coder
diff --git a/‎coderd/apikey.go
Lines changed: 11 additions & 11 deletions b/‎coderd/apikey.go
Lines changed: 11 additions & 11 deletions
diff --git a/‎coderd/apikey/apikey.go
Lines changed: 7 additions & 6 deletions b/‎coderd/apikey/apikey.go
Lines changed: 7 additions & 6 deletions
diff --git a/‎coderd/coderdtest/oidctest/helper.go
Lines changed: 25 additions & 17 deletions b/‎coderd/coderdtest/oidctest/helper.go
Lines changed: 25 additions & 17 deletions
diff --git a/‎coderd/coderdtest/oidctest/idp.go
Lines changed: 3 additions & 1 deletion b/‎coderd/coderdtest/oidctest/idp.go
Lines changed: 3 additions & 1 deletion
diff --git a/‎coderd/provisionerdserver/provisionerdserver.go
Lines changed: 5 additions & 5 deletions b/‎coderd/provisionerdserver/provisionerdserver.go
Lines changed: 5 additions & 5 deletions
diff --git a/‎coderd/userauth.go
Lines changed: 8 additions & 8 deletions b/‎coderd/userauth.go
Lines changed: 8 additions & 8 deletions
diff --git a/‎coderd/workspaceapps.go
Lines changed: 6 additions & 6 deletions b/‎coderd/workspaceapps.go
Lines changed: 6 additions & 6 deletions
diff --git a/‎enterprise/coderd/coderd.go
Lines changed: 1 addition & 1 deletion b/‎enterprise/coderd/coderd.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎enterprise/coderd/groups_test.go
Lines changed: 1 addition & 1 deletion b/‎enterprise/coderd/groups_test.go
Lines changed: 1 addition & 1 deletion
@@ -82,13 +82,13 @@ func (api *API) postToken(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	cookie, key, err := api.createAPIKey(ctx, apikey.CreateParams{
-		UserID:           user.ID,
-		LoginType:        database.LoginTypeToken,
-		DeploymentValues: api.DeploymentValues,
-		ExpiresAt:        dbtime.Now().Add(lifeTime),
-		Scope:            scope,
-		LifetimeSeconds:  int64(lifeTime.Seconds()),
-		TokenName:        tokenName,
+		UserID:          user.ID,
+		LoginType:       database.LoginTypeToken,
+		DefaultLifetime: api.DeploymentValues.SessionDuration.Value(),
+		ExpiresAt:       dbtime.Now().Add(lifeTime),
+		Scope:           scope,
+		LifetimeSeconds: int64(lifeTime.Seconds()),
+		TokenName:       tokenName,
 	})
 	if err != nil {
 		if database.IsUniqueViolation(err, database.UniqueIndexAPIKeyName) {
@@ -127,10 +127,10 @@ func (api *API) postAPIKey(rw http.ResponseWriter, r *http.Request) {
 
 	lifeTime := time.Hour * 24 * 7
 	cookie, _, err := api.createAPIKey(ctx, apikey.CreateParams{
-		UserID:           user.ID,
-		DeploymentValues: api.DeploymentValues,
-		LoginType:        database.LoginTypePassword,
-		RemoteAddr:       r.RemoteAddr,
+		UserID:          user.ID,
+		DefaultLifetime: api.DeploymentValues.SessionDuration.Value(),
+		LoginType:       database.LoginTypePassword,
+		RemoteAddr:      r.RemoteAddr,
 		// All api generated keys will last 1 week. Browser login tokens have
 		// a shorter life.
 		ExpiresAt:       dbtime.Now().Add(lifeTime),
 
@@ -12,14 +12,15 @@ import (
 
 	"github.com/coder/coder/v2/coderd/database"
 	"github.com/coder/coder/v2/coderd/database/dbtime"
-	"github.com/coder/coder/v2/codersdk"
 	"github.com/coder/coder/v2/cryptorand"
 )
 
 type CreateParams struct {
-	UserID           uuid.UUID
-	LoginType        database.LoginType
-	DeploymentValues *codersdk.DeploymentValues
+	UserID    uuid.UUID
+	LoginType database.LoginType
+	// DefaultLifetime is configured in DeploymentValues.
+	// It is used if LifetimeSeconds is not set.
+	DefaultLifetime time.Duration
 
