mirror of
https://github.com/Microsoft/vscode
synced 2024-08-27 04:49:35 +00:00
refactor github auth to be a bit simpler. Remove PAT for GitHub auth since Settings Sync doesn't allow for it and add timeout so that GitHub Auth is not stuck.
This commit is contained in:
parent
4ea225a1f0
commit
520fa49e68
|
@ -29,30 +29,6 @@
|
|||
}
|
||||
},
|
||||
"contributes": {
|
||||
"commands": [
|
||||
{
|
||||
"command": "github.provide-token",
|
||||
"title": "Manually Provide Token",
|
||||
"category": "GitHub"
|
||||
},
|
||||
{
|
||||
"command": "github-enterprise.provide-token",
|
||||
"title": "Manually Provide Token",
|
||||
"category": "GitHub Enterprise"
|
||||
}
|
||||
],
|
||||
"menus": {
|
||||
"commandPalette": [
|
||||
{
|
||||
"command": "github.provide-token",
|
||||
"when": "false"
|
||||
},
|
||||
{
|
||||
"command": "github-enterprise.provide-token",
|
||||
"when": "false"
|
||||
}
|
||||
]
|
||||
},
|
||||
"authentication": [
|
||||
{
|
||||
"label": "GitHub",
|
||||
|
|
|
@ -7,8 +7,8 @@
|
|||
// how we load it
|
||||
import type * as keytarType from 'keytar';
|
||||
import * as vscode from 'vscode';
|
||||
import Logger from './logger';
|
||||
import * as nls from 'vscode-nls';
|
||||
import { Log } from './logger';
|
||||
|
||||
const localize = nls.loadMessageBundle();
|
||||
|
||||
|
@ -29,13 +29,18 @@ export type Keytar = {
|
|||
};
|
||||
|
||||
export class Keychain {
|
||||
constructor(private context: vscode.ExtensionContext, private serviceId: string) { }
|
||||
constructor(
|
||||
private readonly context: vscode.ExtensionContext,
|
||||
private readonly serviceId: string,
|
||||
private readonly Logger: Log
|
||||
) { }
|
||||
|
||||
async setToken(token: string): Promise<void> {
|
||||
try {
|
||||
return await this.context.secrets.store(this.serviceId, token);
|
||||
} catch (e) {
|
||||
// Ignore
|
||||
Logger.error(`Setting token failed: ${e}`);
|
||||
this.Logger.error(`Setting token failed: ${e}`);
|
||||
const troubleshooting = localize('troubleshooting', "Troubleshooting Guide");
|
||||
const result = await vscode.window.showErrorMessage(localize('keychainWriteError', "Writing login information to the keychain failed with error '{0}'.", e.message), troubleshooting);
|
||||
if (result === troubleshooting) {
|
||||
|
@ -48,12 +53,12 @@ export class Keychain {
|
|||
try {
|
||||
const secret = await this.context.secrets.get(this.serviceId);
|
||||
if (secret && secret !== '[]') {
|
||||
Logger.trace('Token acquired from secret storage.');
|
||||
this.Logger.trace('Token acquired from secret storage.');
|
||||
}
|
||||
return secret;
|
||||
} catch (e) {
|
||||
// Ignore
|
||||
Logger.error(`Getting token failed: ${e}`);
|
||||
this.Logger.error(`Getting token failed: ${e}`);
|
||||
return Promise.resolve(undefined);
|
||||
}
|
||||
}
|
||||
|
@ -63,7 +68,7 @@ export class Keychain {
|
|||
return await this.context.secrets.delete(this.serviceId);
|
||||
} catch (e) {
|
||||
// Ignore
|
||||
Logger.error(`Deleting token failed: ${e}`);
|
||||
this.Logger.error(`Deleting token failed: ${e}`);
|
||||
return Promise.resolve(undefined);
|
||||
}
|
||||
}
|
||||
|
@ -77,7 +82,7 @@ export class Keychain {
|
|||
|
||||
const oldValue = await keytar.getPassword(`${vscode.env.uriScheme}-github.login`, 'account');
|
||||
if (oldValue) {
|
||||
Logger.trace('Attempting to migrate from keytar to secret store...');
|
||||
this.Logger.trace('Attempting to migrate from keytar to secret store...');
|
||||
await this.setToken(oldValue);
|
||||
await keytar.deletePassword(`${vscode.env.uriScheme}-github.login`, 'account');
|
||||
}
|
||||
|
|
|
@ -4,14 +4,16 @@
|
|||
*--------------------------------------------------------------------------------------------*/
|
||||
|
||||
import * as vscode from 'vscode';
|
||||
import { AuthProviderType } from '../github';
|
||||
|
||||
type LogLevel = 'Trace' | 'Info' | 'Error';
|
||||
|
||||
class Log {
|
||||
export class Log {
|
||||
private output: vscode.OutputChannel;
|
||||
|
||||
constructor() {
|
||||
this.output = vscode.window.createOutputChannel('GitHub Authentication');
|
||||
constructor(private readonly type: AuthProviderType) {
|
||||
const friendlyName = this.type === AuthProviderType.github ? 'GitHub' : 'GitHub Enterprise';
|
||||
this.output = vscode.window.createOutputChannel(`${friendlyName} Authentication`);
|
||||
}
|
||||
|
||||
private data2String(data: any): string {
|
||||
|
@ -54,6 +56,3 @@ class Log {
|
|||
function padLeft(s: string, n: number, pad = ' ') {
