diff --git a/extensions/github-authentication/src/githubServer.ts b/extensions/github-authentication/src/githubServer.ts index dc7278f..a1adcf7 100644 --- a/extensions/github-authentication/src/githubServer.ts +++ b/extensions/github-authentication/src/githubServer.ts @@ -6,4 +6,2 @@ import * as vscode from 'vscode'; -import * as path from 'path'; -import { PromiseAdapter, promiseFromEvent } from './common/utils'; import { ExperimentationTelemetry } from './common/experimentationService'; @@ -11,14 +9,7 @@ import { AuthProviderType, UriEventHandler } from './github'; import { Log } from './common/logger'; -import { isSupportedClient, isSupportedTarget } from './common/env'; -import { LoopbackAuthServer } from './node/authServer'; -import { crypto } from './node/crypto'; +import { isSupportedTarget } from './common/env'; import { fetching } from './node/fetch'; -const CLIENT_ID = '01ab8ac9400c4e429b23'; -const GITHUB_TOKEN_URL = 'https://vscode.dev/codeExchangeProxyEndpoints/github/login/oauth/access_token'; const NETWORK_ERROR = 'network error'; -const REDIRECT_URL_STABLE = 'https://vscode.dev/redirect'; -const REDIRECT_URL_INSIDERS = 'https://insiders.vscode.dev/redirect'; - export interface IGitHubServer { @@ -30,9 +21,2 @@ export interface IGitHubServer { -interface IGitHubDeviceCodeResponse { - device_code: string; - user_code: string; - verification_uri: string; - interval: number; -} - async function getScopes(token: string, serverUri: vscode.Uri, logger: Log): Promise { @@ -63,8 +47,4 @@ export class GitHubServer implements IGitHubServer { - private readonly _pendingNonces = new Map(); - private readonly _codeExchangePromises = new Map; cancel: vscode.EventEmitter }>(); private readonly _type: AuthProviderType; - private _redirectEndpoint: string | undefined; - constructor( @@ -72,3 +52,5 @@ export class GitHubServer implements IGitHubServer { private readonly _telemetryReporter: ExperimentationTelemetry, + // @ts-ignore private readonly _uriHandler: UriEventHandler, + // @ts-ignore private readonly _extensionKind: vscode.ExtensionKind, @@ -87,26 +69,2 @@ export class GitHubServer implements IGitHubServer { - private async getRedirectEndpoint(): Promise { - if (this._redirectEndpoint) { - return this._redirectEndpoint; - } - if (this._type === AuthProviderType.github) { - const proxyEndpoints = await vscode.commands.executeCommand<{ [providerId: string]: string } | undefined>('workbench.getCodeExchangeProxyEndpoints'); - // If we are running in insiders vscode.dev, then ensure we use the redirect route on that. - this._redirectEndpoint = REDIRECT_URL_STABLE; - if (proxyEndpoints?.github && new URL(proxyEndpoints.github).hostname === 'insiders.vscode.dev') { - this._redirectEndpoint = REDIRECT_URL_INSIDERS; - } - } else { - // GHE only supports a single redirect endpoint, so we can't use - // insiders.vscode.dev/redirect when we're running in Insiders, unfortunately. - // Additionally, we make the assumption that this function will only be used - // in flows that target supported GHE targets, not on-prem GHES. Because of this - // assumption, we can assume that the GHE version used is at least 3.8 which is - // the version that changed the redirect endpoint to this URI from the old - // GitHub maintained server. - this._redirectEndpoint = 'https://vscode.dev/redirect'; - } - return this._redirectEndpoint; - } - // TODO@joaomoreno TODO@TylerLeonhardt @@ -122,71 +80,8 @@ export class GitHubServer implements IGitHubServer { let userCancelled: boolean | undefined; - const yes = vscode.l10n.t('Yes'); - const no = vscode.l10n.t('No'); - const promptToContinue = async () => { - if (userCancelled === undefined) { - // We haven't had a failure yet so wait to prompt - return; - } - const message = userCancelled - ? vscode.l10n.t('Having trouble logging in? Would you like to try a different way?') - : vscode.l10n.t('You have not yet finished authorizing this extension to use GitHub. Would you like to keep trying?'); - const result = await vscode.window.showWarningMessage(message, yes, no); - if (result !