fix: remove authentication requirement for /users/login (#5717)

This was noticed by a member of our Discord being incorrectly documented! https://discord.com/channels/747933592273027093/1063494965130432632/1063503805016182875
2025-07-08 11:39:50 +00:00 · 2023-01-29 20:46:04 -06:00
parent f5db4bc8be
commit 896158c352
5 changed files with 3 additions and 16 deletions
--- a/coderd/apidoc/docs.go
+++ b/coderd/apidoc/docs.go
@ -2865,11 +2865,6 @@ const docTemplate = `{
        },
        "/users/login": {
            "post": {
-                "security": [
-                    {
-                        "CoderSessionToken": []
-                    }
-                ],
                "consumes": [
                    "application/json"
                ],
--- a/coderd/apidoc/swagger.json
+++ b/coderd/apidoc/swagger.json
@ -2517,11 +2517,6 @@
    },
    "/users/login": {
      "post": {
-        "security": [
-          {
-            "CoderSessionToken": []
-          }
-        ],
        "consumes": ["application/json"],
        "produces": ["application/json"],
        "tags": ["Authorization"],
--- a/coderd/coderdtest/swaggerparser.go
+++ b/coderd/coderdtest/swaggerparser.go
@ -297,7 +297,8 @@ func assertPathParametersDefined(t *testing.T, comment SwaggerComment) {
 func assertSecurityDefined(t *testing.T, comment SwaggerComment) {
 	if comment.router == "/updatecheck" ||
 		comment.router == "/buildinfo" ||
-		comment.router == "/" {
+		comment.router == "/" ||
+		comment.router == "/users/login" {
 		return // endpoints do not require authorization
 	}
 	assert.Equal(t, "CoderSessionToken", comment.security, "@Security must be equal CoderSessionToken")
--- a/coderd/users.go
+++ b/coderd/users.go
@ -988,7 +988,6 @@ func (api *API) organizationByUserAndName(rw http.ResponseWriter, r *http.Reques
 //
 // @Summary Log in user
 // @ID log-in-user
-// @Security CoderSessionToken
 // @Accept json
 // @Produce json
 // @Tags Authorization