fix: Protect codersdk.Client SessionToken so it can be updated (#4965)

This feature is used by the coder agent to exchange a new token. By protecting the SessionToken via mutex we ensure there are no data races when accessing it.
2025-07-03 16:13:58 +00:00 · 2022-11-09 15:31:24 +02:00
parent 8cadb33396
commit 26ab0d37c1
25 changed files with 82 additions and 64 deletions
--- a/coderd/workspaceapps_test.go
+++ b/coderd/workspaceapps_test.go
@ -197,7 +197,7 @@ func createWorkspaceWithApps(t *testing.T, client *codersdk.Client, orgID uuid.U
 	coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID)

 	agentClient := codersdk.New(client.URL)
-	agentClient.SessionToken = authToken
+	agentClient.SetSessionToken(authToken)
 	if appHost != "" {
 		metadata, err := agentClient.WorkspaceAgentMetadata(context.Background())
 		require.NoError(t, err)
@ -350,7 +350,7 @@ func TestWorkspaceApplicationAuth(t *testing.T) {
 		// Get the current user and API key.
 		user, err := client.User(ctx, codersdk.Me)
 		require.NoError(t, err)
-		currentAPIKey, err := client.GetAPIKey(ctx, firstUser.UserID.String(), strings.Split(client.SessionToken, "-")[0])
+		currentAPIKey, err := client.GetAPIKey(ctx, firstUser.UserID.String(), strings.Split(client.SessionToken(), "-")[0])
 		require.NoError(t, err)

 		// Try to load the application without authentication.
@ -418,7 +418,7 @@ func TestWorkspaceApplicationAuth(t *testing.T) {

 		// Verify the API key permissions
 		appClient := codersdk.New(client.URL)
-		appClient.SessionToken = apiKey
+		appClient.SetSessionToken(apiKey)
 		appClient.HTTPClient.CheckRedirect = client.HTTPClient.CheckRedirect
 		appClient.HTTPClient.Transport = client.HTTPClient.Transport

@ -893,7 +893,7 @@ func TestAppSharing(t *testing.T) {
 			Password: password,
 		})
 		require.NoError(t, err)
-		clientInOtherOrg.SessionToken = loginRes.SessionToken
+		clientInOtherOrg.SetSessionToken(loginRes.SessionToken)
 		clientInOtherOrg.HTTPClient.CheckRedirect = func(req *http.Request, via []*http.Request) error {
 			return http.ErrUseLastResponse
 		}
@ -916,14 +916,14 @@ func TestAppSharing(t *testing.T) {
 		// If the client has a session token, we also want to check that a
 		// scoped key works.
 		clients := []*codersdk.Client{client}
-		if client.SessionToken != "" {
+		if client.SessionToken() != "" {
 			token, err := client.CreateToken(ctx, codersdk.Me, codersdk.CreateTokenRequest{
 				Scope: codersdk.APIKeyScopeApplicationConnect,
 			})
 			require.NoError(t, err)

 			scopedClient := codersdk.New(client.URL)
-			scopedClient.SessionToken = token.Key
+			scopedClient.SetSessionToken(token.Key)
 			scopedClient.HTTPClient.CheckRedirect = client.HTTPClient.CheckRedirect

 			clients = append(clients, scopedClient)