|
||||
return pad.repeat(Math.max(0, n - s.length)) + s;
|
||||
}
|
||||
|
||||
const Logger = new Log();
|
||||
export default Logger;
|
||||
|
|
|
@ -98,3 +98,21 @@ export function arrayEquals<T>(one: ReadonlyArray<T> | undefined, other: Readonl
|
|||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
export class StopWatch {
|
||||
|
||||
private _startTime: number = Date.now();
|
||||
private _stopTime: number = -1;
|
||||
|
||||
public stop(): void {
|
||||
this._stopTime = Date.now();
|
||||
}
|
||||
|
||||
public elapsed(): number {
|
||||
if (this._stopTime !== -1) {
|
||||
return this._stopTime - this._startTime;
|
||||
}
|
||||
return Date.now() - this._startTime;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -6,7 +6,21 @@
|
|||
import * as vscode from 'vscode';
|
||||
import { GitHubAuthenticationProvider, AuthProviderType } from './github';
|
||||
|
||||
export async function activate(context: vscode.ExtensionContext) {
|
||||
export function activate(context: vscode.ExtensionContext) {
|
||||
context.subscriptions.push(new GitHubAuthenticationProvider(context, AuthProviderType.github));
|
||||
context.subscriptions.push(new GitHubAuthenticationProvider(context, AuthProviderType.githubEnterprise));
|
||||
|
||||
let githubEnterpriseAuthProvider: GitHubAuthenticationProvider | undefined;
|
||||
if (vscode.workspace.getConfiguration().get<string>('github-enterprise.uri')) {
|
||||
githubEnterpriseAuthProvider = new GitHubAuthenticationProvider(context, AuthProviderType.githubEnterprise);
|
||||
context.subscriptions.push(githubEnterpriseAuthProvider);
|
||||
}
|
||||
|
||||
context.subscriptions.push(vscode.workspace.onDidChangeConfiguration(async e => {
|
||||
if (e.affectsConfiguration('github-enterprise.uri')) {
|
||||
if (!githubEnterpriseAuthProvider && vscode.workspace.getConfiguration().get<string>('github-enterprise.uri')) {
|
||||
githubEnterpriseAuthProvider = new GitHubAuthenticationProvider(context, AuthProviderType.githubEnterprise);
|
||||
context.subscriptions.push(githubEnterpriseAuthProvider);
|
||||
}
|
||||
}
|
||||
}));
|
||||
}
|
||||
|
|
|
@ -6,11 +6,11 @@
|
|||
import * as vscode from 'vscode';
|
||||
import { v4 as uuid } from 'uuid';
|
||||
import { Keychain } from './common/keychain';
|
||||
import { GitHubServer, uriHandler } from './githubServer';
|
||||
import Logger from './common/logger';
|
||||
import { GitHubEnterpriseServer, GitHubServer, IGitHubServer } from './githubServer';
|
||||
import { arrayEquals } from './common/utils';
|
||||
import { ExperimentationTelemetry } from './experimentationService';
|
||||
import TelemetryReporter from 'vscode-extension-telemetry';
|
||||
import { Log } from './common/logger';
|
||||
|
||||
interface SessionData {
|
||||
id: string;
|
||||
|
@ -30,29 +30,31 @@ export enum AuthProviderType {
|
|||
|
||||
export class GitHubAuthenticationProvider implements vscode.AuthenticationProvider, vscode.Disposable {
|
||||
private _sessionChangeEmitter = new vscode.EventEmitter<vscode.AuthenticationProviderAuthenticationSessionsChangeEvent>();
|
||||
private _githubServer: GitHubServer;
|
||||
private _logger = new Log(this.type);
|
||||
private _githubServer: IGitHubServer;
|
||||
private _telemetryReporter: ExperimentationTelemetry;
|
||||
|
||||
private _keychain: Keychain;
|
||||
private _keychain: Keychain = new Keychain(this.context, `${this.type}.auth`, this._logger);
|
||||
private _sessionsPromise: Promise<vscode.AuthenticationSession[]>;
|
||||
private _disposable: vscode.Disposable;
|
||||
|
||||
constructor(private context: vscode.ExtensionContext, private type: AuthProviderType) {
|
||||
constructor(private readonly context: vscode.ExtensionContext, private readonly type: AuthProviderType) {
|
||||
const { name, version, aiKey } = context.extension.packageJSON as { name: string, version: string, aiKey: string };
|
||||
this._telemetryReporter = new ExperimentationTelemetry(context, new TelemetryReporter(name, version, aiKey));
|
||||
|
||||
this._keychain = new Keychain(context, `${type}.auth`);
|
||||
this._githubServer = new GitHubServer(type, this._telemetryReporter);
|
||||
if (this.type === AuthProviderType.github) {
|
||||
this._githubServer = new GitHubServer(this._logger, this._telemetryReporter);
|
||||
} else {
|
||||
this._githubServer = new GitHubEnterpriseServer(this._logger, this._telemetryReporter);
|
||||
}
|
||||
|
||||
// Contains the current state of the sessions we have available.
