fix(search): VSCode Search extension: remove auth provider (#63262)

peterguy · web-flow · commit 5ee5e8817b04 · 2024-06-19T11:23:10.000-07:00
VSCode extensions can use authentication providers to enable authentication actions from the Accounts menu, and to allow for federated authentication. The Sourcegraph Search extension needs neither of those - it can meet all of its authentication needs with the existing actions in is side panel. On top of that, the authentication provider isn't implemented quite correctly, which leads to issues like #43608. This PR removes the authentication provider. It retains all of the expected behavior of the extension: the user can still authenticate against sourcegraph.com or private instances using an access token, and log out. ## Test plan ### First Build and run locally. ``` git switch peterguy/vscode-remove-auth-provider cd client/vscode pnpm run build ``` ### Then - Launch extension in VSCode: open the `Run and Debug` sidebar view in VS Code, then select `Launch VS Code Extension` from the dropdown menu. - Note that the Accounts icon does not display a "1" badge and "Sign in with SOURCEGRAPH_AUTH" is not present in the menu. - Click on `Have an account?` to open the login dialog. - Enter an access token and the URL of the Sourcegraph instance to which you would like to connect. - Click `Authenticate account`. - Check the Accounts icon and menu - should not be anything there that's a result of Sourcegraph Search. - In the Help and Feedback section, click your username to open the logout panel, then log out. - Note again, the lack of modifications to the Accounts icon and menu from the Sourcegraph Search extension. ## Changelog - Remove interaction between the Sourcegraph Search extension and the Accounts menu.
diff --git a/client/vscode/src/backend/instanceVersion.ts b/client/vscode/src/backend/instanceVersion.ts
@@ -18,8 +18,8 @@ import { requestGraphQLFromVSCode } from './requestGraphQl'
  * - insiders version format: 134683_2022-03-02_5188fes0101
  */
 export const observeInstanceVersionNumber = (
-    accessToken: string,
-    endpointURL: string
+    accessToken?: string,
+    endpointURL?: string
 ): Observable<string | undefined> =>
     from(requestGraphQLFromVSCode<SiteVersionResult>(siteVersionQuery, {}, accessToken, endpointURL)).pipe(
         map(dataOrThrowErrors),
diff --git a/client/vscode/src/backend/requestGraphQl.ts b/client/vscode/src/backend/requestGraphQl.ts
@@ -1,9 +1,7 @@
-import { authentication } from 'vscode'
-
 import { asError } from '@sourcegraph/common'
 import { checkOk, GRAPHQL_URI, type GraphQLResult, isHTTPAuthError } from '@sourcegraph/http-client'
 
-import { handleAccessTokenError } from '../settings/accessTokenSetting'
+import { handleAccessTokenError, getAccessToken } from '../settings/accessTokenSetting'
 import { endpointRequestHeadersSetting, endpointSetting } from '../settings/endpointSetting'
 
 import { fetch, getProxyAgent, Headers, type HeadersInit } from './fetch'
@@ -15,9 +13,7 @@ export const requestGraphQLFromVSCode = async <R, V = object>(
     overrideSourcegraphURL?: string
 ): Promise<GraphQLResult<R>> => {
     const sourcegraphURL = overrideSourcegraphURL || endpointSetting()
-    const accessToken =
-        overrideAccessToken ||
-        (await authentication.getSession(sourcegraphURL, [], { createIfNone: false }))?.accessToken
+    const accessToken = overrideAccessToken || (await getAccessToken())
     const nameMatch = request.match(/^\s*(?:query|mutation)\s+(\w+)/)
     const apiURL = `${GRAPHQL_URI}${nameMatch ? '?' + nameMatch[1] : ''}`
     const customHeaders = endpointRequestHeadersSetting()
diff --git a/client/vscode/src/backend/streamSearch.ts b/client/vscode/src/backend/streamSearch.ts
@@ -8,22 +8,21 @@ import { aggregateStreamingSearch } from '@sourcegraph/shared/src/search/stream'
 
 import type { ExtensionCoreAPI } from '../contract'
 import { SearchPatternType } from '../graphql-operations'
+import { getAccessToken } from '../settings/accessTokenSetting'
 import type { VSCEStateMachine } from '../state'
 import { focusSearchPanel } from '../webview/commands'
 
 import { isOlderThan, observeInstanceVersionNumber } from './instanceVersion'
 
