Merge from vscode 27ada910e121e23a6d95ecca9cae595fb98ab568

2026-02-02 01:25:39 -05:00 · 2020-04-30 00:53:43 +00:00
parent 87e5239713
commit 93f35ca321
413 changed files with 7190 additions and 8756 deletions
--- a/extensions/github-authentication/src/extension.ts
+++ b/extensions/github-authentication/src/extension.ts
@@ -18,6 +18,10 @@ export async function activate(context: vscode.ExtensionContext) {

 	await loginService.initialize();

+	context.subscriptions.push(vscode.commands.registerCommand('github.provide-token', () => {
+		return loginService.manuallyProvideToken();
+	}));
+
 	vscode.authentication.registerAuthenticationProvider({
 		id: 'github',
 		displayName: 'GitHub',
--- a/extensions/github-authentication/src/github.ts
+++ b/extensions/github-authentication/src/github.ts
@@ -6,7 +6,7 @@
 import * as vscode from 'vscode';
 import * as uuid from 'uuid';
 import { keychain } from './common/keychain';
-import { GitHubServer } from './githubServer';
+import { GitHubServer, NETWORK_ERROR } from './githubServer';
 import Logger from './common/logger';

 export const onDidChangeSessions = new vscode.EventEmitter<vscode.AuthenticationSessionsChangeEvent>();
@@ -38,13 +38,26 @@ export class GitHubAuthenticationProvider {
 	private _githubServer = new GitHubServer();

 	public async initialize(): Promise<void> {
-		this._sessions = await this.readSessions();
+		try {
+			this._sessions = await this.readSessions();
+		} catch (e) {
+			// Ignore, network request failed
+		}
+
+		// TODO revert Cannot validate tokens from auth server, no available clientId
+		// await this.validateSessions();
 		this.pollForChange();
 	}

 	private pollForChange() {
 		setTimeout(async () => {
-			const storedSessions = await this.readSessions();
+			let storedSessions: vscode.AuthenticationSession[];
+			try {
+				storedSessions = await this.readSessions();
+			} catch (e) {
+				// Ignore, network request failed
+				return;
+			}

 			const added: string[] = [];
 			const removed: string[] = [];
@@ -53,6 +66,7 @@ export class GitHubAuthenticationProvider {
 				const matchesExisting = this._sessions.some(s => s.id === session.id);
 				// Another window added a session to the keychain, add it to our state as well
 				if (!matchesExisting) {
+					Logger.info('Adding session found in keychain');
 					this._sessions.push(session);
 					added.push(session.id);
 				}
@@ -62,6 +76,7 @@ export class GitHubAuthenticationProvider {
 				const matchesExisting = storedSessions.some(s => s.id === session.id);
 				// Another window has logged out, remove from our state
 				if (!matchesExisting) {
+					Logger.info('Removing session no longer found in keychain');
 					const sessionIndex = this._sessions.findIndex(s => s.id === session.id);
 					if (sessionIndex > -1) {
 						this._sessions.splice(sessionIndex, 1);
@@ -84,35 +99,36 @@ export class GitHubAuthenticationProvider {
 		if (storedSessions) {
 			try {
 				const sessionData: (SessionData | OldSessionData)[] = JSON.parse(storedSessions);
-				const sessionPromises = sessionData.map(async (session: SessionData | OldSessionData): Promise<vscode.AuthenticationSession | undefined> => {
-					try {
-						const needsUserInfo = isOldSessionData(session) || !session.account;
-						let userInfo: { id: string, accountName: string };
-						if (needsUserInfo) {
-							userInfo = await this._githubServer.getUserInfo(session.accessToken);
-						}
-
-						return {
-							id: session.id,
-							account: {
-								displayName: isOldSessionData(session)
-									? session.accountName
-									: session.account?.displayName ?? userInfo!.accountName,
-								id: isOldSessionData(session)
-									? userInfo!.id
-									: session.account?.id ?? userInfo!.id
-							},
-							scopes: session.scopes,
-							getAccessToken: () => Promise.resolve(session.accessToken)
-						};
-					} catch (e) {
-						return undefined;
+				const sessionPromises = sessionData.map(async (session: SessionData | OldSessionData): Promise<vscode.AuthenticationSession> => {
+					const needsUserInfo = isOldSessionData(session) || !session.account;
+					let userInfo: { id: string, accountName: string };
+					if (needsUserInfo) {
+						userInfo = await this._githubServer.getUserInfo(session.accessToken);
 					}
+
+					return {
+						id: session.id,
+						account: {
+							displayName: isOldSessionData(session)
+								? session.accountName
+								: session.account?.displayName ?? userInfo!.accountName,
+							id: isOldSessionData(session)
+								? userInfo!.id
+								: session.account?.id ?? userInfo!.id
+						},
+						scopes: session.scopes,
+						getAccessToken: () => Promise.resolve(session.accessToken)
+					};
 				});