|
||||
this._sessionsPromise = this.readSessions();
|
||||
|
||||
const friendlyName = this.type === AuthProviderType.github ? 'GitHub' : 'GitHub Enterprise';
|
||||
this._disposable = vscode.Disposable.from(
|
||||
this._telemetryReporter,
|
||||
this.type === AuthProviderType.github ? vscode.window.registerUriHandler(uriHandler) : { dispose() { } },
|
||||
vscode.commands.registerCommand(`${this.type}.provide-token`, () => this.manuallyProvideToken()),
|
||||
vscode.authentication.registerAuthenticationProvider(this.type, friendlyName, this, { supportsMultipleAccounts: false }),
|
||||
this._githubServer,
|
||||
vscode.authentication.registerAuthenticationProvider(type, this._githubServer.friendlyName, this, { supportsMultipleAccounts: false }),
|
||||
this.context.secrets.onDidChange(() => this.checkForUpdates())
|
||||
);
|
||||
}
|
||||
|
@ -66,23 +68,18 @@ export class GitHubAuthenticationProvider implements vscode.AuthenticationProvid
|
|||
}
|
||||
|
||||
async getSessions(scopes?: string[]): Promise<vscode.AuthenticationSession[]> {
|
||||
Logger.info(`Getting sessions for ${scopes?.join(',') || 'all scopes'}...`);
|
||||
this._logger.info(`Getting sessions for ${scopes?.join(',') || 'all scopes'}...`);
|
||||
const sessions = await this._sessionsPromise;
|
||||
const finalSessions = scopes
|
||||
? sessions.filter(session => arrayEquals([...session.scopes].sort(), scopes.sort()))
|
||||
: sessions;
|
||||
|
||||
Logger.info(`Got ${finalSessions.length} sessions for ${scopes?.join(',') || 'all scopes'}...`);
|
||||
this._logger.info(`Got ${finalSessions.length} sessions for ${scopes?.join(',') || 'all scopes'}...`);
|
||||
return finalSessions;
|
||||
}
|
||||
|
||||
private async afterTokenLoad(token: string): Promise<void> {
|
||||
if (this.type === AuthProviderType.github) {
|
||||
this._githubServer.checkIsEdu(token);
|
||||
}
|
||||
if (this.type === AuthProviderType.githubEnterprise) {
|
||||
this._githubServer.checkEnterpriseVersion(token);
|
||||
}
|
||||
this._githubServer.sendAdditionalTelemetryInfo(token);
|
||||
}
|
||||
|
||||
private async checkForUpdates() {
|
||||
|
@ -97,7 +94,7 @@ export class GitHubAuthenticationProvider implements vscode.AuthenticationProvid
|
|||
const matchesExisting = previousSessions.some(s => s.id === session.id);
|
||||
// Another window added a session to the keychain, add it to our state as well
|
||||
if (!matchesExisting) {
|
||||
Logger.info('Adding session found in keychain');
|
||||
this._logger.info('Adding session found in keychain');
|
||||
added.push(session);
|
||||
}
|
||||
});
|
||||
|
@ -106,7 +103,7 @@ export class GitHubAuthenticationProvider implements vscode.AuthenticationProvid
|
|||
const matchesExisting = storedSessions.some(s => s.id === session.id);
|
||||
// Another window has logged out, remove from our state
|
||||
if (!matchesExisting) {
|
||||
Logger.info('Removing session no longer found in keychain');
|
||||
this._logger.info('Removing session no longer found in keychain');
|
||||
removed.push(session);
|
||||
}
|
||||
});
|
||||
|
@ -119,12 +116,12 @@ export class GitHubAuthenticationProvider implements vscode.AuthenticationProvid
|
|||
private async readSessions(): Promise<vscode.AuthenticationSession[]> {
|
||||
let sessionData: SessionData[];
|
||||
try {
|
||||
Logger.info('Reading sessions from keychain...');
|
||||
this._logger.info('Reading sessions from keychain...');
|
||||
const storedSessions = await this._keychain.getToken() || await this._keychain.tryMigrate();
|
||||
if (!storedSessions) {
|
||||
return [];
|
||||
}
|
||||
Logger.info('Got stored sessions!');
|
||||
this._logger.info('Got stored sessions!');
|
||||
|
||||
try {
|
||||
sessionData = JSON.parse(storedSessions);
|
||||
|
@ -133,7 +130,7 @@ export class GitHubAuthenticationProvider implements vscode.AuthenticationProvid
|
|||
throw e;
|
||||
}
|
||||
} catch (e) {
|
||||
Logger.error(`Error reading token: ${e}`);
|
||||
this._logger.error(`Error reading token: ${e}`);
|
||||
return [];
|
||||
}
|
||||
|
||||
|
@ -142,7 +139,7 @@ export class GitHubAuthenticationProvider implements vscode.AuthenticationProvid
|
|||
if (!session.account) {
|
||||
try {
|
||||
userInfo = await this._githubServer.getUserInfo(session.accessToken);
|
||||
Logger.info(`Verified session with the following scopes: ${session.scopes}`);
|
||||
this._logger.info(`Verified session with the following scopes: ${session.scopes}`);
|
||||
} catch (e) {
|
||||
// Remove sessions that return unauthorized response
|
||||
if (e.message === 'Unauthorized') {
|
