diff --git a/extensions/github-authentication/src/githubServer.ts b/extensions/github-authentication/src/githubServer.ts index 3002e937c81..9674d8d2089 100644 --- a/extensions/github-authentication/src/githubServer.ts +++ b/extensions/github-authentication/src/githubServer.ts @@ -3,41 +3,13 @@ * Licensed under the MIT License. See License.txt in the project root for license information. *--------------------------------------------------------------------------------------------*/ -import * as nls from 'vscode-nls'; import * as vscode from 'vscode'; import fetch, { Response } from 'node-fetch'; -import { v4 as uuid } from 'uuid'; -import { PromiseAdapter, promiseFromEvent } from './common/utils'; import { ExperimentationTelemetry } from './experimentationService'; import { AuthProviderType } from './github'; import { Log } from './common/logger'; -import { isSupportedEnvironment } from './common/env'; - -const localize = nls.loadMessageBundle(); -const CLIENT_ID = '01ab8ac9400c4e429b23'; const NETWORK_ERROR = 'network error'; -const AUTH_RELAY_SERVER = 'vscode-auth.github.com'; -// const AUTH_RELAY_STAGING_SERVER = 'client-auth-staging-14a768b.herokuapp.com'; - -class UriEventHandler extends vscode.EventEmitter implements vscode.UriHandler { - constructor(private readonly Logger: Log) { - super(); - } - - public handleUri(uri: vscode.Uri) { - this.Logger.trace('Handling Uri...'); - this.fire(uri); - } -} - -function parseQuery(uri: vscode.Uri) { - return uri.query.split('&').reduce((prev: any, current) => { - const queryString = current.split('='); - prev[queryString[0]] = queryString[1]; - return prev; - }, {}); -} export interface IGitHubServer extends vscode.Disposable { login(scopes: string): Promise; @@ -47,13 +19,6 @@ export interface IGitHubServer extends vscode.Disposable { type: AuthProviderType; } -interface IGitHubDeviceCodeResponse { - device_code: string; - user_code: string; - verification_uri: string; - interval: number; -} - async function getScopes(token: string, serverUri: vscode.Uri, logger: Log): Promise { try { logger.info('Getting token scopes...'); @@ -115,315 +80,49 @@ async function getUserInfo(token: string, serverUri: vscode.Uri, logger: Log): P export class GitHubServer implements IGitHubServer { friendlyName = 'GitHub'; type = AuthProviderType.github; - private _statusBarItem: vscode.StatusBarItem | undefined; - private _onDidManuallyProvideToken = new vscode.EventEmitter(); - - private _pendingStates = new Map(); - private _codeExchangePromises = new Map, cancel: vscode.EventEmitter }>(); - private _statusBarCommandId = `${this.type}.provide-manually`; - private _disposable: vscode.Disposable; - private _uriHandler = new UriEventHandler(this._logger); constructor(private readonly _supportDeviceCodeFlow: boolean, private readonly _logger: Log, private readonly _telemetryReporter: ExperimentationTelemetry) { - this._disposable = vscode.Disposable.from( - vscode.commands.registerCommand(this._statusBarCommandId, () => this.manuallyProvideUri()), - vscode.window.registerUriHandler(this._uriHandler)); + this._supportDeviceCodeFlow; } dispose() { - this._disposable.dispose(); - } - - // TODO@joaomoreno TODO@TylerLeonhardt - private async isNoCorsEnvironment(): Promise { - const uri = await vscode.env.asExternalUri(vscode.Uri.parse(`${vscode.env.uriScheme}://vscode.github-authentication/dummy`)); - return (uri.scheme === 'https' && /^((insiders\.)?vscode|github)\./.test(uri.authority)) || (uri.scheme === 'http' && /^localhost/.test(uri.authority)); } public async login(scopes: string): Promise { this._logger.info(`Logging in for the following scopes: ${scopes}`); - const callbackUri = await vscode.env.asExternalUri(vscode.Uri.parse(`${vscode.env.uriScheme}://vscode.github-authentication/did-authenticate`)); - - if (!isSupportedEnvironment(callbackUri)) { - const token = this._supportDeviceCodeFlow - ? await this.doDeviceCodeFlow(scopes) - : await vscode.window.showInputBox({ prompt: 'GitHub Personal Access Token', ignoreFocusOut: true }); - - if (!token) { throw new Error('No token provided'); } - - const tokenScopes = await getScopes(token, this.getServerUri('/'), this._logger); // Example: ['repo', 'user'] - const scopesList = scopes.split(' '); // Example: 'read:user repo user:email' - if (!scopesList.every(scope => { - const included = tokenScopes.includes(scope); - if (included || !scope.includes(':')) { - return included; - } - - return scope.split(':').some(splitScopes => { - return tokenScopes.includes(splitScopes); - }); - })) { - throw new Error(`The provided token does not match the requested scopes: ${scopes}`); - } - - return token; - } - - this.updateStatusBarItem(true); - - const state = uuid(); - const existingStates = this._pendingStates.get(scopes) || []; - this._pendingStates.set(scopes, [...existingStates, state]); - - const uri = vscode.Uri.parse(`https://${AUTH_RELAY_SERVER}/authorize/?callbackUri=${encodeURIComponent(callbackUri.toString())}&scope=${scopes}&state=${state}&responseType=code&authServer=https://github.com`); - await vscode.env.openExternal(uri); - - // Register a single listener for the URI callback, in case the user starts the login process multiple times - // before completing it. - let codeExchangePromise = this._codeExchangePromises.get(scopes); - if (!codeExchangePromise) { - codeExchangePromise = promiseFromEvent(this._uriHandler.event, this.exchangeCodeForToken(scopes)); - this._codeExchangePromises.set(scopes, codeExchangePromise); - } - - return Promise.race([ - codeExchangePromise.promise, - promiseFromEvent(this._onDidManuallyProvideToken.event, (token: string | undefined, resolve, reject): void => { - if (!token) { - reject('Cancelled'); - } else { - resolve(token); - } - }).promise, - new Promise((_, reject) => setTimeout(() => reject('Cancelled'), 60000)) - ]).finally(() => { - this._pendingStates.delete(scopes); - codeExchangePromise?.cancel.fire(); - this._codeExchangePromises.delete(scopes); - this.updateStatusBarItem(false); - }); - } - - private async doDeviceCodeFlow(scopes: string): Promise { - // Get initial device code - const uri = `https://github.com/login/device/code?client_id=${CLIENT_ID}&scope=${scopes}`; - const result = await fetch(uri, { - method: 'POST', - headers: { - Accept: 'application/json' - } - }); - if (!result.ok) { - throw new Error(`Failed to get one-time code: ${await result.text()}`); - } - - const json = await result.json() as IGitHubDeviceCodeResponse; - - - const modalResult = await vscode.window.showInformationMessage( - localize('code.title', "Your Code: {0}", json.user_code), - { - modal: true, - detail: localize('code.detail', "To finish authenticating, navigate to GitHub and paste in the above one-time code.") - }, 'Copy & Continue to GitHub'); - - if (modalResult !== 'Copy & Continue to GitHub') { - throw new Error('Cancelled'); - } - - await vscode.env.clipboard.writeText(json.user_code); - - const uriToOpen = await vscode.env.asExternalUri(vscode.Uri.parse(json.verification_uri)); - await vscode.env.openExternal(uriToOpen); - - return await vscode.window.withProgress({ - location: vscode.ProgressLocation.Notification, - cancellable: true, - title: localize( - 'progress', - "Open [{0}]({0}) in a new tab and paste your one-time code: {1}", - json.verification_uri, - json.user_code) - }, async (_, token) => { - return await this.waitForDeviceCodeAccessToken(json, token); - }); - } - - private async waitForDeviceCodeAccessToken( - json: IGitHubDeviceCodeResponse, - token: vscode.CancellationToken - ): Promise { - - const refreshTokenUri = `https://github.com/login/oauth/access_token?client_id=${CLIENT_ID}&device_code=${json.device_code}&grant_type=urn:ietf:params:oauth:grant-type:device_code`; - - // Try for 2 minutes - const attempts = 120 / json.interval; - for (let i = 0; i < attempts; i++) { - await new Promise(resolve => setTimeout(resolve, json.interval * 1000)); - if (token.isCancellationRequested) { - throw new Error('Cancelled'); - } - let accessTokenResult; - try { - accessTokenResult = await fetch(refreshTokenUri, { - method: 'POST', - headers: { - Accept: 'application/json' - } - }); - } catch { - continue; - } - - if (!accessTokenResult.ok) { - continue; - } + const token = await vscode.window.showInputBox({ prompt: 'GitHub Personal Access Token', ignoreFocusOut: true }); - const accessTokenJson = await accessTokenResult.json(); + if (!token) { throw new Error('No token provided'); } - if (accessTokenJson.error === 'authorization_pending') { - continue; - } - - if (accessTokenJson.error) { - throw new