-export function createStreamSearch({
+export async function createStreamSearch({
     context,
     stateMachine,
     sourcegraphURL,
-    session,
 }: {
     context: vscode.ExtensionContext
     stateMachine: VSCEStateMachine
     sourcegraphURL: string
-    session: vscode.AuthenticationSession | undefined
-}): ExtensionCoreAPI['streamSearch'] {
+}): Promise<ExtensionCoreAPI['streamSearch']> {
     // Ensure only one search is active at a time
     let previousSearchSubscription: Subscription | null
 
@@ -32,7 +31,7 @@ export function createStreamSearch({
             previousSearchSubscription?.unsubscribe()
         },
     })
-    const token = session?.accessToken === undefined ? '' : session?.accessToken
+    const token = await getAccessToken()
     const instanceVersionNumber = observeInstanceVersionNumber(token, sourcegraphURL)
 
     return function streamSearch(query, options) {
diff --git a/client/vscode/src/extension.ts b/client/vscode/src/extension.ts
@@ -19,13 +19,13 @@ import { openSourcegraphUriCommand } from './file-system/commands'
 import { initializeSourcegraphFileSystem } from './file-system/initialize'
 import { SourcegraphUri } from './file-system/SourcegraphUri'
 import type { Event } from './graphql-operations'
-import { accessTokenSetting, processOldToken } from './settings/accessTokenSetting'
+import { getAccessToken, processOldToken } from './settings/accessTokenSetting'
 import { endpointRequestHeadersSetting, endpointSetting } from './settings/endpointSetting'
 import { LocalStorageService, SELECTED_SEARCH_CONTEXT_SPEC_KEY } from './settings/LocalStorageService'
 import { watchUninstall } from './settings/uninstall'
 import { createVSCEStateMachine, type VSCEQueryState } from './state'
 import { copySourcegraphLinks, focusSearchPanel, openSourcegraphLinks, registerWebviews } from './webview/commands'
-import { secretTokenKey, SourcegraphAuthActions, SourcegraphAuthProvider } from './webview/platform/AuthProvider'
+import { SourcegraphAuthActions } from './webview/platform/AuthProvider'
 
 export let extensionContext: vscode.ExtensionContext
 /**
@@ -35,18 +35,8 @@ export async function activate(context: vscode.ExtensionContext): Promise<void>
     extensionContext = context
     const initialInstanceURL = endpointSetting()
     const secretStorage = context.secrets
-    // Register SourcegraphAuthProvider
-    context.subscriptions.push(
-        vscode.authentication.registerAuthenticationProvider(
-            initialInstanceURL,
-            secretTokenKey,
-            new SourcegraphAuthProvider(secretStorage)
-        )
-    )
     await processOldToken(secretStorage)
-    const initialAccessToken = await secretStorage.get(secretTokenKey)
-    const createIfNone = initialAccessToken ? { createIfNone: true } : { createIfNone: false }
-    const session = await vscode.authentication.getSession(initialInstanceURL, [], createIfNone)
+    const initialAccessToken = await getAccessToken()
     const authenticatedUser = observeAuthenticatedUser(secretStorage)
     const localStorageService = new LocalStorageService(context.globalState)
     const stateMachine = createVSCEStateMachine({ localStorageService })
@@ -70,11 +60,10 @@ export async function activate(context: vscode.ExtensionContext): Promise<void>
     // Use for file tree panel
     const { fs } = initializeSourcegraphFileSystem({ context, initialInstanceURL })
     // Use api endpoint for stream search
-    const streamSearch = createStreamSearch({
+    const streamSearch = await createStreamSearch({
         context,
         stateMachine,
         sourcegraphURL: `${initialInstanceURL}/.api`,
-        session,
     })
     const authActions = new SourcegraphAuthActions(secretStorage)
     const extensionCoreAPI: ExtensionCoreAPI = {
@@ -91,7 +80,7 @@ export async function activate(context: vscode.ExtensionContext): Promise<void>
         openSourcegraphFile: (uri: string) => openSourcegraphUriCommand(fs, SourcegraphUri.parse(uri)),
         openLink: uri => openSourcegraphLinks(uri),
         copyLink: uri => copySourcegraphLinks(uri),
-        getAccessToken: accessTokenSetting(context.secrets),
+        getAccessToken: getAccessToken(),
         removeAccessToken: () => authActions.logout(),
         setEndpointUri: (accessToken, uri) => authActions.login(accessToken, uri),
         reloadWindow: () => vscode.commands.executeCommand('workbench.action.reloadWindow'),
diff --git a/client/vscode/src/settings/accessTokenSetting.ts b/client/vscode/src/settings/accessTokenSetting.ts
@@ -1,36 +1,32 @@
 import * as vscode from 'vscode'
 
