2021-09-06 09:22:30 -04:00
diff --git a/extensions/github-authentication/src/githubServer.ts b/extensions/github-authentication/src/githubServer.ts
2022-02-03 15:46:31 -05:00
index 3002e937c81..9674d8d2089 100644
2021-09-06 09:22:30 -04:00
--- a/extensions/github-authentication/src/githubServer.ts
+++ b/extensions/github-authentication/src/githubServer.ts
2022-02-03 15:46:31 -05:00
@@ -3,41 +3,13 @@
* Licensed under the MIT License. See License.txt in the project root for license information.
*--------------------------------------------------------------------------------------------*/
-import * as nls from 'vscode-nls';
2021-09-06 09:22:30 -04:00
import * as vscode from 'vscode';
import fetch, { Response } from 'node-fetch';
-import { v4 as uuid } from 'uuid';
-import { PromiseAdapter, promiseFromEvent } from './common/utils';
import { ExperimentationTelemetry } from './experimentationService';
import { AuthProviderType } from './github';
import { Log } from './common/logger';
2022-02-03 15:46:31 -05:00
-import { isSupportedEnvironment } from './common/env';
-
-const localize = nls.loadMessageBundle();
-const CLIENT_ID = '01ab8ac9400c4e429b23';
2021-09-06 09:22:30 -04:00
const NETWORK_ERROR = 'network error';
-const AUTH_RELAY_SERVER = 'vscode-auth.github.com';
-// const AUTH_RELAY_STAGING_SERVER = 'client-auth-staging-14a768b.herokuapp.com';
2022-02-03 15:46:31 -05:00
-
-class UriEventHandler extends vscode.EventEmitter<vscode.Uri> implements vscode.UriHandler {
- constructor(private readonly Logger: Log) {
- super();
- }
-
- public handleUri(uri: vscode.Uri) {
- this.Logger.trace('Handling Uri...');
- this.fire(uri);
- }
-}
-
2021-09-06 09:22:30 -04:00
-function parseQuery(uri: vscode.Uri) {
- return uri.query.split('&').reduce((prev: any, current) => {
- const queryString = current.split('=');
- prev[queryString[0]] = queryString[1];
- return prev;
- }, {});
-}
2022-02-03 15:46:31 -05:00
2021-09-06 09:22:30 -04:00
export interface IGitHubServer extends vscode.Disposable {
login(scopes: string): Promise<string>;
2022-02-03 15:46:31 -05:00
@@ -47,13 +19,6 @@ export interface IGitHubServer extends vscode.Disposable {
type: AuthProviderType;
}
-interface IGitHubDeviceCodeResponse {
- device_code: string;
- user_code: string;
- verification_uri: string;
- interval: number;
-}
-
async function getScopes(token: string, serverUri: vscode.Uri, logger: Log): Promise<string[]> {
try {
logger.info('Getting token scopes...');
@@ -115,315 +80,49 @@ async function getUserInfo(token: string, serverUri: vscode.Uri, logger: Log): P
2021-09-06 09:22:30 -04:00
export class GitHubServer implements IGitHubServer {
friendlyName = 'GitHub';
type = AuthProviderType.github;
- private _statusBarItem: vscode.StatusBarItem | undefined;
- private _onDidManuallyProvideToken = new vscode.EventEmitter<string | undefined>();
2022-02-03 15:46:31 -05:00
-
2021-09-06 09:22:30 -04:00
- private _pendingStates = new Map<string, string[]>();
- private _codeExchangePromises = new Map<string, { promise: Promise<string>, cancel: vscode.EventEmitter<void> }>();
2022-02-03 15:46:31 -05:00
- private _statusBarCommandId = `${this.type}.provide-manually`;
- private _disposable: vscode.Disposable;
- private _uriHandler = new UriEventHandler(this._logger);
constructor(private readonly _supportDeviceCodeFlow: boolean, private readonly _logger: Log, private readonly _telemetryReporter: ExperimentationTelemetry) {
- this._disposable = vscode.Disposable.from(
- vscode.commands.registerCommand(this._statusBarCommandId, () => this.manuallyProvideUri()),
- vscode.window.registerUriHandler(this._uriHandler));
+ this._supportDeviceCodeFlow;
2021-09-06 09:22:30 -04:00
}
2022-02-03 15:46:31 -05:00
dispose() {
- this._disposable.dispose();
2021-09-06 09:22:30 -04:00
- }
-
- // TODO@joaomoreno TODO@TylerLeonhardt
- private async isNoCorsEnvironment(): Promise<boolean> {