 	// Optional.
 	ExpiresAt       time.Time
@@ -46,8 +47,8 @@ func Generate(params CreateParams) (database.InsertAPIKeyParams, string, error)
 		if params.LifetimeSeconds != 0 {
 			params.ExpiresAt = dbtime.Now().Add(time.Duration(params.LifetimeSeconds) * time.Second)
 		} else {
-			params.ExpiresAt = dbtime.Now().Add(params.DeploymentValues.SessionDuration.Value())
-			params.LifetimeSeconds = int64(params.DeploymentValues.SessionDuration.Value().Seconds())
+			params.ExpiresAt = dbtime.Now().Add(params.DefaultLifetime)
+			params.LifetimeSeconds = int64(params.DefaultLifetime.Seconds())
 		}
 	}
 	if params.LifetimeSeconds == 0 {
 
@@ -4,14 +4,15 @@ import (
 	"context"
 	"database/sql"
 	"encoding/json"
+	"fmt"
 	"net/http"
-	"net/http/httputil"
 	"net/url"
 	"testing"
 	"time"
 
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/stretchr/testify/require"
+	"golang.org/x/xerrors"
 
 	"github.com/coder/coder/v2/coderd/database"
 	"github.com/coder/coder/v2/coderd/database/dbauthz"
@@ -124,36 +125,43 @@ func (h *LoginHelper) ForceRefresh(t *testing.T, db database.Store, user *coders
 // actual requests.
 //
 // TODO: Is state param optional? Can we grab it from the authURL?
-func OAuth2GetCode(t testing.TB, authURL string, state string, doRequest func(req *http.Request) (*http.Response, error)) string {
-	t.Helper()
-
+func OAuth2GetCode(authURL string, state string, doRequest func(req *http.Request) (*http.Response, error)) (string, error) {
 	// We need to store some claims, because this is also an OIDC provider, and
 	// it expects some claims to be present.
 	// TODO: POST or GET method?
 	r, err := http.NewRequestWithContext(context.Background(), http.MethodGet, authURL, nil)
-	require.NoError(t, err, "failed to create auth request")
+	if err != nil {
+		return "", xerrors.Errorf("failed to create auth request: %w", err)
+	}
 
 	expCode := http.StatusTemporaryRedirect
 	resp, err := doRequest(r)
-	if err == nil && resp.StatusCode != expCode {
-		data, _ := httputil.DumpResponse(resp, true)
-		t.Log("Auth URL", authURL)
-		t.Log("HTTP Response Dump", string(data))
+	if err != nil {
+		return "", xerrors.Errorf("request: %w", err)
+	}
+
+	if resp.StatusCode != expCode {
+		return "", codersdk.ReadBodyAsError(resp)
 	}
-	require.NoError(t, err, "request failed")
 
-	require.Equal(t, expCode, resp.StatusCode, "expected redirect")
 	to := resp.Header.Get("Location")
-	require.NotEmpty(t, to, "expected redirect location")
+	if to == "" {
+		return "", xerrors.Errorf("expected redirect location")
+	}
 
 	toURL, err := url.Parse(to)
-	require.NoError(t, err, "failed to parse redirect location")
+	if err != nil {
+		return "", xerrors.Errorf("failed to parse redirect location: %w", err)
+	}
 
 	code := toURL.Query().Get("code")
-	require.NotEmpty(t, code, "expected code in redirect location")
+	if code == "" {
+		return "", xerrors.Errorf("expected code in redirect location")
+	}
 
 	newState := toURL.Query().Get("state")
-	require.Equal(t, state, newState, "expected state to match")
-
-	return code
+	if newState != state {
+		return "", fmt.Errorf("expected state %q, got %q", state, newState)
+	}
+	return code, nil
 }
@@ -429,12 +429,14 @@ func (f *FakeIDP) CreateAuthCode(t testing.TB, state string, opts ...func(r *htt
 	// it expects some claims to be present.
 	f.stateToIDTokenClaims.Store(state, jwt.MapClaims{})
 
-	return OAuth2GetCode(t, f.cfg.AuthCodeURL(state), state, func(req *http.Request) (*http.Response, error) {
+	code, err := OAuth2GetCode(f.cfg.AuthCodeURL(state), state, func(req *http.Request) (*http.Response, error) {
 		rw := httptest.NewRecorder()
 		f.handler.ServeHTTP(rw, req)
 		resp := rw.Result()
 		return resp, nil
 	})
+	require.NoError(t, err, "failed to get auth code")
+	return code
 }
 
 // OIDCCallback will emulate the IDP redirecting back to the Coder callback.
 