-				return (await Promise.all(sessionPromises)).filter((x: vscode.AuthenticationSession | undefined): x is vscode.AuthenticationSession => !!x);
+				return Promise.all(sessionPromises);
 			} catch (e) {
+				if (e === NETWORK_ERROR) {
+					return [];
+				}
+
 				Logger.error(`Error reading sessions: ${e}`);
+				await keychain.deleteToken();
 			}
 		}

@@ -154,6 +170,10 @@ export class GitHubAuthenticationProvider {
 		}
 	}

+	public async manuallyProvideToken(): Promise<void> {
+		this._githubServer.manuallyProvideToken();
+	}
+
 	private async tokenToSession(token: string, scopes: string[]): Promise<vscode.AuthenticationSession> {
 		const userInfo = await this._githubServer.getUserInfo(token);
 		return {
@@ -180,13 +200,15 @@ export class GitHubAuthenticationProvider {
 	public async logout(id: string) {
 		const sessionIndex = this._sessions.findIndex(session => session.id === id);
 		if (sessionIndex > -1) {
-			const session = this._sessions.splice(sessionIndex, 1)[0];
-			const token = await session.getAccessToken();
-			try {
-				await this._githubServer.revokeToken(token);
-			} catch (_) {
-				// ignore, should still remove from keychain
-			}
+			this._sessions.splice(sessionIndex, 1);
+			// TODO revert
+			// Cannot revoke tokens from auth server, no clientId available
+			// const token = await session.getAccessToken();
+			// try {
+			// 	await this._githubServer.revokeToken(token);
+			// } catch (_) {
+			// 	// ignore, should still remove from keychain
+			// }
 		}

 		await this.storeSessions();
--- a/extensions/github-authentication/src/githubServer.ts
+++ b/extensions/github-authentication/src/githubServer.ts
@@ -4,11 +4,17 @@
 *--------------------------------------------------------------------------------------------*/

 import * as https from 'https';
+import * as nls from 'vscode-nls';
 import * as vscode from 'vscode';
 import * as uuid from 'uuid';
 import { PromiseAdapter, promiseFromEvent } from './common/utils';
 import Logger from './common/logger';
-import ClientRegistrar, { ClientDetails } from './common/clientRegistrar';
+import ClientRegistrar from './common/clientRegistrar';
+
+const localize = nls.loadMessageBundle();
+
+export const NETWORK_ERROR = 'network error';
+const AUTH_RELAY_SERVER = 'vscode-auth.github.com';

 class UriEventHandler extends vscode.EventEmitter<vscode.Uri> implements vscode.UriHandler {
 	public handleUri(uri: vscode.Uri) {
@@ -18,8 +24,8 @@ class UriEventHandler extends vscode.EventEmitter<vscode.Uri> implements vscode.

 export const uriHandler = new UriEventHandler;

-const exchangeCodeForToken: (state: string, clientDetails: ClientDetails) => PromiseAdapter<vscode.Uri, string> =
-	(state, clientDetails) => async (uri, resolve, reject) => {
+const exchangeCodeForToken: (state: string, host: string, getPath: (code: string) => string) => PromiseAdapter<vscode.Uri, string> =
+	(state, host, getPath) => async (uri, resolve, reject) => {
 		Logger.info('Exchanging code for token...');
 		const query = parseQuery(uri);
 		const code = query.code;
@@ -30,8 +36,8 @@ const exchangeCodeForToken: (state: string, clientDetails: ClientDetails) => Pro
 		}

 		const post = https.request({
-			host: 'github.com',
-			path: `/login/oauth/access_token?client_id=${clientDetails.id}&client_secret=${clientDetails.secret}&state=${query.state}&code=${code}`,
+			host: host,
+			path: getPath(code),
 			method: 'POST',
 			headers: {
 				Accept: 'application/json'
@@ -67,15 +73,61 @@ function parseQuery(uri: vscode.Uri) {
 }

 export class GitHubServer {
+	private _statusBarItem: vscode.StatusBarItem | undefined;
+
 	public async login(scopes: string): Promise<string> {
 		Logger.info('Logging in...');
+		this.updateStatusBarItem(true);
+
 		const state = uuid();
 		const callbackUri = await vscode.env.asExternalUri(vscode.Uri.parse(`${vscode.env.uriScheme}://vscode.github-authentication/did-authenticate`));
-		const clientDetails = scopes === 'vso' ? ClientRegistrar.getGitHubAppDetails() : ClientRegistrar.getClientDetails(callbackUri);
-		const uri = vscode.Uri.parse(`https://github.com/login/oauth/authorize?redirect_uri=${encodeURIComponent(callbackUri.toString())}&scope=${scopes}&state=${state}&client_id=${clientDetails.id}`);
+		let uri = vscode.Uri.parse(`https://${AUTH_RELAY_SERVER}/authorize/?callbackUri=${encodeURIComponent(callbackUri.toString())}&scope=${scopes}&state=${state}&responseType=code`);
+		if (scopes === 'vso') {
+			const clientDetails = ClientRegistrar.getGitHubAppDetails();
+			uri = vscode.Uri.parse(`https://github.com/login/oauth/authorize?redirect_uri=${encodeURIComponent(callbackUri.toString())}&scope=${scopes}&state=${state}&client_id=${clientDetails.id}`);
+		}

