diff --git a/extensions/github-authentication/src/githubServer.ts b/extensions/github-authentication/src/githubServer.ts index 49a523b..d68588e 100644 --- a/extensions/github-authentication/src/githubServer.ts +++ b/extensions/github-authentication/src/githubServer.ts @@ -6,23 +6,14 @@ import * as nls from 'vscode-nls'; import * as vscode from 'vscode'; import fetch, { Response } from 'node-fetch'; -import { v4 as uuid } from 'uuid'; -import { PromiseAdapter, promiseFromEvent } from './common/utils'; import { ExperimentationTelemetry } from './experimentationService'; import { AuthProviderType } from './github'; import { Log } from './common/logger'; -import { isSupportedEnvironment } from './common/env'; const localize = nls.loadMessageBundle(); const CLIENT_ID = '01ab8ac9400c4e429b23'; -const GITHUB_AUTHORIZE_URL = 'https://github.com/login/oauth/authorize'; -// TODO: change to stable when that happens -const GITHUB_TOKEN_URL = 'https://vscode.dev/codeExchangeProxyEndpoints/github/login/oauth/access_token'; const NETWORK_ERROR = 'network error'; -const REDIRECT_URL_STABLE = 'https://vscode.dev/redirect'; -const REDIRECT_URL_INSIDERS = 'https://insiders.vscode.dev/redirect'; - class UriEventHandler extends vscode.EventEmitter implements vscode.UriHandler { constructor(private readonly Logger: Log) { super(); @@ -110,10 +101,7 @@ async function getUserInfo(token: string, serverUri: vscode.Uri, logger: Log): P export class GitHubServer implements IGitHubServer { friendlyName = 'GitHub'; type = AuthProviderType.github; - private _onDidManuallyProvideToken = new vscode.EventEmitter(); - private _pendingNonces = new Map(); - private _codeExchangePromises = new Map; cancel: vscode.EventEmitter }>(); private _disposable: vscode.Disposable; private _uriHandler = new UriEventHandler(this._logger); @@ -125,87 +113,31 @@ export class GitHubServer implements IGitHubServer { this._disposable.dispose(); } - // TODO@joaomoreno TODO@TylerLeonhardt - private async isNoCorsEnvironment(): Promise { - const uri = await vscode.env.asExternalUri(vscode.Uri.parse(`${vscode.env.uriScheme}://vscode.github-authentication/dummy`)); - return (uri.scheme === 'https' && /^((insiders\.)?vscode|github)\./.test(uri.authority)) || (uri.scheme === 'http' && /^localhost/.test(uri.authority)); - } - public async login(scopes: string): Promise { this._logger.info(`Logging in for the following scopes: ${scopes}`); - const nonce = uuid(); - const callbackUri = await vscode.env.asExternalUri(vscode.Uri.parse(`${vscode.env.uriScheme}://vscode.github-authentication/did-authenticate?nonce=${encodeURIComponent(nonce)}`)); - - if (!isSupportedEnvironment(callbackUri)) { - const token = this._supportDeviceCodeFlow - ? await this.doDeviceCodeFlow(scopes) - : await vscode.window.showInputBox({ prompt: 'GitHub Personal Access Token', ignoreFocusOut: true }); + const token = this._supportDeviceCodeFlow + ? await this.doDeviceCodeFlow(scopes) + : await vscode.window.showInputBox({ prompt: 'GitHub Personal Access Token', ignoreFocusOut: true }); - if (!token) { throw new Error('No token provided'); } + if (!token) { throw new Error('No token provided'); } - const tokenScopes = await getScopes(token, this.getServerUri('/'), this._logger); // Example: ['repo', 'user'] - const scopesList = scopes.split(' '); // Example: 'read:user repo user:email' - if (!scopesList.every(scope => { - const included = tokenScopes.includes(scope); - if (included || !scope.includes(':')) { - return included; - } - - return scope.split(':').some(splitScopes => { - return tokenScopes.includes(splitScopes); - }); - })) { - throw new Error(`The provided token does not match the requested scopes: ${scopes}`); + const tokenScopes = await getScopes(token, this.getServerUri('/'), this._logger); // Example: ['repo', 'user'] + const scopesList = scopes.split(' '); // Example: 'read:user repo user:email' + if (!scopesList.every(scope => { + const included = tokenScopes.includes(scope); + if (included || !scope.includes(':')) { + return included; } - return token; + return scope.split(':').some(splitScopes => { + return tokenScopes.includes(splitScopes); + }); + })) { + throw new Error(`The provided token does not match the requested scopes: ${scopes}`); } - const existingNonces = this._pendingNonces.get(scopes) || []; - this._pendingNonces.set(scopes, [...existingNonces, nonce]); - - const proxyEndpoints: { [providerId: string]: string } | undefined = await vscode.commands.executeCommand('workbench.getCodeExchangeProxyEndpoints'); - // If we are running in insiders vscode.dev, then ensure we use the redirect route on that. - const redirectUri = proxyEndpoints?.github?.includes('https://insiders.vscode.dev') ? REDIRECT_URL_INSIDERS : REDIRECT_URL_STABLE; - const searchParams = new URLSearchParams([ - ['client_id', CLIENT_ID], - ['redirect_uri', redirectUri], - ['scope', scopes], - ['state', encodeURIComponent(callbackUri.toString(true))] - ]); - const uri = vscode.Uri.parse(`${GITHUB_AUTHORIZE_URL}?${searchParams.toString()}`); - - return vscode.window.withProgress({ - location: vscode.ProgressLocation.Window, - title: localize('signingIn', " $(mark-github) Signing in to github.com..."), - }, async () => { - await vscode.env.openExternal(uri); - - // Register a single listener for the URI callback, in case the user starts the login process multiple times - // before completing it. - let codeExchangePromise = this._codeExchangePromises.get(scopes); - if (!codeExchangePromise) { - codeExchangePromise = promiseFromEvent(this._uriHandler.event, this.exchangeCodeForToken(scopes)); - this._codeExchangePromises.set(scopes, codeExchangePromise); - } - - return Promise.race([ - codeExchangePromise.promise, - promiseFromEvent(this._onDidManuallyProvideToken.event, (token: string | undefined, resolve, reject): void => { - if (!token) { - reject('Cancelled'); - } else { - resolve(token); - } - }).promise, - new Promise((_, reject) => setTimeout(() => reject('Cancelled'), 60000)) - ]).finally(() => { - this._pendingNonces.delete(scopes); - codeExchangePromise?.cancel.fire(); - this._codeExchangePromises.delete(scopes); - }); - }); + return token; } private async doDeviceCodeFlow(scopes: string): Promise { @@ -299,57 +231,6 @@ export class GitHubServer implements IGitHubServer { throw new Error('Cancelled'); } - private exchangeCodeForToken: (scopes: string) => PromiseAdapter = - (scopes) => async (uri, resolve, reject) => { - const query = new URLSearchParams(uri.query); - const code = query.get('code'); - - const acceptedNonces = this._pendingNonces.get(scopes) || []; - const nonce = query.get('nonce'); - if (!nonce) { - this._logger.error('No nonce in response.'); - return; - } - if (!acceptedNonces.includes(nonce)) { - // A common scenario of this happening is if you: - // 1. Trigger a sign in with one set of scopes - // 2. Before finishing 1, you trigger a sign in with a different set of scopes - // In this scenario we should just return and wait for the next UriHandler event - // to run as we are probably still waiting on the user to hit 'Continue' - this._logger.info('Nonce not found in accepted nonces. Skipping this execution...'); - return; - } - - this._logger.info('Exchanging code for token...'); - - const proxyEndpoints: { [providerId: string]: string } | undefined = await vscode.commands.executeCommand('workbench.getCodeExchangeProxyEndpoints'); - const endpointUrl = proxyEndpoints?.github ? `${proxyEndpoints.github}login/oauth/access_token` : GITHUB_TOKEN_URL; - - try { - const body = `code=${code}`; - const result = await fetch(endpointUrl, { - method: 'POST', - headers: { - Accept: 'application/json', - 'Content-Type': 'application/x-www-form-urlencoded', - 'Content-Length': body.toString() - - }, - body - }); - - if (result.ok) { - const json = await result.json(); - this._logger.info('Token exchange success!'); - resolve(json.access_token); - } else { - reject(result.statusText); - } - } catch (ex) { - reject(ex); - } - }; - private getServerUri(path: string = '') { const apiUri = vscode.Uri.parse('https://api.github.com'); return vscode.Uri.parse(`${apiUri.scheme}://${apiUri.authority}${path}`); @@ -359,44 +240,7 @@ export class GitHubServer implements IGitHubServer { return getUserInfo(token, this.getServerUri('/user'), this._logger); } - public async sendAdditionalTelemetryInfo(token: string): Promise { - if (!vscode.env.isTelemetryEnabled) { - return; - } - const nocors = await this.isNoCorsEnvironment(); - - if (nocors) { - return; - } - - try { - const result = await fetch('https://education.github.com/api/user', { - headers: { - Authorization: `token ${token}`, - 'faculty-check-preview': 'true', - 'User-Agent': 'Visual-Studio-Code' - } - }); - - if (result.ok) { - const json: { student: boolean; faculty: boolean } = await result.json(); - - /* __GDPR__ - "session" : { - "isEdu": { "classification": "NonIdentifiableDemographicInfo", "purpose": "FeatureInsight" } - } - */ - this._telemetryReporter.sendTelemetryEvent('session', { - isEdu: json.student - ? 'student' - : json.faculty - ? 'faculty' - : 'none' - }); - } - } catch (e) { - // No-op - } + public async sendAdditionalTelemetryInfo(_: string): Promise { } public async checkEnterpriseVersion(token: string): Promise { diff --git a/src/vs/workbench/browser/parts/activitybar/activitybarActions.ts b/src/vs/workbench/browser/parts/activitybar/activitybarActions.ts index 36647e6..55e722b 100644 --- a/src/vs/workbench/browser/parts/activitybar/activitybarActions.ts +++ b/src/vs/workbench/browser/parts/activitybar/activitybarActions.ts @@ -271,7 +271,7 @@ export class AccountsActivityActionViewItem extends MenuActivityActionViewItem { } }); - if (providers.length && !menus.length) { + if (!menus.length) { const noAccountsAvailableAction = disposables.add(new Action('noAccountsAvailable', localize('noAccounts', "You are not signed in to any accounts"), undefined, false)); menus.push(noAccountsAvailableAction); } diff --git a/src/vs/workbench/services/authentication/browser/authenticationService.ts b/src/vs/workbench/services/authentication/browser/authenticationService.ts index 5f7431d..278cd3d 100644 --- a/src/vs/workbench/services/authentication/browser/authenticationService.ts +++ b/src/vs/workbench/services/authentication/browser/authenticationService.ts @@ -13,7 +13,6 @@ import { isString } from 'vs/base/common/types'; import * as nls from 'vs/nls'; import { MenuId, MenuRegistry } from 'vs/platform/actions/common/actions'; import { CommandsRegistry } from 'vs/platform/commands/common/commands'; -import { ContextKeyExpr } from 'vs/platform/contextkey/common/contextkey'; import { ICredentialsService } from 'vs/platform/credentials/common/credentials'; import { IDialogService } from 'vs/platform/dialogs/common/dialogs'; import { registerSingleton } from 'vs/platform/instantiation/common/extensions'; @@ -197,13 +196,6 @@ export class AuthenticationService extends Disposable implements IAuthentication @IQuickInputService private readonly quickInputService: IQuickInputService ) { super(); - this._placeholderMenuItem = MenuRegistry.appendMenuItem(MenuId.AccountsContext, { - command: { - id: 'noAuthenticationProviders', - title: nls.localize('loading', "Loading..."), - precondition: ContextKeyExpr.false() - }, - }); authenticationExtPoint.setHandler((extensions, { added, removed }) => { added.forEach(point => { @@ -272,16 +264,6 @@ export class AuthenticationService extends Disposable implements IAuthentication this.removeAccessRequest(id, extensionId); }); } - - if (!this._authenticationProviders.size) { - this._placeholderMenuItem = MenuRegistry.appendMenuItem(MenuId.AccountsContext, { - command: { - id: 'noAuthenticationProviders', - title: nls.localize('loading', "Loading..."), - precondition: ContextKeyExpr.false() - }, - }); - } } async sessionsUpdate(id: string, event: AuthenticationSessionsChangeEvent): Promise {