mirror of
https://github.com/Microsoft/vscode
synced 2024-10-30 21:06:57 +00:00
Update trusted extensions flow again
This commit is contained in:
parent
df6e2e96a5
commit
ace72b77c5
4 changed files with 7 additions and 57 deletions
|
@ -35,7 +35,6 @@ const BUILT_IN_AUTH_DEPENDENTS: AuthDependent[] = [
|
|||
interface AllowedExtension {
|
||||
id: string;
|
||||
name: string;
|
||||
sessionIds?: string[];
|
||||
}
|
||||
|
||||
function readAllowedExtensions(storageService: IStorageService, providerId: string, accountName: string): AllowedExtension[] {
|
||||
|
@ -87,15 +86,6 @@ export class MainThreadAuthenticationProvider extends Disposable {
|
|||
const updatedAllowedList = quickPick.selectedItems.map(item => item.extension);
|
||||
storageService.store(`${this.id}-${accountName}`, JSON.stringify(updatedAllowedList), StorageScope.GLOBAL);
|
||||
|
||||
// Remove sessions of untrusted extensions
|
||||
const deselectedItems = items.filter(item => !quickPick.selectedItems.includes(item));
|
||||
deselectedItems.forEach(item => {
|
||||
const extensionData = allowedExtensions.find(extension => item.extension.id === extension.id);
|
||||
extensionData?.sessionIds?.forEach(sessionId => {
|
||||
this.logout(sessionId);
|
||||
});
|
||||
});
|
||||
|
||||
quickPick.dispose();
|
||||
});
|
||||
|
||||
|
@ -286,19 +276,10 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu
|
|||
this.authenticationService.sessionsUpdate(id, event);
|
||||
}
|
||||
|
||||
async $getSessionsPrompt(providerId: string, accountName: string, sessionId: string, providerName: string, extensionId: string, extensionName: string): Promise<boolean> {
|
||||
async $getSessionsPrompt(providerId: string, accountName: string, providerName: string, extensionId: string, extensionName: string): Promise<boolean> {
|
||||
const allowList = readAllowedExtensions(this.storageService, providerId, accountName);
|
||||
const extensionData = allowList.find(extension => extension.id === extensionId);
|
||||
if (extensionData) {
|
||||
if (!extensionData.sessionIds) {
|
||||
extensionData.sessionIds = [];
|
||||
}
|
||||
|
||||
if (!extensionData.sessionIds.find(id => id === sessionId)) {
|
||||
extensionData.sessionIds.push(sessionId);
|
||||
this.storageService.store(`${providerId}-${accountName}`, JSON.stringify(allowList), StorageScope.GLOBAL);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -313,7 +294,7 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu
|
|||
|
||||
const allow = choice === 1;
|
||||
if (allow) {
|
||||
allowList.push({ id: extensionId, name: extensionName, sessionIds: [sessionId] });
|
||||
allowList.push({ id: extensionId, name: extensionName });
|
||||
this.storageService.store(`${providerId}-${accountName}`, JSON.stringify(allowList), StorageScope.GLOBAL);
|
||||
}
|
||||
|
||||
|
@ -332,12 +313,4 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu
|
|||
|
||||
return choice === 1;
|
||||
}
|
||||
|
||||
async $setTrustedExtension(providerId: string, accountName: string, extensionId: string, extensionName: string): Promise<void> {
|
||||
const allowList = readAllowedExtensions(this.storageService, providerId, accountName);
|
||||
if (!allowList.find(allowed => allowed.id === extensionId)) {
|
||||
allowList.push({ id: extensionId, name: extensionName, sessionIds: [] });
|
||||
this.storageService.store(`${providerId}-${accountName}`, JSON.stringify(allowList), StorageScope.GLOBAL);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -133,7 +133,7 @@ export function createApiFactoryAndRegisterActors(accessor: ServicesAccessor): I
|
|||
const extHostLabelService = rpcProtocol.set(ExtHostContext.ExtHosLabelService, new ExtHostLabelService(rpcProtocol));
|
||||
const extHostNotebook = rpcProtocol.set(ExtHostContext.ExtHostNotebook, new ExtHostNotebookController(rpcProtocol, extHostCommands, extHostDocumentsAndEditors));
|
||||
const extHostTheming = rpcProtocol.set(ExtHostContext.ExtHostTheming, new ExtHostTheming(rpcProtocol));
|
||||
const extHostAuthentication = rpcProtocol.set(ExtHostContext.ExtHostAuthentication, new ExtHostAuthentication(rpcProtocol, extHostStorage));
|
||||
const extHostAuthentication = rpcProtocol.set(ExtHostContext.ExtHostAuthentication, new ExtHostAuthentication(rpcProtocol));
|
||||
const extHostTimeline = rpcProtocol.set(ExtHostContext.ExtHostTimeline, new ExtHostTimeline(rpcProtocol, extHostCommands));
|
||||
const extHostWebviews = rpcProtocol.set(ExtHostContext.ExtHostWebviews, new ExtHostWebviews(rpcProtocol, initData.environment, extHostWorkspace, extHostLogService, extHostApiDeprecation, extHostDocuments));
|
||||
|
||||
|
|
|
@ -158,9 +158,8 @@ export interface MainThreadAuthenticationShape extends IDisposable {
|
|||
$registerAuthenticationProvider(id: string, displayName: string): void;
|
||||
$unregisterAuthenticationProvider(id: string): void;
|
||||
$onDidChangeSessions(providerId: string, event: modes.AuthenticationSessionsChangeEvent): void;