Error(accessTokenJson.error_description); + const tokenScopes = await getScopes(token, this.getServerUri('/'), this._logger); // Example: ['repo', 'user'] + const scopesList = scopes.split(' '); // Example: 'read:user repo user:email' + if (!scopesList.every(scope => { + const included = tokenScopes.includes(scope); + if (included || !scope.includes(':')) { + return included; } - return accessTokenJson.access_token; + return scope.split(':').some(splitScopes => { + return tokenScopes.includes(splitScopes); + }); + })) { + throw new Error(`The provided token does not match the requested scopes: ${scopes}`); } - throw new Error('Cancelled'); + return token; } - private exchangeCodeForToken: (scopes: string) => PromiseAdapter = - (scopes) => async (uri, resolve, reject) => { - const query = parseQuery(uri); - const code = query.code; - - const acceptedStates = this._pendingStates.get(scopes) || []; - if (!acceptedStates.includes(query.state)) { - // A common scenario of this happening is if you: - // 1. Trigger a sign in with one set of scopes - // 2. Before finishing 1, you trigger a sign in with a different set of scopes - // In this scenario we should just return and wait for the next UriHandler event - // to run as we are probably still waiting on the user to hit 'Continue' - this._logger.info('State not found in accepted state. Skipping this execution...'); - return; - } - - const url = `https://${AUTH_RELAY_SERVER}/token?code=${code}&state=${query.state}`; - this._logger.info('Exchanging code for token...'); - - try { - const result = await fetch(url, { - method: 'POST', - headers: { - Accept: 'application/json' - } - }); - - if (result.ok) { - const json = await result.json(); - this._logger.info('Token exchange success!'); - resolve(json.access_token); - } else { - reject(result.statusText); - } - } catch (ex) { - reject(ex); - } - }; - private getServerUri(path: string = '') { const apiUri = vscode.Uri.parse('https://api.github.com'); return vscode.Uri.parse(`${apiUri.scheme}://${apiUri.authority}${path}`); } - private updateStatusBarItem(isStart?: boolean) { - if (isStart && !this._statusBarItem) { - this._statusBarItem = vscode.window.createStatusBarItem('status.git.signIn', vscode.StatusBarAlignment.Left); - this._statusBarItem.name = localize('status.git.signIn.name', "GitHub Sign-in"); - this._statusBarItem.text = localize('signingIn', "$(mark-github) Signing in to github.com..."); - this._statusBarItem.command = this._statusBarCommandId; - this._statusBarItem.show(); - } - - if (!isStart && this._statusBarItem) { - this._statusBarItem.dispose(); - this._statusBarItem = undefined; - } - } - - private async manuallyProvideUri() { - const uri = await vscode.window.showInputBox({ - prompt: 'Uri', - ignoreFocusOut: true, - validateInput(value) { - if (!value) { - return undefined; - } - const error = localize('validUri', "Please enter a valid Uri from the GitHub login page."); - try { - const uri = vscode.Uri.parse(value.trim()); - if (!uri.scheme || uri.scheme === 'file') { - return error; - } - } catch (e) { - return error; - } - return undefined; - } - }); - if (!uri) { - return; - } - - this._uriHandler.handleUri(vscode.Uri.parse(uri.trim())); - } - public getUserInfo(token: string): Promise<{ id: string, accountName: string }> { return getUserInfo(token, this.getServerUri('/user'), this._logger); } - public async sendAdditionalTelemetryInfo(token: string): Promise { - if (!vscode.env.isTelemetryEnabled) { - return; - } - const nocors = await this.isNoCorsEnvironment(); - - if (nocors) { - return; - } - - try { - const result = await fetch('https://education.github.com/api/user', { - headers: { - Authorization: `token ${token}`, - 'faculty-check-preview': 'true', - 'User-Agent': 'Visual-Studio-Code' - } - }); - - if (result.ok) { - const json: { student: boolean, faculty: boolean } = await result.json(); - - /* __GDPR__ - "session" : { - "isEdu": { "classification": "NonIdentifiableDemographicInfo", "purpose": "FeatureInsight" } - } - */ - this._telemetryReporter.sendTelemetryEvent('session', { - isEdu: json.student - ? 'student' - : json.faculty - ? 'faculty' - : 'none' - }); - } - } catch (e) { - // No-op - } + public async sendAdditionalTelemetryInfo(_: string): Promise { } public async checkEnterpriseVersion(token: string): Promise {