synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-12 00:14:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2f42b6418209f72488122661282e48488d9dfddc
coder/coderd/httpmw
History
Thomas Kosiewski 3dcd2acf1d fix: return 404 instead of 401 for missing OAuth2 apps (#18755) 
## Problem

Users were being automatically logged out when deleting OAuth2
applications.

## Root Cause

1. User deletes OAuth2 app successfully
2. React Query automatically refetches the app data  
3. Management API incorrectly returned **401 Unauthorized** for the
missing app
4. Frontend axios interceptor sees 401 and calls `signOut()`
5. User gets logged out unexpectedly

## Solution

- Change management API to return **404 Not Found** for missing OAuth2
apps
- OAuth2 protocol endpoints continue returning 401 per RFC 6749
- Rename `writeInvalidClient` to `writeClientNotFound` for clarity

## Additional Changes

- Add conditional OAuth2 navigation when experiment is enabled or in dev
builds
- Add `isDevBuild()` utility and `buildInfo` to dashboard context
- Minor improvements to format script and warning dialogs

Signed-off-by: Thomas Kosiewski <tk@coder.com>
2025-07-07 19:57:32 +02:00
..
loggermw
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
patternmatcher
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
actor_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
actor.go
feat: implement provisioner auth middleware and proper org params (#12330)
2024-03-04 15:15:41 -06:00
apikey_test.go
chore: ensure proper rbac permissions on 'Acquire' file in the cache (#18348)
2025-06-16 13:40:45 +00:00
apikey.go
feat: implement RFC 6750 Bearer token authentication (#18644)
2025-07-02 19:14:54 +02:00
authorize_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
authz_test.go
fix: exit reset password request before passwords are compared (#13856)
2024-07-09 14:28:39 -05:00
authz.go
chore: avoid depending on rbac in slim builds (#17959)
2025-05-22 19:48:23 +10:00
clitelemetry.go
refactor(coderd/telemetry): move CLI telemetry to cli/telemetry (#9517)
2023-09-04 21:42:45 +03:00
cors_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
cors.go
chore: update golang to 1.24.1 (#17035)
2025-03-26 01:56:39 -05:00
csp_test.go
chore: remove ai tasks from experiment (#18511)
2025-06-24 16:24:01 +02:00
csp.go
chore: remove ai tasks from experiment (#18511)
2025-06-24 16:24:01 +02:00
csrf_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
csrf.go
feat: implement RFC 6750 Bearer token authentication (#18644)
2025-07-02 19:14:54 +02:00
experiments.go
feat: add MCP HTTP server experiment and improve experiment middleware (#18712)
2025-07-03 20:09:18 +02:00
externalauthparam_test.go
chore: move /gitauth to /externalauth on the frontend (#9954)
2023-09-30 14:30:01 -05:00
externalauthparam.go
chore: move /gitauth to /externalauth on the frontend (#9954)
2023-09-30 14:30:01 -05:00
groupparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
groupparam.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
hsts_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
hsts.go
chore: enable exhaustruct linter (#8403)
2023-07-11 14:30:33 +01:00
httpmw_internal_test.go
feat: oauth2 - add RFC 8707 resource indicators and audience validation (#18575)
2025-07-02 17:49:00 +02:00
httpmw.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
notificationtemplateparam.go
feat: add notification preferences database & audit support (#14100)
2024-08-05 16:18:45 +02:00
oauth2_test.go
chore: add custom samesite options to auth cookies (#16885)
2025-04-08 14:15:14 -05:00
oauth2.go
fix: return 404 instead of 401 for missing OAuth2 apps (#18755)
2025-07-07 19:57:32 +02:00
organizationparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
organizationparam.go
feat: allow TemplateAdmin to delete prebuilds via auth layer (#18333)
2025-06-20 17:36:32 +01:00
prometheus_test.go
chore: add missing prometheus tests for UNKNOWN/STATIC paths (#17446)
2025-04-17 13:50:18 +02:00
prometheus.go
feat: add path & method labels to prometheus metrics for current requests (#17362)
2025-04-16 11:10:39 +02:00
provisionerdaemon.go
chore: improve testing coverage on ExtractProvisionerDaemonAuthenticated middleware (#15622)
2024-11-26 04:02:20 +01:00
provisionerkey.go
chore: add provisioner key crud apis (#13857)
2024-07-16 13:27:12 -04:00
ratelimit_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
ratelimit.go
chore: ensure proper rbac permissions on 'Acquire' file in the cache (#18348)
2025-06-16 13:40:45 +00:00
realip_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
realip.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
recover_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
recover.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
requestid_test.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
requestid.go
feat: add request_id to HTTP trace spans (#10145)
2023-10-09 14:05:10 -05:00
rfc6750_extended_test.go
feat: implement RFC 6750 Bearer token authentication (#18644)
2025-07-02 19:14:54 +02:00
rfc6750_test.go
feat: implement RFC 6750 Bearer token authentication (#18644)
2025-07-02 19:14:54 +02:00
templateparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
templateparam.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
templateversionparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
templateversionparam.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
userparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
userparam.go
feat: remove site wide perms from creating a workspace (#17296)
2025-04-09 14:35:43 -05:00
workspaceagent_test.go
chore: join owner, template, and org in new workspace view (#15116)
2024-10-22 09:20:54 -05:00
workspaceagent.go
feat: add API key scope to restrict access to user data (#17692)
2025-05-15 15:32:52 +01:00
workspaceagentparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
workspaceagentparam.go
feat: extend request logs with auth & DB info (#17304)
2025-04-15 13:27:23 +02:00
workspacebuildparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
workspacebuildparam.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
workspaceparam_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
workspaceparam.go
feat: extend request logs with auth & DB info (#17304)
2025-04-15 13:27:23 +02:00
workspaceproxy_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
workspaceproxy.go
ci: bump the github-actions group with 4 updates (#15359)
2024-11-05 19:43:41 +11:00
workspaceresourceparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
workspaceresourceparam.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00