 import { isOlderThan, observeInstanceVersionNumber } from '../backend/instanceVersion'
+import { extensionContext } from '../extension'
 import { secretTokenKey } from '../webview/platform/AuthProvider'
 
 import { endpointHostnameSetting, endpointProtocolSetting } from './endpointSetting'
 
 // IMPORTANT: Call this function only once when extention is first activated
 export async function processOldToken(secretStorage: vscode.SecretStorage): Promise<void> {
-    // Process the token that lives in user configuration
-    // Move them to secrets and then remove them by setting it as undefined
+    // Process the token that used to live in user configuration
+    // Move it to secrets and then remove it from user configuration
     const storageToken = await secretStorage.get(secretTokenKey)
     const oldToken = vscode.workspace.getConfiguration().get<string>('sourcegraph.accessToken') || ''
     if (!storageToken && oldToken.length > 8) {
         await secretStorage.store(secretTokenKey, oldToken)
-        await removeOldAccessTokenSetting()
+        await vscode.workspace
+            .getConfiguration()
+            .update('sourcegraph.accessToken', undefined, vscode.ConfigurationTarget.Global)
+        await vscode.workspace
+            .getConfiguration()
+            .update('sourcegraph.accessToken', undefined, vscode.ConfigurationTarget.Workspace)
     }
     return
 }
 
-export async function accessTokenSetting(secretStorage: vscode.SecretStorage): Promise<string> {
-    const currentToken = await secretStorage.get(secretTokenKey)
-    return currentToken || ''
-}
-
-export async function removeOldAccessTokenSetting(): Promise<void> {
-    await vscode.workspace
-        .getConfiguration()
-        .update('sourcegraph.accessToken', undefined, vscode.ConfigurationTarget.Global)
-    await vscode.workspace
-        .getConfiguration()
-        .update('sourcegraph.accessToken', undefined, vscode.ConfigurationTarget.Workspace)
-    return
+export async function getAccessToken(): Promise<string | undefined> {
+    const token = await extensionContext?.secrets.get(secretTokenKey)
+    return token
 }
 
 // Ensure that only one access token error message is shown at a time.
@@ -42,7 +38,7 @@ export async function handleAccessTokenError(badToken: string, endpointURL: stri
 
         const message = !badToken
             ? `A valid access token is required to connect to ${endpointURL}`
-            : `Connection to ${endpointURL} failed. Please try reloading VS Code if your Sourcegraph instance URL has been updated.`
+            : `Connection to ${endpointURL} failed. Please check your access token and network connection.`
 
         const version = await observeInstanceVersionNumber(badToken, endpointURL).toPromise()
         const supportsTokenCallback = version && isOlderThan(version, { major: 3, minor: 41 })
diff --git a/client/vscode/src/settings/endpointSetting.ts b/client/vscode/src/settings/endpointSetting.ts
@@ -1,7 +1,6 @@
 import * as vscode from 'vscode'
 
 import { extensionContext } from '../extension'
-import { secretTokenKey, SourcegraphAuthProvider } from '../webview/platform/AuthProvider'
 
 const defaultEndpointURL = 'https://sourcegraph.com'
 