- const uri = await vscode.env.asExternalUri(vscode.Uri.parse(`${vscode.env.uriScheme}://vscode.github-authentication/dummy`));
2021-11-05 21:52:55 -04:00
- return (uri.scheme === 'https' && /^((insiders\.)?vscode|github)\./.test(uri.authority)) || (uri.scheme === 'http' && /^localhost/.test(uri.authority));
2022-02-03 15:46:31 -05:00
}
2021-09-06 09:22:30 -04:00
public async login(scopes: string): Promise<string> {
this._logger.info(`Logging in for the following scopes: ${scopes}`);
2021-11-05 21:52:55 -04:00
- const callbackUri = await vscode.env.asExternalUri(vscode.Uri.parse(`${vscode.env.uriScheme}://vscode.github-authentication/did-authenticate`));
2021-09-06 09:22:30 -04:00
-
2022-02-03 15:46:31 -05:00
- if (!isSupportedEnvironment(callbackUri)) {
- const token = this._supportDeviceCodeFlow
- ? await this.doDeviceCodeFlow(scopes)
- : await vscode.window.showInputBox({ prompt: 'GitHub Personal Access Token', ignoreFocusOut: true });
-
- if (!token) { throw new Error('No token provided'); }
2021-09-06 09:22:30 -04:00
-
- const tokenScopes = await getScopes(token, this.getServerUri('/'), this._logger); // Example: ['repo', 'user']
- const scopesList = scopes.split(' '); // Example: 'read:user repo user:email'
- if (!scopesList.every(scope => {
- const included = tokenScopes.includes(scope);
- if (included || !scope.includes(':')) {
- return included;
- }
2022-02-03 15:46:31 -05:00
-
2021-09-06 09:22:30 -04:00
- return scope.split(':').some(splitScopes => {
- return tokenScopes.includes(splitScopes);
- });
- })) {
2021-11-05 21:52:55 -04:00
- throw new Error(`The provided token does not match the requested scopes: ${scopes}`);
2022-02-03 15:46:31 -05:00
- }
-
2021-09-06 09:22:30 -04:00
- return token;
- }
-
- this.updateStatusBarItem(true);
-
- const state = uuid();
- const existingStates = this._pendingStates.get(scopes) || [];
- this._pendingStates.set(scopes, [...existingStates, state]);
-
2021-11-05 21:52:55 -04:00
- const uri = vscode.Uri.parse(`https://${AUTH_RELAY_SERVER}/authorize/?callbackUri=${encodeURIComponent(callbackUri.toString())}&scope=${scopes}&state=${state}&responseType=code&authServer=https://github.com`);
2021-09-06 09:22:30 -04:00
- await vscode.env.openExternal(uri);
-
- // Register a single listener for the URI callback, in case the user starts the login process multiple times
- // before completing it.
- let codeExchangePromise = this._codeExchangePromises.get(scopes);
- if (!codeExchangePromise) {
- codeExchangePromise = promiseFromEvent(this._uriHandler.event, this.exchangeCodeForToken(scopes));
- this._codeExchangePromises.set(scopes, codeExchangePromise);
2022-02-03 15:46:31 -05:00
- }
-
2021-09-06 09:22:30 -04:00
- return Promise.race([
- codeExchangePromise.promise,
- promiseFromEvent<string | undefined, string>(this._onDidManuallyProvideToken.event, (token: string | undefined, resolve, reject): void => {
- if (!token) {
- reject('Cancelled');
- } else {
- resolve(token);
- }
- }).promise,
- new Promise<string>((_, reject) => setTimeout(() => reject('Cancelled'), 60000))
- ]).finally(() => {
- this._pendingStates.delete(scopes);
- codeExchangePromise?.cancel.fire();
- this._codeExchangePromises.delete(scopes);
- this.updateStatusBarItem(false);
- });
2022-02-03 15:46:31 -05:00
- }
-
- private async doDeviceCodeFlow(scopes: string): Promise<string> {
- // Get initial device code
- const uri = `https://github.com/login/device/code?client_id=${CLIENT_ID}&scope=${scopes}`;
- const result = await fetch(uri, {
- method: 'POST',
- headers: {
- Accept: 'application/json'
- }
- });
- if (!result.ok) {
- throw new Error(`Failed to get one-time code: ${await result.text()}`);
- }
-
- const json = await result.json() as IGitHubDeviceCodeResponse;
-
-
- const modalResult = await vscode.window.showInformationMessage(
- localize('code.title', "Your Code: {0}", json.user_code),
- {
- modal: true,
- detail: localize('code.detail', "To finish authenticating, navigate to GitHub and paste in the above one-time code.")