 		vscode.env.openExternal(uri);
-		return promiseFromEvent(uriHandler.event, exchangeCodeForToken(state, clientDetails));
+
+		return promiseFromEvent(uriHandler.event, exchangeCodeForToken(state,
+			scopes === 'vso' ? 'github.com' : AUTH_RELAY_SERVER,
+			(code) => {
+				if (scopes === 'vso') {
+					const clientDetails = ClientRegistrar.getGitHubAppDetails();
+					return `/login/oauth/access_token?client_id=${clientDetails.id}&client_secret=${clientDetails.secret}&state=${state}&code=${code}`;
+				} else {
+					return `/token?code=${code}&state=${state}`;
+				}
+			})).finally(() => {
+				this.updateStatusBarItem(false);
+			});
+	}
+
+	private updateStatusBarItem(isStart?: boolean) {
+		if (isStart && !this._statusBarItem) {
+			this._statusBarItem = vscode.window.createStatusBarItem(vscode.StatusBarAlignment.Left);
+			this._statusBarItem.text = localize('signingIn', "$(mark-github) Signing in to github.com...");
+			this._statusBarItem.command = 'github.provide-token';
+			this._statusBarItem.show();
+		}
+
+		if (!isStart && this._statusBarItem) {
+			this._statusBarItem.dispose();
+			this._statusBarItem = undefined;
+		}
+	}
+
+	public async manuallyProvideToken() {
+		const uriOrToken = await vscode.window.showInputBox({ prompt: 'Token', ignoreFocusOut: true });
+		if (!uriOrToken) { return; }
+		try {
+			const uri = vscode.Uri.parse(uriOrToken);
+			if (!uri.scheme || uri.scheme === 'file') { throw new Error; }
+			uriHandler.handleUri(uri);
+		} catch (e) {
+			Logger.error(e);
+			vscode.window.showErrorMessage(localize('unexpectedInput', "The input did not matched the expected format"));
+		}
 	}

 	public async hasUserInstallation(token: string): Promise<boolean> {
@@ -120,7 +172,7 @@ export class GitHubServer {
 		const uri = vscode.Uri.parse(`https://github.com/apps/microsoft-visual-studio-code/installations/new?state=${state}`);

 		vscode.env.openExternal(uri);
-		return promiseFromEvent(uriHandler.event, exchangeCodeForToken(state, clientDetails));
+		return promiseFromEvent(uriHandler.event, exchangeCodeForToken(state, 'github.com', (code) => `/login/oauth/access_token?client_id=${clientDetails.id}&client_secret=${clientDetails.secret}&state=${state}&code=${code}`));
 	}

 	public async getUserInfo(token: string): Promise<{ id: string, accountName: string }> {
@@ -145,7 +197,7 @@ export class GitHubServer {
 						Logger.info('Got account info!');
 						resolve({ id: json.id, accountName: json.login });
 					} else {
-						Logger.error('Getting account info failed');
+						Logger.error(`Getting account info failed: ${result.statusMessage}`);
 						reject(new Error(result.statusMessage));
 					}
 				});
@@ -153,7 +205,52 @@ export class GitHubServer {

 			post.end();
 			post.on('error', err => {
-				reject(err);
+				Logger.error(err.message);
+				reject(new Error(NETWORK_ERROR));
+			});
+		});
+	}
+
+	public async validateToken(token: string): Promise<void> {
+		return new Promise(async (resolve, reject) => {
+			const callbackUri = await vscode.env.asExternalUri(vscode.Uri.parse(`${vscode.env.uriScheme}://vscode.github-authentication/did-authenticate`));
+			const clientDetails = ClientRegistrar.getClientDetails(callbackUri);
+			const detailsString = `${clientDetails.id}:${clientDetails.secret}`;
+
+			const payload = JSON.stringify({ access_token: token });
+
+			Logger.info('Validating token...');
+			const post = https.request({
+				host: 'api.github.com',
+				path: `/applications/${clientDetails.id}/token`,
+				method: 'POST',
+				headers: {
+					Authorization: `Basic ${Buffer.from(detailsString).toString('base64')}`,
+					'User-Agent': 'Visual-Studio-Code',
+					'Content-Type': 'application/json',
+					'Content-Length': Buffer.byteLength(payload)
+				}
+			}, result => {
+				const buffer: Buffer[] = [];
+				result.on('data', (chunk: Buffer) => {
+					buffer.push(chunk);
+				});
+				result.on('end', () => {
+					if (result.statusCode === 200) {
+						Logger.info('Validated token!');
+						resolve();
+					} else {
+						Logger.info(`Validating token failed: ${result.statusMessage}`);
+						reject(new Error(result.statusMessage));
+					}
+				});
+			});
+
+			post.write(payload);
+			post.end();
+			post.on('error', err => {
+				Logger.error(err.message);
+				reject(new Error(NETWORK_ERROR));
 			});
 		});
 	}