synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,341 Commits 363 Branches 234 Tags
main
Commit Graph

31 Commits

Author SHA1 Message Date
ケイラ
09cc906981 chore: remove unnecessary redeclarations in for loops (part 2) (#18593) 2025-06-26 12:28:00 -06:00
Jon Ayers
17ddee05e5 chore: update golang to 1.24.1 (#17035) 
- Update go.mod to use Go 1.24.1
- Update GitHub Actions setup-go action to use Go 1.24.1
- Fix linting issues with golangci-lint by:
  - Updating to golangci-lint v1.57.1 (more compatible with Go 1.24.1)

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>

---------

Co-authored-by: Claude <claude@anthropic.com>
 2025-03-26 01:56:39 -05:00
Cian Johnston
e744cde86f fix(coderd): ensure that clearing invalid oauth refresh tokens works with dbcrypt (#15721) 
https://github.com/coder/coder/pull/15608 introduced a buggy behaviour
with dbcrypt enabled.
When clearing an oauth refresh token, we had been setting the value to
the empty string.
The database encryption package considers decrypting an empty string to
be an error, as an empty encrypted string value will still have a nonce
associated with it and thus not actually be empty when stored at rest.

Instead of 'deleting' the refresh token, 'update' it to be the empty
string.
This plays nicely with dbcrypt.

It also adds a 'utility test' in the dbcrypt package to help encrypt a
value. This was useful when manually fixing users affected by this bug
on our dogfood instance.
 2024-12-03 13:26:31 -06:00
Steven Masley
78f9f43c97 chore: do not refresh tokens that have already failed refreshing (#15608) 
Once a token refresh fails, we remove the `oauth_refresh_token` from the
database. This will prevent the token from hitting the IDP for
subsequent refresh attempts.

Without this change, a bad script can cause a failing token to hit a
remote IDP repeatedly with each `git` operation. With this change, after
the first hit, subsequent hits will fail locally, and never contact the
IDP.

The solution in both cases is to authenticate the external auth link. So
the resolution is the same as before.
 2024-11-20 20:13:07 -06:00
Ethan
01a904c133 feat(codersdk): export name validators (#14550) 
* feat(codersdk): export name validators

* review
 2024-09-04 18:17:53 +10:00
Kyle Carberry
6e36082b0f chore: add github.com user id association (#14045) 
* chore: add github.com user id association

This will eventually be used to show an indicator in the UI
to star the repository if you've been using Coder for a while
and have not starred the repo.

If you have, we'll never show a thing!

* gen

* Fix model query

* Fix linting

* Ignore auditing github.com user id

* Add test

* Fix gh url var name

* Update migration

* Update coderd/database/dbauthz/dbauthz.go

Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>

* Fix updating to when the token changes

* Fix migration

---------

Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
 2024-08-02 12:49:36 -04:00
Steven Masley
27f26910b6 chore: external auth validate response "Forbidden" should return invalid, not an error (#13446) 
* chore: add unit test to delete workspace from suspended user
* chore: account for forbidden as well as unauthorized response codes
 2024-06-03 13:16:51 -05:00
Steven Masley
24ba81930b chore: return failed refresh errors on external auth as string (was boolean) (#13402) 
* chore: return failed refresh errors on external auth

Failed refreshes should return errors. These errors are captured
as validate errors.
 2024-06-03 09:33:49 -05:00
Steven Masley
53f7e9e0a1 chore: dynamically determine gitlab external auth defaults (#13102) 
* chore: dynamically determine gitlab external auth defaults

Static defaults work for github cloud, but not self hosted.
Self hosted setups will now have sane defaults if omitted.
 2024-04-30 09:45:52 -05:00
Alex
320c2eac6f Entra External Auth for ADO (#12201) 2024-03-04 12:12:46 -06:00
Steven Masley
6b866b3f48 feat: set sane default for gitea external auth (#12306) 
* feat: external auth defaults for gitea