- }, 'Copy & Continue to GitHub');
-
- if (modalResult !== 'Copy & Continue to GitHub') {
- throw new Error('Cancelled');
- }
-
- await vscode.env.clipboard.writeText(json.user_code);
-
- const uriToOpen = await vscode.env.asExternalUri(vscode.Uri.parse(json.verification_uri));
- await vscode.env.openExternal(uriToOpen);
-
- return await vscode.window.withProgress<string>({
- location: vscode.ProgressLocation.Notification,
- cancellable: true,
- title: localize(
- 'progress',
- "Open [{0}]({0}) in a new tab and paste your one-time code: {1}",
- json.verification_uri,
- json.user_code)
- }, async (_, token) => {
- return await this.waitForDeviceCodeAccessToken(json, token);
- });
- }
-
- private async waitForDeviceCodeAccessToken(
- json: IGitHubDeviceCodeResponse,
- token: vscode.CancellationToken
- ): Promise<string> {
-
- const refreshTokenUri = `https://github.com/login/oauth/access_token?client_id=${CLIENT_ID}&device_code=${json.device_code}&grant_type=urn:ietf:params:oauth:grant-type:device_code`;
-
- // Try for 2 minutes
- const attempts = 120 / json.interval;
- for (let i = 0; i < attempts; i++) {
- await new Promise(resolve => setTimeout(resolve, json.interval * 1000));
- if (token.isCancellationRequested) {
- throw new Error('Cancelled');
- }
- let accessTokenResult;
- try {
- accessTokenResult = await fetch(refreshTokenUri, {
- method: 'POST',
- headers: {
- Accept: 'application/json'
- }
- });
- } catch {
- continue;
- }
-
- if (!accessTokenResult.ok) {
- continue;
- }
+ const token = await vscode.window.showInputBox({ prompt: 'GitHub Personal Access Token', ignoreFocusOut: true });
- const accessTokenJson = await accessTokenResult.json();
+ if (!token) { throw new Error('No token provided'); }
- if (accessTokenJson.error === 'authorization_pending') {
- continue;
- }
-
- if (accessTokenJson.error) {
- throw new Error(accessTokenJson.error_description);
+ const tokenScopes = await getScopes(token, this.getServerUri('/'), this._logger); // Example: ['repo', 'user']
+ const scopesList = scopes.split(' '); // Example: 'read:user repo user:email'
+ if (!scopesList.every(scope => {
+ const included = tokenScopes.includes(scope);
+ if (included || !scope.includes(':')) {
+ return included;
}
- return accessTokenJson.access_token;
+ return scope.split(':').some(splitScopes => {
+ return tokenScopes.includes(splitScopes);
+ });
+ })) {
+ throw new Error(`The provided token does not match the requested scopes: ${scopes}`);
}
- throw new Error('Cancelled');
2021-09-06 09:22:30 -04:00
+ return token;
}
- private exchangeCodeForToken: (scopes: string) => PromiseAdapter<vscode.Uri, string> =
- (scopes) => async (uri, resolve, reject) => {
- const query = parseQuery(uri);
- const code = query.code;
-
- const acceptedStates = this._pendingStates.get(scopes) || [];
- if (!acceptedStates.includes(query.state)) {
- // A common scenario of this happening is if you:
- // 1. Trigger a sign in with one set of scopes
- // 2. Before finishing 1, you trigger a sign in with a different set of scopes
- // In this scenario we should just return and wait for the next UriHandler event
- // to run as we are probably still waiting on the user to hit 'Continue'
- this._logger.info('State not found in accepted state. Skipping this execution...');