|
||||
$getSessionsPrompt(providerId: string, accountName: string, sessionId: string, providerName: string, extensionId: string, extensionName: string): Promise<boolean>;
|
||||
$getSessionsPrompt(providerId: string, accountName: string, providerName: string, extensionId: string, extensionName: string): Promise<boolean>;
|
||||
$loginPrompt(providerName: string, extensionName: string): Promise<boolean>;
|
||||
$setTrustedExtension(providerId: string, accountName: string, extensionId: string, extensionName: string): Promise<void>;
|
||||
}
|
||||
|
||||
export interface MainThreadConfigurationShape extends IDisposable {
|
||||
|
|
|
@ -9,7 +9,6 @@ import { Emitter, Event } from 'vs/base/common/event';
|
|||
import { IMainContext, MainContext, MainThreadAuthenticationShape, ExtHostAuthenticationShape } from 'vs/workbench/api/common/extHost.protocol';
|
||||
import { Disposable } from 'vs/workbench/api/common/extHostTypes';
|
||||
import { IExtensionDescription, ExtensionIdentifier } from 'vs/platform/extensions/common/extensions';
|
||||
import { IExtHostStorage } from 'vs/workbench/api/common/extHostStorage';
|
||||
|
||||
export class ExtHostAuthentication implements ExtHostAuthenticationShape {
|
||||
private _proxy: MainThreadAuthenticationShape;
|
||||
|
@ -21,8 +20,7 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape {
|
|||
private _onDidChangeSessions = new Emitter<{ [providerId: string]: vscode.AuthenticationSessionsChangeEvent }>();
|
||||
readonly onDidChangeSessions: Event<{ [providerId: string]: vscode.AuthenticationSessionsChangeEvent }> = this._onDidChangeSessions.event;
|
||||
|
||||
constructor(mainContext: IMainContext,
|
||||
@IExtHostStorage private readonly storageService: IExtHostStorage) {
|
||||
constructor(mainContext: IMainContext) {
|
||||
this._proxy = mainContext.getProxy(MainContext.MainThreadAuthentication);
|
||||
}
|
||||
|
||||
|
@ -35,20 +33,6 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape {
|
|||
return ids;
|
||||
}
|
||||
|
||||
private async hasNotBeenReadByOtherExtension(providerId: string, session: vscode.AuthenticationSession, extensionId: string): Promise<boolean> {
|
||||
const readerId = await this.storageService.getValue(true, `${providerId}-${session.accountName}-${session.id}`);
|
||||
if (!readerId) {
|
||||
await this.storageService.setValue(true, `${providerId}-${session.accountName}-${session.id}`, extensionId as any);
|
||||
return true;
|
||||
}
|
||||
|
||||
return readerId === extensionId;
|
||||
}
|
||||
|
||||
private async isMatchingSession(session: vscode.AuthenticationSession, scopes: string, providerId: string, extensionId: string): Promise<boolean> {
|
||||
return session.scopes.sort().join(' ') === scopes && (await this.hasNotBeenReadByOtherExtension(providerId, session, extensionId));
|
||||
}
|
||||
|
||||
async getSessions(requestingExtension: IExtensionDescription, providerId: string, scopes: string[]): Promise<readonly vscode.AuthenticationSession[]> {
|
||||
const provider = this._authenticationProviders.get(providerId);
|
||||
if (!provider) {
|
||||
|
@ -58,11 +42,8 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape {
|
|||
const extensionId = ExtensionIdentifier.toKey(requestingExtension.identifier);
|
||||
const orderedScopes = scopes.sort().join(' ');
|
||||
|
||||
const sessions = await provider.getSessions();
|
||||
const filteredSessions = await Promise.all(sessions.map(session => this.isMatchingSession(session, orderedScopes, providerId, extensionId)));
|
||||
|
||||
return sessions
|
||||
.filter((_, i) => { return filteredSessions[i]; })
|
||||
return (await provider.getSessions())
|
||||
.filter(session => session.scopes.sort().join(' ') === orderedScopes)
|
||||
.map(session => {
|
||||
return {
|
||||
id: session.id,
|
||||
|
@ -72,7 +53,6 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape {
|
|||
const isAllowed = await this._proxy.$getSessionsPrompt(
|
||||
provider.id,
|
||||
session.accountName,
|
||||
session.id,
|
||||
provider.displayName,
|
||||
extensionId,
|
||||
requestingExtension.displayName || requestingExtension.name);
|
||||
|
@ -100,7 +80,6 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape {
|
|||
}
|
||||
|
||||
const session = await provider.login(scopes);
|
||||
await this._proxy.$setTrustedExtension(provider.id, session.accountName, ExtensionIdentifier.toKey(requestingExtension.identifier), extensionName);
|
||||
return {
|
||||
id: session.id,
|
||||
accountName: session.accountName,
|
||||
|
@ -109,7 +88,6 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape {
|
|||
const isAllowed = await this._proxy.$getSessionsPrompt(
|
||||
provider.id,
|
||||
session.accountName,
|
||||
session.id,
|
||||
provider.displayName,
|
||||
ExtensionIdentifier.toKey(requestingExtension.identifier),
|
||||
requestingExtension.displayName || requestingExtension.name);
|
||||
|
|
Loading…
Reference in a new issue