== yes) { - throw new Error('Cancelled'); - } - }; - - const nonce: string = crypto.getRandomValues(new Uint32Array(2)).reduce((prev, curr) => prev += curr.toString(16), ''); - const callbackUri = await vscode.env.asExternalUri(vscode.Uri.parse(`${vscode.env.uriScheme}://vscode.github-authentication/did-authenticate?nonce=${encodeURIComponent(nonce)}`)); - const supportedClient = isSupportedClient(callbackUri); - const supportedTarget = isSupportedTarget(this._type, this._ghesUri); - if (supportedClient && supportedTarget) { - try { - return await this.doLoginWithoutLocalServer(scopes, nonce, callbackUri); - } catch (e) { - this._logger.error(e); - userCancelled = e.message ?? e === 'User Cancelled'; - } - } - - // Starting a local server is only supported if: - // 1. We are in a UI extension because we need to open a port on the machine that has the browser - // 2. We are in a node runtime because we need to open a port on the machine - // 3. code exchange can only be done with a supported target - if ( - this._extensionKind === vscode.ExtensionKind.UI && - typeof navigator === 'undefined' && - supportedTarget - ) { - try { - await promptToContinue(); - return await this.doLoginWithLocalServer(scopes); - } catch (e) { - this._logger.error(e); - userCancelled = e.message ?? e === 'User Cancelled'; - } - } - - // We only can use the Device Code flow when we have a full node environment because of CORS. - if (typeof navigator === 'undefined') { - try { - await promptToContinue(); - return await this.doLoginDeviceCodeFlow(scopes); - } catch (e) { - this._logger.error(e); - userCancelled = e.message ?? e === 'User Cancelled'; - } - } - - // In a supported environment, we can't use PAT auth because we use this auth for Settings Sync and it doesn't support PATs. - // With that said, GitHub Enterprise isn't used by Settings Sync so we can use PATs for that. - if (!supportedClient || this._type === AuthProviderType.githubEnterprise) { - try { - await promptToContinue(); - return await this.doLoginWithPat(scopes); - } catch (e) { - this._logger.error(e); - userCancelled = e.message ?? e === 'User Cancelled'; - } + try { + return await this.doLoginWithPat(scopes); + } catch (e) { + this._logger.error(e); + userCancelled = e.message ?? e === 'User Cancelled'; } @@ -196,136 +91,2 @@ export class GitHubServer implements IGitHubServer { - private async doLoginWithoutLocalServer(scopes: string, nonce: string, callbackUri: vscode.Uri): Promise { - this._logger.info(`Trying without local server... (${scopes})`); - return await vscode.window.withProgress({ - location: vscode.ProgressLocation.Notification, - title: vscode.l10n.t({ - message: 'Signing in to {0}...', - args: [this.baseUri.authority], - comment: ['The {0} will be a url, e.g. github.com'] - }), - cancellable: true - }, async (_, token) => { - const existingNonces = this._pendingNonces.get(scopes) || []; - this._pendingNonces.set(scopes, [...existingNonces, nonce]); - const redirectUri = await this.getRedirectEndpoint(); - const searchParams = new URLSearchParams([ - ['client_id', CLIENT_ID], - ['redirect_uri', redirectUri], - ['scope', scopes], - ['state', encodeURIComponent(callbackUri.toString(true))] - ]); - - const uri = vscode.Uri.parse(this.baseUri.with({ - path: '/login/oauth/authorize', - query: searchParams.toString() - }).toString(true)); - await vscode.env.openExternal(uri); - - // Register a single listener for the URI callback, in case the user starts the login process multiple times - // before completing it. - let codeExchangePromise = this._codeExchangePromises.get(scopes); - if (!codeExchangePromise) { - codeExchangePromise = promiseFromEvent(this._uriHandler!.event, this.handleUri(scopes)); - this._codeExchangePromises.set(scopes, codeExchangePromise); - } - - try { - return await Promise.race([ - codeExchangePromise.promise, - new Promise((_, reject) => setTimeout(() => reject('Timed out'), 300_000)), // 5min timeout - promiseFromEvent(token.onCancellationRequested, (_, __, reject) => { reject('User Cancelled'); }).promise - ]); - } finally { - this._pendingNonces.delete(scopes); - codeExchangePromise?.cancel.fire(); - this._codeExchangePromises.delete(scopes); - } - }); - } - - private async doLoginWithLocalServer(scopes: string): Promise { - this._logger.info(`Trying with local server... (${scopes})`); - return await vscode.window.withProgress({ - location: vscode.ProgressLocation.Notification, - title: vscode.l10n.t({ - message: 'Signing in to {0}...', - args: [this.baseUri.authority], - comment: ['The {0} will be a url, e.g. github.com'] - }), - cancellable: true - }, async (_, token) => { - const redirectUri = await this.getRedirectEndpoint(); - const searchParams = new URLSearchParams([ - ['client_id', CLIENT_ID], - ['redirect_uri', redirectUri], - ['scope', scopes], - ]); - - const loginUrl = this.baseUri.with({ - path: '/login/oauth/authorize', - query: searchParams.toString() - }); - const server = new LoopbackAuthServer(path.join(__dirname, '../media'), loginUrl.toString(true)); - const port = await server.start(); - - let codeToExchange; - try { - vscode.env.openExternal(vscode.Uri.parse(`http://127.0.0.1:${port}/signin?nonce=${encodeURIComponent(server.nonce)}`)); - const { code } = await Promise.race([ - server.waitForOAuthResponse(), - new Promise((_, reject) => setTimeout(() => reject('Timed out'), 300_000)), // 5min timeout - promiseFromEvent(token.onCancellationRequested, (_, __, reject) => { reject('User Cancelled'); }).promise - ]); - codeToExchange = code; - } finally { - setTimeout(() => { - void server.stop(); - }, 5000); - } - - const accessToken = await this.exchangeCodeForToken(codeToExchange); - return accessToken; - }); - } - - private async doLoginDeviceCodeFlow(scopes: string): Promise { - this._logger.info(`Trying device code flow... (${scopes})`); - - // Get initial device code - const uri = this.baseUri.with({ - path: '/login/device/code', - query: `client_id=${CLIENT_ID}&scope=${scopes}` - }); - const result = await fetching(uri.toString(true), { - method: 'POST', - headers: { - Accept: 'application/json' - } - }); - if (!result.ok) { - throw new Error(`Failed to get one-time code: ${await result.text()}`); - } - - const json = await result.json() as IGitHubDeviceCodeResponse; - - const button = vscode.l10n.t('Copy & Continue to GitHub'); - const modalResult = await vscode.window.showInformationMessage( - vscode.l10n.t({ message: 'Your Code: {0}', args: [json.user_code], comment: ['The {0} will be a code, e.g. 123-456'] }), - { - modal: true, - detail: vscode.l10n.t('To finish authenticating, navigate to GitHub and paste in the above one-time code.') - }, button); - - if (modalResult !== button) { - throw new Error('User Cancelled'); - } - - await vscode.env.clipboard.writeText(json.user_code); - - const uriToOpen = await vscode.env.asExternalUri(vscode.Uri.parse(json.verification_uri)); - await vscode.env.openExternal(uriToOpen); - - return await this.waitForDeviceCodeAccessToken(json); - } - private async doLoginWithPat(scopes: string): Promise { @@ -369,123 +130,2 @@ export class GitHubServer implements IGitHubServer { - private async waitForDeviceCodeAccessToken( - json: IGitHubDeviceCodeResponse, - ): Promise { - return await vscode.window.withProgress({ - location: vscode.ProgressLocation.Notification, - cancellable: true, - title: vscode.l10n.t({ - message: 'Open [{0}]({0}) in a new tab and paste your one-time code: {1}', - args: [json.verification_uri, json.user_code], - comment: [ - 'The [{0}]({0}) will be a url and the {1} will be a code, e.g. 123-456', - '{Locked="[{0}]({0})"}' - ] - }) - }, async (_, token) => { - const refreshTokenUri = this.baseUri.with({ - path: '/login/oauth/access_token', - query: `client_id=${CLIENT_ID}&device_code=${json.device_code}&grant_type=urn:ietf:params:oauth:grant-type:device_code` - }); - - // Try for 2 minutes - const attempts = 120 / json.interval; - for (let i = 0; i < attempts; i++) { - await new Promise(resolve => setTimeout(resolve, json.interval * 1000)); - if (token.isCancellationRequested) { - throw new Error('User