Merge from vscode 6fded8a497cd0142de3a1c607649a5423a091a25

2026-02-12 02:58:31 -05:00 · 2020-04-04 04:30:52 +00:00
parent 00cc0074f7
commit 35f1a014d5
184 changed files with 3043 additions and 2285 deletions
--- a/src/vs/workbench/api/common/extHostAuthentication.ts
+++ b/src/vs/workbench/api/common/extHostAuthentication.ts
@@ -9,6 +9,7 @@ import { Emitter, Event } from 'vs/base/common/event';
 import { IMainContext, MainContext, MainThreadAuthenticationShape, ExtHostAuthenticationShape } from 'vs/workbench/api/common/extHost.protocol';
 import { Disposable } from 'vs/workbench/api/common/extHostTypes';
 import { IExtensionDescription, ExtensionIdentifier } from 'vs/platform/extensions/common/extensions';
+import { IExtHostStorage } from 'vs/workbench/api/common/extHostStorage';

 export class ExtHostAuthentication implements ExtHostAuthenticationShape {
 	private _proxy: MainThreadAuthenticationShape;
@@ -20,7 +21,8 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape {
 	private _onDidChangeSessions = new Emitter<{ [providerId: string]: vscode.AuthenticationSessionsChangeEvent }>();
 	readonly onDidChangeSessions: Event<{ [providerId: string]: vscode.AuthenticationSessionsChangeEvent }> = this._onDidChangeSessions.event;

-	constructor(mainContext: IMainContext) {
+	constructor(mainContext: IMainContext,
+		@IExtHostStorage private readonly storageService: IExtHostStorage) {
 		this._proxy = mainContext.getProxy(MainContext.MainThreadAuthentication);
 	}

@@ -33,15 +35,34 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape {
 		return ids;
 	}

+	private async hasNotBeenReadByOtherExtension(providerId: string, session: vscode.AuthenticationSession, extensionId: string): Promise<boolean> {
+		const readerId = await this.storageService.getValue(true, `${providerId}-${session.accountName}-${session.id}`);
+		if (!readerId) {
+			await this.storageService.setValue(true, `${providerId}-${session.accountName}-${session.id}`, extensionId as any);
+			return true;
+		}
+
+		return readerId === extensionId;
+	}
+
+	private async isMatchingSession(session: vscode.AuthenticationSession, scopes: string, providerId: string, extensionId: string): Promise<boolean> {
+		return session.scopes.sort().join(' ') === scopes && (await this.hasNotBeenReadByOtherExtension(providerId, session, extensionId));
+	}
+
 	async getSessions(requestingExtension: IExtensionDescription, providerId: string, scopes: string[]): Promise<readonly vscode.AuthenticationSession[]> {
 		const provider = this._authenticationProviders.get(providerId);
 		if (!provider) {
 			throw new Error(`No authentication provider with id '${providerId}' is currently registered.`);
 		}

+		const extensionId = ExtensionIdentifier.toKey(requestingExtension.identifier);
 		const orderedScopes = scopes.sort().join(' ');
-		return (await provider.getSessions())
-			.filter(session => session.scopes.sort().join(' ') === orderedScopes)
+
+		const sessions = await provider.getSessions();
+		const filteredSessions = await Promise.all(sessions.map(session => this.isMatchingSession(session, orderedScopes, providerId, extensionId)));
+
+		return sessions
+			.filter((_, i) => { return filteredSessions[i]; })
 			.map(session => {
 				return {
 					id: session.id,
@@ -51,8 +72,9 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape {
 						const isAllowed = await this._proxy.$getSessionsPrompt(
 							provider.id,
 							session.accountName,
+							session.id,
 							provider.displayName,
-							ExtensionIdentifier.toKey(requestingExtension.identifier),
+							extensionId,
 							requestingExtension.displayName || requestingExtension.name);

 						if (!isAllowed) {
@@ -77,9 +99,28 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape {
 			throw new Error('User did not consent to login.');
 		}

-		const newSession = await provider.login(scopes);
-		await this._proxy.$setTrustedExtension(provider.id, newSession.accountName, ExtensionIdentifier.toKey(requestingExtension.identifier), extensionName);
-		return newSession;
+		const session = await provider.login(scopes);
+		await this._proxy.$setTrustedExtension(provider.id, session.accountName, ExtensionIdentifier.toKey(requestingExtension.identifier), extensionName);
+		return {
+			id: session.id,
+			accountName: session.accountName,
+			scopes: session.scopes,
+			getAccessToken: async () => {
+				const isAllowed = await this._proxy.$getSessionsPrompt(
+					provider.id,
+					session.accountName,
+					session.id,
+					provider.displayName,
+					ExtensionIdentifier.toKey(requestingExtension.identifier),
+					requestingExtension.displayName || requestingExtension.name);
+
+				if (!isAllowed) {
+					throw new Error('User did not consent to token access.');
+				}
+
+				return session.getAccessToken();
+			}
+		};
 	}

 	registerAuthenticationProvider(provider: vscode.AuthenticationProvider): vscode.Disposable {