||||
|
@ -153,7 +150,7 @@ export class GitHubAuthenticationProvider implements vscode.AuthenticationProvid
|
|||
|
||||
setTimeout(() => this.afterTokenLoad(session.accessToken), 1000);
|
||||
|
||||
Logger.trace(`Read the following session from the keychain with the following scopes: ${session.scopes}`);
|
||||
this._logger.trace(`Read the following session from the keychain with the following scopes: ${session.scopes}`);
|
||||
return {
|
||||
id: session.id,
|
||||
account: {
|
||||
|
@ -172,7 +169,7 @@ export class GitHubAuthenticationProvider implements vscode.AuthenticationProvid
|
|||
.map(p => (p as PromiseFulfilledResult<vscode.AuthenticationSession | undefined>).value)
|
||||
.filter(<T>(p?: T): p is T => Boolean(p));
|
||||
|
||||
Logger.info(`Got ${verifiedSessions.length} verified sessions.`);
|
||||
this._logger.info(`Got ${verifiedSessions.length} verified sessions.`);
|
||||
if (verifiedSessions.length !== sessionData.length) {
|
||||
await this.storeSessions(verifiedSessions);
|
||||
}
|
||||
|
@ -181,10 +178,10 @@ export class GitHubAuthenticationProvider implements vscode.AuthenticationProvid
|
|||
}
|
||||
|
||||
private async storeSessions(sessions: vscode.AuthenticationSession[]): Promise<void> {
|
||||
Logger.info(`Storing ${sessions.length} sessions...`);
|
||||
this._logger.info(`Storing ${sessions.length} sessions...`);
|
||||
this._sessionsPromise = Promise.resolve(sessions);
|
||||
await this._keychain.setToken(JSON.stringify(sessions));
|
||||
Logger.info(`Stored ${sessions.length} sessions!`);
|
||||
this._logger.info(`Stored ${sessions.length} sessions!`);
|
||||
}
|
||||
|
||||
public async createSession(scopes: string[]): Promise<vscode.AuthenticationSession> {
|
||||
|
@ -213,7 +210,7 @@ export class GitHubAuthenticationProvider implements vscode.AuthenticationProvid
|
|||
|
||||
this._sessionChangeEmitter.fire({ added: [session], removed: [], changed: [] });
|
||||
|
||||
Logger.info('Login success!');
|
||||
this._logger.info('Login success!');
|
||||
|
||||
return session;
|
||||
} catch (e) {
|
||||
|
@ -232,15 +229,11 @@ export class GitHubAuthenticationProvider implements vscode.AuthenticationProvid
|
|||
this._telemetryReporter?.sendTelemetryEvent('loginFailed');
|
||||
|
||||
vscode.window.showErrorMessage(`Sign in failed: ${e}`);
|
||||
Logger.error(e);
|
||||
this._logger.error(e);
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
public async manuallyProvideToken(): Promise<void> {
|
||||
this._githubServer.manuallyProvideToken();
|
||||
}
|
||||
|
||||
private async tokenToSession(token: string, scopes: string[]): Promise<vscode.AuthenticationSession> {
|
||||
const userInfo = await this._githubServer.getUserInfo(token);
|
||||
return {
|
||||
|
@ -258,7 +251,7 @@ export class GitHubAuthenticationProvider implements vscode.AuthenticationProvid
|
|||
*/
|
||||
this._telemetryReporter?.sendTelemetryEvent('logout');
|
||||
|
||||
Logger.info(`Logging out of ${id}`);
|
||||
this._logger.info(`Logging out of ${id}`);
|
||||
|
||||
const sessions = await this._sessionsPromise;
|
||||
const sessionIndex = sessions.findIndex(session => session.id === id);
|
||||
|
@ -270,7 +263,7 @@ export class GitHubAuthenticationProvider implements vscode.AuthenticationProvid
|
|||
|
||||
this._sessionChangeEmitter.fire({ added: [], removed: [session], changed: [] });
|
||||
} else {
|
||||
Logger.error('Session not found');
|
||||
this._logger.error('Session not found');
|
||||
}
|
||||
} catch (e) {
|
||||
/* __GDPR__
|
||||
|
@ -279,7 +272,7 @@ export class GitHubAuthenticationProvider implements vscode.AuthenticationProvid
|
|||
this._telemetryReporter?.sendTelemetryEvent('logoutFailed');
|
||||
|
||||
vscode.window.showErrorMessage(`Sign out failed: ${e}`);
|
||||
Logger.error(e);
|
||||
this._logger.error(e);
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,25 +8,27 @@ import * as vscode from 'vscode';
|
|||
import fetch, { Response } from 'node-fetch';
|
||||
import { v4 as uuid } from 'uuid';
|
||||
import { PromiseAdapter, promiseFromEvent } from './common/utils';
|
||||
import Logger from './common/logger';
|
||||
import { ExperimentationTelemetry } from './experimentationService';
|
||||
import { AuthProviderType } from './github';
|
||||
import { Log } from './common/logger';
|
||||
|
||||
const localize = nls.loadMessageBundle();
|
||||
|
||||
export const NETWORK_ERROR = 'network error';
|
||||
const NETWORK_ERROR = 'network error';
|
||||
const AUTH_RELAY_SERVER = 'vscode-auth.github.com';
|
||||
// const AUTH_RELAY_STAGING_SERVER = 'client-auth-staging-14a768b.herokuapp.com';
|
||||
|
||||
class UriEventHandler extends vscode.EventEmitter<vscode.Uri> implements vscode.UriHandler {
|
||||
constructor(private readonly Logger: Log) {
|
||||
super();
|
||||
}
|
||||
|
||||
public handleUri(uri: vscode.Uri) {
|
||||
Logger.trace('Handling Uri...');
|
||||
this.Logger.trace('Handling Uri...');
|
||||
this.fire(uri);
|
||||
}
|
||||
}
|
||||
|
||||
export const uriHandler = new UriEventHandler;
|
||||
|
||||
function parseQuery(uri: vscode.Uri) {
|
||||
return uri.query.split('&').reduce((prev: any, current) => {
|
||||
const queryString = current.split('=');
|
||||
|
@ -35,32 +37,98 @@ function parseQuery(uri: vscode.Uri) {
|
|||
}, {});
|
||||
}
|
||||
|
||||
export class GitHubServer {
|
||||
export interface IGitHubServer extends vscode.Disposable {
|
||||
login(scopes: string): Promise<string>;
|
||||
getUserInfo(token: string): Promise<{ id: string, accountName: string }>;
|
||||
sendAdditionalTelemetryInfo(token: string): Promise<void>;
|
||||
friendlyName: string;
|
||||
type: AuthProviderType;
|
||||
}
|
||||
|
||||
async function getScopes(token: string, serverUri: vscode.Uri, logger: Log): Promise<string[]> {
|
||||
try {
|
||||
logger.info('Getting token scopes...');
|
||||
const result = await fetch(serverUri.toString(), {
|
||||
headers: {
|
||||
Authorization: `token ${token}`,
|
||||
'User-Agent': 'Visual-Studio-Code'
|
||||
}
|
||||
});
|
||||
|
||||
if (result.ok) {
|
||||
const scopes = result.headers.get('X-OAuth-Scopes');
|
||||
return scopes ? scopes.split(',').map(scope => scope.trim()) : [];
|
||||
} else {
|
||||
logger.error(`Getting scopes failed: ${result.statusText}`);
|
||||
throw new Error(result.statusText);
|
||||
}
|
||||
} catch (ex) {
|
||||
logger.error(ex.message);
|
||||
throw new Error(NETWORK_ERROR);
|
||||
}
|
||||
}
|
||||
|
||||
async function getUserInfo(token: string, serverUri: vscode.Uri, logger: Log): Promise<{ id: string, accountName: string }> {
|
||||
let result: Response;
|
||||
try {
|
||||
logger.info('Getting user info...');
|
||||
result = await fetch(serverUri.toString(), {
|
||||
headers: {
|
||||
Authorization: `token ${token}`,
|
||||
'User-Agent': 'Visual-Studio-Code'
|
||||
}
|
||||
});
|
||||
} catch (ex) {
|
||||
logger.error(ex.message);
|
||||
throw new Error(NETWORK_ERROR);
|
||||
}
|
||||
|
||||
if (result.ok) {
|
||||
const json = await result.json();
|
||||
logger.info('Got account info!');
|
||||
return { id: json.id, accountName: json.login };
|
||||
} else {
|
||||
logger.error(`Getting account info failed: ${result.statusText}`);
|
||||
throw new Error(result.statusText);
|
||||
}
|
||||
}
|
||||
|
||||
export class GitHubServer implements IGitHubServer {
|
||||
friendlyName = 'GitHub';
|
||||
type = AuthProviderType.github;
|
||||
private _statusBarItem: vscode.StatusBarItem | undefined;
|
||||
private _onDidManuallyProvideToken = new vscode.EventEmitter<string | undefined>();
|
||||
|
||||
private _pendingStates = new Map<string, string[]>();
|
||||
private _codeExchangePromises = new Map<string, { promise: Promise<string>, cancel: vscode.EventEmitter<void> }>();
|
||||
private _statusBarCommandId = `${this.type}.provide-manually`;
|
||||
private _disposable: vscode.Disposable;
|
||||
private _uriHandler = new UriEventHandler(this._logger);
|
||||
|
||||
constructor(private type: AuthProviderType, private readonly telemetryReporter: ExperimentationTelemetry) { }
|
||||
|
||||
private isTestEnvironment(url: vscode.Uri): boolean {
|
||||
return this.type === AuthProviderType.githubEnterprise || /\.azurewebsites\.net$/.test(url.authority) || url.authority.startsWith('localhost:');
|
||||
constructor(private readonly _logger: Log, private readonly _telemetryReporter: ExperimentationTelemetry) {
|
||||
this._disposable = vscode.Disposable.from(
|
||||
vscode.commands.registerCommand(this._statusBarCommandId, () => this.manuallyProvideUri()),
|
||||
vscode.window.registerUriHandler(this._uriHandler));
|
||||
}
|
||||
|
||||
// TODO@joaomoreno TODO@RMacfarlane
|
||||
dispose() {
|
||||
this._disposable.dispose();
|
||||
}
|
||||
|
||||
private isTestEnvironment(url: vscode.Uri): boolean {
|
||||
return /\.azurewebsites\.net$/.test(url.authority) || url.authority.startsWith('localhost:');
|
||||
}
|
||||
|
||||
// TODO@joaomoreno TODO@TylerLeonhardt
|
||||
private async isNoCorsEnvironment(): Promise<boolean> {
|
||||
const uri = await vscode.env.asExternalUri(vscode.Uri.parse(`${vscode.env.uriScheme}://vscode.github-authentication/dummy`));
|
||||