@@ -1682,11 +1682,11 @@ func workspaceSessionTokenName(workspace database.Workspace) string {
 
 func (s *server) regenerateSessionToken(ctx context.Context, user database.User, workspace database.Workspace) (string, error) {
 	newkey, sessionToken, err := apikey.Generate(apikey.CreateParams{
-		UserID:           user.ID,
-		LoginType:        user.LoginType,
-		DeploymentValues: s.DeploymentValues,
-		TokenName:        workspaceSessionTokenName(workspace),
-		LifetimeSeconds:  int64(s.DeploymentValues.MaxTokenLifetime.Value().Seconds()),
+		UserID:          user.ID,
+		LoginType:       user.LoginType,
+		DefaultLifetime: s.DeploymentValues.SessionDuration.Value(),
+		TokenName:       workspaceSessionTokenName(workspace),
+		LifetimeSeconds: int64(s.DeploymentValues.MaxTokenLifetime.Value().Seconds()),
 	})
 	if err != nil {
 		return "", xerrors.Errorf("generate API key: %w", err)
 
@@ -247,10 +247,10 @@ func (api *API) postLogin(rw http.ResponseWriter, r *http.Request) {
 
 	//nolint:gocritic // Creating the API key as the user instead of as system.
 	cookie, key, err := api.createAPIKey(dbauthz.As(ctx, userSubj), apikey.CreateParams{
-		UserID:           user.ID,
-		LoginType:        database.LoginTypePassword,
-		RemoteAddr:       r.RemoteAddr,
-		DeploymentValues: api.DeploymentValues,
+		UserID:          user.ID,
+		LoginType:       database.LoginTypePassword,
+		RemoteAddr:      r.RemoteAddr,
+		DefaultLifetime: api.DeploymentValues.SessionDuration.Value(),
 	})
 	if err != nil {
 		logger.Error(ctx, "unable to create API key", slog.Error(err))
@@ -1544,10 +1544,10 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
 	} else {
 		//nolint:gocritic
 		cookie, newKey, err := api.createAPIKey(dbauthz.AsSystemRestricted(ctx), apikey.CreateParams{
-			UserID:           user.ID,
-			LoginType:        params.LoginType,
-			DeploymentValues: api.DeploymentValues,
-			RemoteAddr:       r.RemoteAddr,
+			UserID:          user.ID,
+			LoginType:       params.LoginType,
+			DefaultLifetime: api.DeploymentValues.SessionDuration.Value(),
+			RemoteAddr:      r.RemoteAddr,
 		})
 		if err != nil {
 			return nil, database.APIKey{}, xerrors.Errorf("create API key: %w", err)
 
@@ -112,12 +112,12 @@ func (api *API) workspaceApplicationAuth(rw http.ResponseWriter, r *http.Request
 		lifetimeSeconds = int64(api.DeploymentValues.SessionDuration.Value().Seconds())
 	}
 	cookie, _, err := api.createAPIKey(ctx, apikey.CreateParams{
-		UserID:           apiKey.UserID,
-		LoginType:        database.LoginTypePassword,
-		DeploymentValues: api.DeploymentValues,
-		ExpiresAt:        exp,
-		LifetimeSeconds:  lifetimeSeconds,
-		Scope:            database.APIKeyScopeApplicationConnect,
+		UserID:          apiKey.UserID,
+		LoginType:       database.LoginTypePassword,
+		DefaultLifetime: api.DeploymentValues.SessionDuration.Value(),
+		ExpiresAt:       exp,
+		LifetimeSeconds: lifetimeSeconds,
+		Scope:           database.APIKeyScopeApplicationConnect,
 	})
 	if err != nil {
 		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
 
@@ -165,7 +165,7 @@ func New(ctx context.Context, options *Options) (_ *API, err error) {
 		r.Route("/login", func(r chi.Router) {
 			r.Route("/oauth2", func(r chi.Router) {
 				r.Get("/authorize", api.postOAuth2ProviderAppAuthorize())
-				r.Post("/tokens", api.postOAuth2ProviderAppToken)
+				r.Post("/tokens", api.postOAuth2ProviderAppToken())
 			})
 
 		})
 
@@ -799,7 +799,7 @@ func TestGroups(t *testing.T) {
 
 		groups, err := userAdminClient.GroupsByOrganization(ctx, user.OrganizationID)
 		require.NoError(t, err)
-		// 'Everyone' group + 2 custom groups.
+		// 'Everyone' group + 2 exchangeMutate groups.
 		require.Len(t, groups, 3)
 		require.Contains(t, groups, group1)
 		require.Contains(t, groups, group2)