- return;
- }
-
- const url = `https://${AUTH_RELAY_SERVER}/token?code=${code}&state=${query.state}`;
- this._logger.info('Exchanging code for token...');
-
2021-11-05 21:52:55 -04:00
- try {
- const result = await fetch(url, {
- method: 'POST',
- headers: {
- Accept: 'application/json'
- }
- });
-
- if (result.ok) {
- const json = await result.json();
2021-09-06 09:22:30 -04:00
- this._logger.info('Token exchange success!');
- resolve(json.access_token);
2021-11-05 21:52:55 -04:00
- } else {
- reject(result.statusText);
2021-09-06 09:22:30 -04:00
- }
2021-11-05 21:52:55 -04:00
- } catch (ex) {
- reject(ex);
2021-09-06 09:22:30 -04:00
- }
- };
-
private getServerUri(path: string = '') {
const apiUri = vscode.Uri.parse('https://api.github.com');
return vscode.Uri.parse(`${apiUri.scheme}://${apiUri.authority}${path}`);
}
- private updateStatusBarItem(isStart?: boolean) {
- if (isStart && !this._statusBarItem) {
- this._statusBarItem = vscode.window.createStatusBarItem('status.git.signIn', vscode.StatusBarAlignment.Left);
- this._statusBarItem.name = localize('status.git.signIn.name', "GitHub Sign-in");
- this._statusBarItem.text = localize('signingIn', "$(mark-github) Signing in to github.com...");
- this._statusBarItem.command = this._statusBarCommandId;
- this._statusBarItem.show();
- }
-
- if (!isStart && this._statusBarItem) {
- this._statusBarItem.dispose();
- this._statusBarItem = undefined;
- }
- }
-
2022-02-03 15:46:31 -05:00
- private async manuallyProvideUri() {
- const uri = await vscode.window.showInputBox({
- prompt: 'Uri',
- ignoreFocusOut: true,
- validateInput(value) {
- if (!value) {
- return undefined;
- }
- const error = localize('validUri', "Please enter a valid Uri from the GitHub login page.");
- try {
- const uri = vscode.Uri.parse(value.trim());
- if (!uri.scheme || uri.scheme === 'file') {
- return error;
- }
- } catch (e) {
- return error;
- }
- return undefined;
- }
- });
- if (!uri) {
- return;
- }
-
- this._uriHandler.handleUri(vscode.Uri.parse(uri.trim()));
- }
-
public getUserInfo(token: string): Promise<{ id: string, accountName: string }> {
2021-09-06 09:22:30 -04:00
return getUserInfo(token, this.getServerUri('/user'), this._logger);
}
- public async sendAdditionalTelemetryInfo(token: string): Promise<void> {
2021-10-08 17:14:50 -04:00
- if (!vscode.env.isTelemetryEnabled) {
- return;
- }
2021-09-06 09:22:30 -04:00
- const nocors = await this.isNoCorsEnvironment();
-
- if (nocors) {
- return;
- }
-
- try {
- const result = await fetch('https://education.github.com/api/user', {
- headers: {
- Authorization: `token ${token}`,
- 'faculty-check-preview': 'true',
- 'User-Agent': 'Visual-Studio-Code'
- }
- });
-
- if (result.ok) {
- const json: { student: boolean, faculty: boolean } = await result.json();
-
- /* __GDPR__
- "session" : {
- "isEdu": { "classification": "NonIdentifiableDemographicInfo", "purpose": "FeatureInsight" }
- }
- */
- this._telemetryReporter.sendTelemetryEvent('session', {
- isEdu: json.student
- ? 'student'
- : json.faculty
- ? 'faculty'
- : 'none'
- });
- }
- } catch (e) {
- // No-op
- }
2022-02-03 15:46:31 -05:00
+ public async sendAdditionalTelemetryInfo(_: string): Promise<void> {
2021-09-06 09:22:30 -04:00
}
public async checkEnterpriseVersion(token: string): Promise<void> {