Add some sane defaults for gitea to make it easier to configure
 2024-02-26 12:35:18 -06:00
Steven Masley
d66e6e78ee fix: always attempt external auth refresh when fetching (#11762) (#11830) 
* fix: always attempt external auth refresh when fetching
* refactor validate to check expiry when considering "valid"
 2024-01-29 08:55:15 -06:00
Ammar Bandukwala
79568bf628 Revert "fix: always attempt external auth refresh when fetching (#11762)" 
This reverts commit 0befc0826a.
 2024-01-25 14:22:47 -06:00
Steven Masley
0befc0826a fix: always attempt external auth refresh when fetching (#11762) 
* fix: always attempt external auth refresh when fetching
* refactor validate to check expiry when considering "valid"
 2024-01-25 10:54:56 -06:00
Colin Adler
13beb04521 fix: disable keepalives in workspaceapps transport (#11789) 
Connection caching causes requests to hit the wrong workspaces. See
comment.

Fixes https://github.com/coder/coder/issues/11767
 2024-01-24 14:46:59 +10:00
Steven Masley
8e0a153725 chore: implement device auth flow for fake idp (#11707) 
* chore: implement device auth flow for fake idp
 2024-01-22 20:46:05 +00:00
Kayla Washburn-Love
80eac73ed1 chore: remove useLocalStorage hook (#11712) 2024-01-19 16:04:19 -07:00
Steven Masley
d67c9d1bb5 fix: set request header before do (#11706) 2024-01-19 16:14:08 +00:00
Steven Masley
ccfd1a561b chore: improve device handling error message (#11606) 2024-01-19 09:41:52 -06:00
Jon Ayers
aecdafdcf2 fix: fix template edit overriding with flag defaults (#11564) 2024-01-11 16:18:46 -06:00
Steven Masley
8b61ff3e0e fix: apply appropriate artifactory defaults for external auth (#11580) 2024-01-11 11:58:27 -06:00
Steven Masley
04afb88e6f fix: return a more sophisticated error for device failure on 429 (#11554) 
* fix: return a more sophisticated error for device failure on 429
 2024-01-10 11:29:44 -06:00
Steven Masley
3f9da674c6 chore: instrument github oauth2 limits (#11532) 
* chore: instrument github oauth2 limits

Rate limit information for github oauth2 providers instrumented in prometheus
 2024-01-10 15:29:33 +00:00
Steven Masley
50b78e3325 chore: instrument external oauth2 requests (#11519) 
* chore: instrument external oauth2 requests

External requests made by oauth2 configs are now instrumented into prometheus metrics.
 2024-01-10 09:13:30 -06:00
Steven Masley
aded7b1513 feat: implement bitbucket-server external auth defaults (#10520) 
* feat: implement bitbucket-server external auth defaults

Bitbucket cloud != Bitbucket server
Add reasonable defaults for server

* change "bitbucket" to "bitbucket-cloud"
 2023-11-08 11:05:51 -06:00
Kyle Carberry
7162dc7e14 fix: use DefaultTransport in exchangeWithClientSecret if nil (#10551) 2023-11-06 16:55:00 +00:00
Kyle Carberry
bb4ce87242 fix: add support for custom auth header with client secret (#10513) 
This fixes OAuth2 with JFrog Artifactory.
 2023-11-03 16:26:30 +00:00
Kyle Carberry
a61f8ee45c fix: apply default ExtraTokenKeys to oauth (#10155) 2023-10-09 22:11:05 -05:00
Kyle Carberry
863c2e7b64 feat: allow storing extra oauth token properties in the database (#10152) 2023-10-09 18:49:30 -05:00
Kyle Carberry
eeab33b1c3 fix: do not require client_secret for external auth providers (#10016) 
Device-based auth does not need a client secret.
 2023-10-03 14:29:34 +00:00
Kyle Carberry
45b53c285f feat: allow external services to be authable (#9996) 
* feat: allow external services to be authable

* Refactor external auth config structure for defaults

* Add support for new config properties

* Change the name of external auth

* Move externalauth -> external-auth

* Run gen

* Fix tests

* Fix MW tests

* Fix git auth redirect

* Fix lint

* Fix name

* Allow any ID

* Fix invalid type test

* Fix e2e tests

* Fix comments

* Fix colors

* Allow accepting any type as string

* Run gen

* Fix href
 2023-10-03 14:04:39 +00:00