return (uri.scheme === 'https' && /^(vscode|github)\./.test(uri.authority)) || (uri.scheme === 'http' && /^localhost/.test(uri.authority));
|
||||
}
|
||||
|
||||
public async login(scopes: string): Promise<string> {
|
||||
Logger.info(`Logging in for the following scopes: ${scopes}`);
|
||||
this.updateStatusBarItem(true);
|
||||
this._logger.info(`Logging in for the following scopes: ${scopes}`);
|
||||
|
||||
const state = uuid();
|
||||
|
||||
// TODO@joaomoreno TODO@RMacfarlane
|
||||
// TODO@joaomoreno TODO@TylerLeonhardt
|
||||
const nocors = await this.isNoCorsEnvironment();
|
||||
const callbackUri = await vscode.env.asExternalUri(vscode.Uri.parse(`${vscode.env.uriScheme}://vscode.github-authentication/did-authenticate${nocors ? '?nocors=true' : ''}`));
|
||||
|
||||
|
@ -68,7 +136,7 @@ export class GitHubServer {
|
|||
const token = await vscode.window.showInputBox({ prompt: 'GitHub Personal Access Token', ignoreFocusOut: true });
|
||||
if (!token) { throw new Error('Sign in failed: No token provided'); }
|
||||
|
||||
const tokenScopes = await this.getScopes(token); // Example: ['repo', 'user']
|
||||
const tokenScopes = await getScopes(token, this.getServerUri('/'), this._logger); // Example: ['repo', 'user']
|
||||
const scopesList = scopes.split(' '); // Example: 'read:user repo user:email'
|
||||
if (!scopesList.every(scope => {
|
||||
const included = tokenScopes.includes(scope);
|
||||
|
@ -83,21 +151,23 @@ export class GitHubServer {
|
|||
throw new Error(`The provided token is does not match the requested scopes: ${scopes}`);
|
||||
}
|
||||
|
||||
this.updateStatusBarItem(false);
|
||||
return token;
|
||||
} else {
|
||||
const existingStates = this._pendingStates.get(scopes) || [];
|
||||
this._pendingStates.set(scopes, [...existingStates, state]);
|
||||
|
||||
const uri = vscode.Uri.parse(`https://${AUTH_RELAY_SERVER}/authorize/?callbackUri=${encodeURIComponent(callbackUri.toString())}&scope=${scopes}&state=${state}&responseType=code&authServer=https://github.com${nocors ? '&nocors=true' : ''}`);
|
||||
await vscode.env.openExternal(uri);
|
||||
}
|
||||
|
||||
this.updateStatusBarItem(true);
|
||||
|
||||
const state = uuid();
|
||||
const existingStates = this._pendingStates.get(scopes) || [];
|
||||
this._pendingStates.set(scopes, [...existingStates, state]);
|
||||
|
||||
const uri = vscode.Uri.parse(`https://${AUTH_RELAY_SERVER}/authorize/?callbackUri=${encodeURIComponent(callbackUri.toString())}&scope=${scopes}&state=${state}&responseType=code&authServer=https://github.com${nocors ? '&nocors=true' : ''}`);
|
||||
await vscode.env.openExternal(uri);
|
||||
|
||||
// Register a single listener for the URI callback, in case the user starts the login process multiple times
|
||||
// before completing it.
|
||||
let codeExchangePromise = this._codeExchangePromises.get(scopes);
|
||||
if (!codeExchangePromise) {
|
||||
codeExchangePromise = promiseFromEvent(uriHandler.event, this.exchangeCodeForToken(scopes));
|
||||
codeExchangePromise = promiseFromEvent(this._uriHandler.event, this.exchangeCodeForToken(scopes));
|
||||
this._codeExchangePromises.set(scopes, codeExchangePromise);
|
||||
}
|
||||
|
||||
|
@ -109,7 +179,8 @@ export class GitHubServer {
|
|||
} else {
|
||||
resolve(token);
|
||||
}
|
||||
}).promise
|
||||
}).promise,
|
||||
new Promise<string>((_, reject) => setTimeout(() => reject('Cancelled'), 60000))
|
||||
]).finally(() => {
|
||||
this._pendingStates.delete(scopes);
|
||||
codeExchangePromise?.cancel.fire();
|
||||
|
@ -130,18 +201,18 @@ export class GitHubServer {
|
|||
// 2. Before finishing 1, you trigger a sign in with a different set of scopes
|
||||
// In this scenario we should just return and wait for the next UriHandler event
|
||||
// to run as we are probably still waiting on the user to hit 'Continue'
|
||||
Logger.info('State not found in accepted state. Skipping this execution...');
|
||||
this._logger.info('State not found in accepted state. Skipping this execution...');
|
||||
return;
|
||||
}
|
||||
|
||||
const url = `https://${AUTH_RELAY_SERVER}/token?code=${code}&state=${query.state}`;
|
||||
Logger.info('Exchanging code for token...');
|
||||
this._logger.info('Exchanging code for token...');
|
||||
|
||||
// TODO@joao: remove
|
||||
if (query.nocors) {
|
||||
try {
|
||||
const json: any = await vscode.commands.executeCommand('_workbench.fetchJSON', url, 'POST');
|
||||
Logger.info('Token exchange success!');
|
||||
this._logger.info('Token exchange success!');
|
||||
resolve(json.access_token);
|
||||
} catch (err) {
