProviderAppCodeParams{
709+
ID: takeFirst(seed.ID, uuid.New()),
710+
CreatedAt: takeFirst(seed.CreatedAt, dbtime.Now()),
711+
ExpiresAt: takeFirst(seed.CreatedAt, dbtime.Now()),
712+
HashedSecret: takeFirstSlice(seed.HashedSecret, []byte("hashed-secret")),
713+
AppID: takeFirst(seed.AppID, uuid.New()),
714+
UserID: takeFirst(seed.UserID, uuid.New()),
715+
})
716+
require.NoError(t, err, "insert oauth2 app code")
717+
return code
718+
}
719+
720+
func OAuth2ProviderAppToken(t testing.TB, db database.Store, seed database.OAuth2ProviderAppToken) database.OAuth2ProviderAppToken {
721+
token, err := db.InsertOAuth2ProviderAppToken(genCtx, database.InsertOAuth2ProviderAppTokenParams{
722+
ID: takeFirst(seed.ID, uuid.New()),
723+
CreatedAt: takeFirst(seed.CreatedAt, dbtime.Now()),
724+
ExpiresAt: takeFirst(seed.CreatedAt, dbtime.Now()),
725+
HashedSecret: takeFirstSlice(seed.HashedSecret, []byte("hashed-secret")),
726+
AppSecretID: takeFirst(seed.AppSecretID, uuid.New()),
727+
APIKeyID: takeFirst(seed.APIKeyID, uuid.New().String()),
728+
})
729+
require.NoError(t, err, "insert oauth2 app token")
730+
return token
731+
}
732+
707733
func must[V any](v V, err error) V {
708734
if err != nil {
709735
panic(err)

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy