fix: update oauth token on each login (#3542)

2022-08-17 23:06:03 -05:00 · 2022-08-17 23:06:03 -05:00 · 380022fe63
parent c3eea98db0
commit 380022fe63
2 changed files with 36 additions and 1 deletions
--- a/coderd/features_internal_test.go
+++ b/coderd/features_internal_test.go
@ -6,9 +6,10 @@ import (
 	"net/http/httptest"
 	"testing"

-	"github.com/coder/coder/codersdk"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+
+	"github.com/coder/coder/codersdk"
 )

 func TestEntitlements(t *testing.T) {
--- a/coderd/userauth.go
+++ b/coderd/userauth.go
@ -241,6 +241,23 @@ func (api *API) userOAuth2Github(rw http.ResponseWriter, r *http.Request) {
 		}
 	}

+	if link.UserID != uuid.Nil {
+		link, err = api.Database.UpdateUserLink(ctx, database.UpdateUserLinkParams{
+			UserID:            user.ID,
+			LoginType:         database.LoginTypeGithub,
+			OAuthAccessToken:  state.Token.AccessToken,
+			OAuthRefreshToken: state.Token.RefreshToken,
+			OAuthExpiry:       state.Token.Expiry,
+		})
+		if err != nil {
+			httpapi.Write(rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "A database error occurred.",
+				Detail:  fmt.Sprintf("update user link: %s", err.Error()),
+			})
+			return
+		}
+	}
+
 	_, created := api.createAPIKey(rw, r, createAPIKeyParams{
 		UserID:    user.ID,
 		LoginType: database.LoginTypeGithub,
@ -432,6 +449,23 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
 		}
 	}

+	if link.UserID != uuid.Nil {
+		link, err = api.Database.UpdateUserLink(ctx, database.UpdateUserLinkParams{
+			UserID:            user.ID,
+			LoginType:         database.LoginTypeOIDC,
+			OAuthAccessToken:  state.Token.AccessToken,
+			OAuthRefreshToken: state.Token.RefreshToken,
+			OAuthExpiry:       state.Token.Expiry,
+		})
+		if err != nil {
+			httpapi.Write(rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "A database error occurred.",
+				Detail:  fmt.Sprintf("update user link: %s", err.Error()),
+			})
+			return
+		}
+	}
+
 	// If the upstream email or username has changed we should mirror
 	// that in Coder. Many enterprises use a user's email/username as
 	// security auditing fields so they need to stay synced.