synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: nil ptr deref when removing OIDC from deployment and accessing old users (#17501)

Browse Source 
If OIDC is removed from a deployment, trying to create a workspace for a previous user
on OIDC would panic.
This commit is contained in:
Steven Masley
2025-04-23 08:45:26 -05:00
committed by GitHub
parent c106aee0d6
commit 71dbd0c888
2 changed files with 51 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
coderd/workspaces_test.go
View File

@ -4349,3 +4349,51 @@ func TestWorkspaceTimings(t *testing.T) {
require.Contains(t, err.Error(), "not found")
})
}
// TestOIDCRemoved emulates a user logging in with OIDC, then that OIDC
// auth method being removed.
func TestOIDCRemoved(t *testing.T) {
t.Parallel()
owner, db := coderdtest.NewWithDatabase(t, &coderdtest.Options{
IncludeProvisionerDaemon: true,
})
first := coderdtest.CreateFirstUser(t, owner)
user, userData := coderdtest.CreateAnotherUser(t, owner, first.OrganizationID, rbac.ScopedRoleOrgAdmin(first.OrganizationID))
ctx := testutil.Context(t, testutil.WaitMedium)
//nolint:gocritic // unit test
_, err := db.UpdateUserLoginType(dbauthz.AsSystemRestricted(ctx), database.UpdateUserLoginTypeParams{
NewLoginType: database.LoginTypeOIDC,
UserID: userData.ID,
})
require.NoError(t, err)
//nolint:gocritic // unit test
_, err = db.InsertUserLink(dbauthz.AsSystemRestricted(ctx), database.InsertUserLinkParams{
UserID: userData.ID,
LoginType: database.LoginTypeOIDC,
LinkedID: "random",
OAuthAccessToken: "foobar",
OAuthAccessTokenKeyID: sql.NullString{},
OAuthRefreshToken: "refresh",
OAuthRefreshTokenKeyID: sql.NullString{},
OAuthExpiry: time.Now().Add(time.Hour * -1),
Claims: database.UserLinkClaims{},
})
require.NoError(t, err)
version := coderdtest.CreateTemplateVersion(t, owner, first.OrganizationID, nil)
_ = coderdtest.AwaitTemplateVersionJobCompleted(t, owner, version.ID)
template := coderdtest.CreateTemplate(t, owner, first.OrganizationID, version.ID)
wrk := coderdtest.CreateWorkspace(t, user, template.ID)
coderdtest.AwaitWorkspaceBuildJobCompleted(t, owner, wrk.LatestBuild.ID)
deleteBuild, err := owner.CreateWorkspaceBuild(ctx, wrk.ID, codersdk.CreateWorkspaceBuildRequest{
Transition: codersdk.WorkspaceTransitionDelete,
})
require.NoError(t, err, "delete the workspace")
coderdtest.AwaitWorkspaceBuildJobCompleted(t, owner, deleteBuild.ID)
}