fix: Suspended users cannot authenticate (#1849)

* fix: Suspended users cannot authenticate - Merge roles and apikey extract httpmw - Add member account to make dev - feat: UI Shows suspended error logging into suspended account - change 'active' route to 'activate'
2025-07-03 16:13:58 +00:00 · 2022-05-31 08:06:42 -05:00
parent e02ef6f228
commit 26a2a169df
17 changed files with 197 additions and 56 deletions
--- a/coderd/coderd.go
+++ b/coderd/coderd.go
@ -82,8 +82,6 @@ func New(options *Options) *API {
 	apiKeyMiddleware := httpmw.ExtractAPIKey(options.Database, &httpmw.OAuth2Configs{
 		Github: options.GithubOAuth2Config,
 	})
-	// TODO: @emyrk we should just move this into 'ExtractAPIKey'.
-	authRolesMiddleware := httpmw.ExtractUserRoles(options.Database)

 	r.Use(
 		func(next http.Handler) http.Handler {
@ -125,7 +123,6 @@ func New(options *Options) *API {
 		r.Route("/files", func(r chi.Router) {
 			r.Use(
 				apiKeyMiddleware,
-				authRolesMiddleware,
 				// This number is arbitrary, but reading/writing
 				// file content is expensive so it should be small.
 				httpmw.RateLimitPerMinute(12),
@ -136,14 +133,12 @@ func New(options *Options) *API {
 		r.Route("/provisionerdaemons", func(r chi.Router) {
 			r.Use(
 				apiKeyMiddleware,
-				authRolesMiddleware,
 			)
 			r.Get("/", api.provisionerDaemons)
 		})
 		r.Route("/organizations", func(r chi.Router) {
 			r.Use(
 				apiKeyMiddleware,
-				authRolesMiddleware,
 			)
 			r.Post("/", api.postOrganizations)
 			r.Route("/{organization}", func(r chi.Router) {
@ -179,7 +174,7 @@ func New(options *Options) *API {
 			})
 		})
 		r.Route("/parameters/{scope}/{id}", func(r chi.Router) {
-			r.Use(apiKeyMiddleware, authRolesMiddleware)
+			r.Use(apiKeyMiddleware)
 			r.Post("/", api.postParameter)
 			r.Get("/", api.parameters)
 			r.Route("/{name}", func(r chi.Router) {
@ -189,7 +184,6 @@ func New(options *Options) *API {
 		r.Route("/templates/{template}", func(r chi.Router) {
 			r.Use(
 				apiKeyMiddleware,
-				authRolesMiddleware,
 				httpmw.ExtractTemplateParam(options.Database),
 			)

@ -204,7 +198,6 @@ func New(options *Options) *API {
 		r.Route("/templateversions/{templateversion}", func(r chi.Router) {
 			r.Use(
 				apiKeyMiddleware,
-				authRolesMiddleware,
 				httpmw.ExtractTemplateVersionParam(options.Database),
 			)

@ -229,7 +222,6 @@ func New(options *Options) *API {
 			r.Group(func(r chi.Router) {
 				r.Use(
 					apiKeyMiddleware,
-					authRolesMiddleware,
 				)
 				r.Post("/", api.postUser)
 				r.Get("/", api.users)
@ -244,7 +236,7 @@ func New(options *Options) *API {
 					r.Put("/profile", api.putUserProfile)
 					r.Route("/status", func(r chi.Router) {
 						r.Put("/suspend", api.putUserStatus(database.UserStatusSuspended))
-						r.Put("/active", api.putUserStatus(database.UserStatusActive))
+						r.Put("/activate", api.putUserStatus(database.UserStatusActive))
 					})
 					r.Route("/password", func(r chi.Router) {
 						r.Put("/", api.putUserPassword)
@ -292,7 +284,6 @@ func New(options *Options) *API {
 		r.Route("/workspaceresources/{workspaceresource}", func(r chi.Router) {
 			r.Use(
 				apiKeyMiddleware,
-				authRolesMiddleware,
 				httpmw.ExtractWorkspaceResourceParam(options.Database),
 				httpmw.ExtractWorkspaceParam(options.Database),
 			)
@ -301,7 +292,6 @@ func New(options *Options) *API {
 		r.Route("/workspaces", func(r chi.Router) {
 			r.Use(
 				apiKeyMiddleware,
-				authRolesMiddleware,
 			)
 			r.Get("/", api.workspaces)
 			r.Route("/{workspace}", func(r chi.Router) {
@ -327,7 +317,6 @@ func New(options *Options) *API {
 		r.Route("/workspacebuilds/{workspacebuild}", func(r chi.Router) {
 			r.Use(
 				apiKeyMiddleware,
-				authRolesMiddleware,
 				httpmw.ExtractWorkspaceBuildParam(options.Database),
 				httpmw.ExtractWorkspaceParam(options.Database),
 			)