fix: use transaction context in OIDC/LDAP SetAuthToken

[harry-anderson]

Summary

Fixes two bugs in SetAuthToken for both OIDC and LDAP authentication:

1. Transaction bypass: SQL operations inside sqlutil.TransactDataSource were using the outer oi.ds/l.ds datasource instead of the tx transaction parameter. This means DELETE and INSERT run outside the transaction, so a failed INSERT leaves the old token deleted with no replacement.

2. OIDC SQL column mismatch: The INSERT statement specified 6 columns but the VALUES clause had 7 entries ($1 through $6 plus now()). With only 5 Go arguments provided, $5 receives hashedSecret and $6 is unbound. PostgreSQL rejects this with a parameter count error.

Changes

core/sessions/oidcauth/oidc.go

• oi.ds.ExecContext -> tx.ExecContext for DELETE and INSERT in SetAuthToken
• Fix VALUES clause: $1, $2, $3, $4, $5, $6, now() -> $1, $2, $3, $4, $5, now() (5 placeholders for 5 args + now() for 6 columns)

core/sessions/ldapauth/ldap.go

• l.ds.QueryRowxContext -> tx.QueryRowxContext for SELECT in SetAuthToken
• l.ds.ExecContext -> tx.ExecContext for DELETE and INSERT in SetAuthToken

Test plan

• Existing OIDC/LDAP auth tests pass
• SetAuthToken succeeds for OIDC users (was always failing due to SQL error)
• SetAuthToken rolls back cleanly on INSERT failure (transaction integrity)

[github-actions]

I see you updated files related to core. Please run make gocs in the root directory to add a changeset as well as in the text include at least one of the following tags:

• #added For any new functionality added.
• #breaking_change For any functionality that requires manual action for the node to boot.
• #bugfix For bug fixes.
• #changed For any change to the existing functionality.
• #db_update For any feature that introduces updates to database schema.
• #deprecation_notice For any upcoming deprecation functionality.
• #internal For changesets that need to be excluded from the final changelog.
• #nops For any feature that is NOP facing and needs to be in the official Release Notes for the release.
• #removed For any functionality/config that is removed.
• #updated For any functionality that is updated.
• #wip For any change that is not ready yet and external communication about it should be held off till it is feature complete.

[github-actions]

✅ No conflicts with other open PRs targeting develop

[cl-sonarqube-production]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

[trunk-io]

     

View Full Report ↗︎ ⋅ Docs