|
||||
reject(err);
|
||||
|
@ -157,7 +228,7 @@ export class GitHubServer {
|
|||
|
||||
if (result.ok) {
|
||||
const json = await result.json();
|
||||
Logger.info('Token exchange success!');
|
||||
this._logger.info('Token exchange success!');
|
||||
resolve(json.access_token);
|
||||
} else {
|
||||
reject(result.statusText);
|
||||
|
@ -168,18 +239,8 @@ export class GitHubServer {
|
|||
}
|
||||
};
|
||||
|
||||
private getServerUri(path?: string) {
|
||||
const apiUri = this.type === AuthProviderType.githubEnterprise
|
||||
? vscode.Uri.parse(vscode.workspace.getConfiguration('github-enterprise').get<string>('uri') || '', true)
|
||||
: vscode.Uri.parse('https://api.github.com');
|
||||
|
||||
if (!path) {
|
||||
path = '';
|
||||
}
|
||||
if (this.type === AuthProviderType.githubEnterprise) {
|
||||
path = '/api/v3' + path;
|
||||
}
|
||||
|
||||
private getServerUri(path: string = '') {
|
||||
const apiUri = vscode.Uri.parse('https://api.github.com');
|
||||
return vscode.Uri.parse(`${apiUri.scheme}://${apiUri.authority}${path}`);
|
||||
}
|
||||
|
||||
|
@ -187,12 +248,8 @@ export class GitHubServer {
|
|||
if (isStart && !this._statusBarItem) {
|
||||
this._statusBarItem = vscode.window.createStatusBarItem('status.git.signIn', vscode.StatusBarAlignment.Left);
|
||||
this._statusBarItem.name = localize('status.git.signIn.name', "GitHub Sign-in");
|
||||
this._statusBarItem.text = this.type === AuthProviderType.github
|
||||
? localize('signingIn', "$(mark-github) Signing in to github.com...")
|
||||
: localize('signingInEnterprise', "$(mark-github) Signing in to {0}...", this.getServerUri().authority);
|
||||
this._statusBarItem.command = this.type === AuthProviderType.github
|
||||
? 'github.provide-token'
|
||||
: 'github-enterprise.provide-token';
|
||||
this._statusBarItem.text = localize('signingIn', "$(mark-github) Signing in to github.com...");
|
||||
this._statusBarItem.command = this._statusBarCommandId;
|
||||
this._statusBarItem.show();
|
||||
}
|
||||
|
||||
|
@ -202,73 +259,38 @@ export class GitHubServer {
|
|||
}
|
||||
}
|
||||
|
||||
public async manuallyProvideToken() {
|
||||
const uriOrToken = await vscode.window.showInputBox({ prompt: 'Token', ignoreFocusOut: true });
|
||||
if (!uriOrToken) {
|
||||
this._onDidManuallyProvideToken.fire(undefined);
|
||||
private async manuallyProvideUri() {
|
||||
const uri = await vscode.window.showInputBox({
|
||||
prompt: 'Uri',
|
||||
ignoreFocusOut: true,
|
||||
validateInput(value) {
|
||||
if (!value) {
|
||||
return undefined;
|
||||
}
|
||||
const error = localize('validUri', "Please enter a valid Uri from the GitHub login page.");
|
||||
try {
|
||||
const uri = vscode.Uri.parse(value.trim());
|
||||
if (!uri.scheme || uri.scheme === 'file') {
|
||||
return error;
|
||||
}
|
||||
} catch (e) {
|
||||
return error;
|
||||
}
|
||||
return undefined;
|
||||
}
|
||||
});
|
||||
if (!uri) {
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
const uri = vscode.Uri.parse(uriOrToken.trim());
|
||||
if (!uri.scheme || uri.scheme === 'file') { throw new Error; }
|
||||
uriHandler.handleUri(uri);
|
||||
} catch (e) {
|
||||
// If it doesn't look like a URI, treat it as a token.
|
||||
Logger.info('Treating input as token');
|
||||
this._onDidManuallyProvideToken.fire(uriOrToken);
|
||||
}
|
||||
this._uriHandler.handleUri(vscode.Uri.parse(uri.trim()));
|
||||
}
|
||||
|
||||
private async getScopes(token: string): Promise<string[]> {
|
||||
try {
|
||||
Logger.info('Getting token scopes...');
|
||||
const result = await fetch(this.getServerUri('/').toString(), {
|
||||
headers: {
|
||||
Authorization: `token ${token}`,
|
||||
'User-Agent': 'Visual-Studio-Code'
|
||||
}
|
||||
});
|
||||
|
||||
if (result.ok) {
|
||||
const scopes = result.headers.get('X-OAuth-Scopes');
|
||||
return scopes ? scopes.split(',').map(scope => scope.trim()) : [];
|
||||
} else {
|
||||
Logger.error(`Getting scopes failed: ${result.statusText}`);
|
||||
throw new Error(result.statusText);
|
||||
}
|
||||
} catch (ex) {
|
||||
Logger.error(ex.message);
|
||||
throw new Error(NETWORK_ERROR);
|
||||
}
|
||||
public getUserInfo(token: string): Promise<{ id: string, accountName: string }> {
|
||||
return getUserInfo(token, this.getServerUri('/user'), this._logger);
|
||||
}
|
||||
|
||||
public async getUserInfo(token: string): Promise<{ id: string, accountName: string }> {
|
||||
let result: Response;
|
||||
try {
|
||||
Logger.info('Getting user info...');
|
||||
result = await fetch(this.getServerUri('/user').toString(), {
|
||||
headers: {
