synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: remove refresh oauth logic on OIDC login (#8950)

Browse Source 
* fix: do not do oauth refresh logic on oidc login
This commit is contained in:
Steven Masley
2023-08-08 10:05:12 -05:00
committed by GitHub
parent 1d4a72f43f
commit 5339a31532
6 changed files with 217 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
coderd/userauth.go
View File

@ -1427,7 +1427,8 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
}
var key database.APIKey
if oldKey, ok := httpmw.APIKeyOptional(r); ok && isConvertLoginType {
oldKey, _, ok := httpmw.APIKeyFromRequest(ctx, api.Database, nil, r)
if ok && oldKey != nil && isConvertLoginType {
// If this is a convert login type, and it succeeds, then delete the old
// session. Force the user to log back in.
err := api.Database.DeleteAPIKeyByID(r.Context(), oldKey.ID)
@ -1447,7 +1448,9 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
Secure: api.SecureAuthCookie,
HttpOnly: true,
})
key = oldKey
// This is intentional setting the key to the deleted old key,
// as the user needs to be forced to log back in.
key = *oldKey
} else {
//nolint:gocritic
cookie, newKey, err := api.createAPIKey(dbauthz.AsSystemRestricted(ctx), apikey.CreateParams{