Cancelled'); - } - let accessTokenResult; - try { - accessTokenResult = await fetching(refreshTokenUri.toString(true), { - method: 'POST', - headers: { - Accept: 'application/json' - } - }); - } catch { - continue; - } - - if (!accessTokenResult.ok) { - continue; - } - - const accessTokenJson = await accessTokenResult.json(); - - if (accessTokenJson.error === 'authorization_pending') { - continue; - } - - if (accessTokenJson.error) { - throw new Error(accessTokenJson.error_description); - } - - return accessTokenJson.access_token; - } - - throw new Error('Cancelled'); - }); - } - - private handleUri: (scopes: string) => PromiseAdapter = - (scopes) => (uri, resolve, reject) => { - const query = new URLSearchParams(uri.query); - const code = query.get('code'); - const nonce = query.get('nonce'); - if (!code) { - reject(new Error('No code')); - return; - } - if (!nonce) { - reject(new Error('No nonce')); - return; - } - - const acceptedNonces = this._pendingNonces.get(scopes) || []; - if (!acceptedNonces.includes(nonce)) { - // A common scenario of this happening is if you: - // 1. Trigger a sign in with one set of scopes - // 2. Before finishing 1, you trigger a sign in with a different set of scopes - // In this scenario we should just return and wait for the next UriHandler event - // to run as we are probably still waiting on the user to hit 'Continue' - this._logger.info('Nonce not found in accepted nonces. Skipping this execution...'); - return; - } - - resolve(this.exchangeCodeForToken(code)); - }; - - private async exchangeCodeForToken(code: string): Promise { - this._logger.info('Exchanging code for token...'); - - const proxyEndpoints: { [providerId: string]: string } | undefined = await vscode.commands.executeCommand('workbench.getCodeExchangeProxyEndpoints'); - const endpointUrl = proxyEndpoints?.github ? `${proxyEndpoints.github}login/oauth/access_token` : GITHUB_TOKEN_URL; - - const body = new URLSearchParams([['code', code]]); - if (this._type === AuthProviderType.githubEnterprise) { - body.append('github_enterprise', this.baseUri.toString(true)); - body.append('redirect_uri', await this.getRedirectEndpoint()); - } - const result = await fetching(endpointUrl, { - method: 'POST', - headers: { - Accept: 'application/json', - 'Content-Type': 'application/x-www-form-urlencoded', - 'Content-Length': body.toString() - - }, - body: body.toString() - }); - - if (result.ok) { - const json = await result.json(); - this._logger.info('Token exchange success!'); - return json.access_token; - } else { - const text = await result.text(); - const error = new Error(text); - error.name = 'GitHubTokenExchangeError'; - throw error; - } - } diff --git a/src/vs/workbench/browser/parts/activitybar/activitybarActions.ts b/src/vs/workbench/browser/parts/activitybar/activitybarActions.ts index 8c7e84a..2dd5cab 100644 --- a/src/vs/workbench/browser/parts/activitybar/activitybarActions.ts +++ b/src/vs/workbench/browser/parts/activitybar/activitybarActions.ts @@ -309,3 +309,3 @@ export class AccountsActivityActionViewItem extends MenuActivityActionViewItem { - if (providers.length && !menus.length) { + if (!menus.length) { const noAccountsAvailableAction = disposables.add(new Action('noAccountsAvailable', localize('noAccounts', "You are not signed in to any accounts"), undefined, false)); diff --git a/src/vs/workbench/services/authentication/browser/authenticationService.ts b/src/vs/workbench/services/authentication/browser/authenticationService.ts index 68fcc20..93484ee 100644 --- a/src/vs/workbench/services/authentication/browser/authenticationService.ts +++ b/src/vs/workbench/services/authentication/browser/authenticationService.ts @@ -274,12 +274,2 @@ export class AuthenticationService extends Disposable implements IAuthentication } - - if (!this._authenticationProviders.size) { - placeholderMenuItem = MenuRegistry.appendMenuItem(MenuId.AccountsContext, { - command: { - id: 'noAuthenticationProviders', - title: nls.localize('loading', "Loading..."), - precondition: ContextKeyExpr.false() - }, - }); - } }