|
||||
Authorization: `token ${token}`,
|
||||
'User-Agent': 'Visual-Studio-Code'
|
||||
}
|
||||
});
|
||||
} catch (ex) {
|
||||
Logger.error(ex.message);
|
||||
throw new Error(NETWORK_ERROR);
|
||||
}
|
||||
|
||||
if (result.ok) {
|
||||
const json = await result.json();
|
||||
Logger.info('Got account info!');
|
||||
return { id: json.id, accountName: json.login };
|
||||
} else {
|
||||
Logger.error(`Getting account info failed: ${result.statusText}`);
|
||||
throw new Error(result.statusText);
|
||||
}
|
||||
}
|
||||
|
||||
public async checkIsEdu(token: string): Promise<void> {
|
||||
public async sendAdditionalTelemetryInfo(token: string): Promise<void> {
|
||||
const nocors = await this.isNoCorsEnvironment();
|
||||
|
||||
if (nocors) {
|
||||
|
@ -292,7 +314,7 @@ export class GitHubServer {
|
|||
"isEdu": { "classification": "NonIdentifiableDemographicInfo", "purpose": "FeatureInsight" }
|
||||
}
|
||||
*/
|
||||
this.telemetryReporter.sendTelemetryEvent('session', {
|
||||
this._telemetryReporter.sendTelemetryEvent('session', {
|
||||
isEdu: json.student
|
||||
? 'student'
|
||||
: json.faculty
|
||||
|
@ -306,6 +328,88 @@ export class GitHubServer {
|
|||
}
|
||||
|
||||
public async checkEnterpriseVersion(token: string): Promise<void> {
|
||||
try {
|
||||
|
||||
const result = await fetch(this.getServerUri('/meta').toString(), {
|
||||
headers: {
|
||||
Authorization: `token ${token}`,
|
||||
'User-Agent': 'Visual-Studio-Code'
|
||||
}
|
||||
});
|
||||
|
||||
if (!result.ok) {
|
||||
return;
|
||||
}
|
||||
|
||||
const json: { verifiable_password_authentication: boolean, installed_version: string } = await result.json();
|
||||
|
||||
/* __GDPR__
|
||||
"ghe-session" : {
|
||||
"version": { "classification": "SystemMetaData", "purpose": "FeatureInsight" }
|
||||
}
|
||||
*/
|
||||
this._telemetryReporter.sendTelemetryEvent('ghe-session', {
|
||||
version: json.installed_version
|
||||
});
|
||||
} catch {
|
||||
// No-op
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
export class GitHubEnterpriseServer implements IGitHubServer {
|
||||
friendlyName = 'GitHub Enterprise';
|
||||
type = AuthProviderType.githubEnterprise;
|
||||
|
||||
private _onDidManuallyProvideToken = new vscode.EventEmitter<string | undefined>();
|
||||
private _statusBarCommandId = `github-enterprise.provide-manually`;
|
||||
private _disposable: vscode.Disposable;
|
||||
|
||||
constructor(private readonly _logger: Log, private readonly telemetryReporter: ExperimentationTelemetry) {
|
||||
this._disposable = vscode.commands.registerCommand(this._statusBarCommandId, async () => {
|
||||
const token = await vscode.window.showInputBox({ prompt: 'Token', ignoreFocusOut: true });
|
||||
this._onDidManuallyProvideToken.fire(token);
|
||||
});
|
||||
}
|
||||
|
||||
dispose() {
|
||||
this._disposable.dispose();
|
||||
}
|
||||
|
||||
public async login(scopes: string): Promise<string> {
|
||||
this._logger.info(`Logging in for the following scopes: ${scopes}`);
|
||||
|
||||
const token = await vscode.window.showInputBox({ prompt: 'GitHub Personal Access Token', ignoreFocusOut: true });
|
||||
if (!token) { throw new Error('Sign in failed: No token provided'); }
|
||||
|
||||
const tokenScopes = await getScopes(token, this.getServerUri('/'), this._logger); // Example: ['repo', 'user']
|
||||
const scopesList = scopes.split(' '); // Example: 'read:user repo user:email'
|
||||
if (!scopesList.every(scope => {
|
||||
const included = tokenScopes.includes(scope);
|
||||
if (included || !scope.includes(':')) {
|
||||
return included;
|
||||
}
|
||||
|
||||
return scope.split(':').some(splitScopes => {
|
||||
return tokenScopes.includes(splitScopes);
|
||||
});
|
||||
})) {
|
||||
throw new Error(`The provided token is does not match the requested scopes: ${scopes}`);
|
||||
}
|
||||
|
||||
return token;
|
||||
}
|
||||
|
||||
private getServerUri(path: string = '') {
|
||||
const apiUri = vscode.Uri.parse(vscode.workspace.getConfiguration('github-enterprise').get<string>('uri') || '', true);
|
||||
return vscode.Uri.parse(`${apiUri.scheme}://${apiUri.authority}/api/v3${path}`);
|
||||
}
|
||||
|
||||
public async getUserInfo(token: string): Promise<{ id: string, accountName: string }> {
|
||||
return getUserInfo(token, this.getServerUri('/user'), this._logger);
|
||||
}
|
||||
|
||||
public async sendAdditionalTelemetryInfo(token: string): Promise<void> {
|
||||
try {
|
||||
|
||||
const result = await fetch(this.getServerUri('/meta').toString(), {
|
||||
|
|
Loading…
Reference in a new issue