@@ -43,28 +42,7 @@ export function setEndpoint(newEndpoint: string | undefined): void {
     const newEndpointHostname = new URL(newEndpointURL).hostname
     if (currentEndpointHostname !== newEndpointHostname) {
         extensionContext?.globalState.update(endpointKey, newEndpointURL).then(
-            () => {
-                // after changing the endpoint URL, register an authentication provder for it.
-                // trying and erroring (because one already exists) is probably just as cheap/expensive
-                // as trying `vscode.authentication.getSession(newEndpointURL, [], { createIfNone: false })`,
-                // catching an error and registering an auth provider.
-                try {
-                    const provider = vscode.authentication.registerAuthenticationProvider(
-                        newEndpointURL,
-                        secretTokenKey,
-                        new SourcegraphAuthProvider(extensionContext?.secrets)
-                    )
-                    extensionContext?.subscriptions.push(provider)
-                } catch (error) {
-                    // unsetting the endpoint reverts to the default,
-                    // which probably already has an auth provider,
-                    // which would cause an error,
-                    // so ignore it.
-                    if (!(error as Error).message.includes('is already registered')) {
-                        console.error(error)
-                    }
-                }
-            },
+            () => {},
             error => {
                 console.error(error)
             }
diff --git a/client/vscode/src/webview/commands.ts b/client/vscode/src/webview/commands.ts
@@ -10,7 +10,7 @@ import { initializeCodeIntel } from '../code-intel/initialize'
 import type { ExtensionCoreAPI } from '../contract'
 import type { SourcegraphFileSystemProvider } from '../file-system/SourcegraphFileSystemProvider'
 import { SearchPatternType } from '../graphql-operations'
-import { endpointRequestHeadersSetting, endpointSetting } from '../settings/endpointSetting'
+import { endpointRequestHeadersSetting } from '../settings/endpointSetting'
 
 import {
     initializeHelpSidebarWebview,
@@ -59,14 +59,12 @@ export function registerWebviews({
     )
 
     // Update `EventSource` Authorization header on access token / headers change.
-    // It will also be changed when the token has been changed --handled by Auth Provider
     context.subscriptions.push(
         vscode.workspace.onDidChangeConfiguration(async config => {
-            const session = await vscode.authentication.getSession(endpointSetting(), [], { forceNewSession: false })
-            if (config.affectsConfiguration('sourcegraph.requestHeaders') && session) {
-                const newCustomHeaders = endpointRequestHeadersSetting()
+            if (config.affectsConfiguration('sourcegraph.requestHeaders')) {
+                const token = await extensionCoreAPI.getAccessToken
                 polyfillEventSource(
-                    session.accessToken ? { Authorization: `token ${session.accessToken}`, ...newCustomHeaders } : {},
+                    token ? { Authorization: `token ${token}`, ...endpointRequestHeadersSetting() } : {},
                     getProxyAgent()
                 )
             }
diff --git a/client/vscode/src/webview/platform/AuthProvider.ts b/client/vscode/src/webview/platform/AuthProvider.ts
@@ -1,145 +1,16 @@
-import {
-    authentication,
-    type AuthenticationProvider,
-    type AuthenticationProviderAuthenticationSessionsChangeEvent,
-    type AuthenticationSession,
-    commands,
-    Disposable,
-    type Event,
-    EventEmitter,
-    type SecretStorage,
-} from 'vscode'
+import { commands, type SecretStorage } from 'vscode'
 
-import polyfillEventSource from '@sourcegraph/shared/src/polyfills/vendor/eventSource'
-
-import { getProxyAgent } from '../../backend/fetch'
-import { endpointRequestHeadersSetting, endpointSetting, setEndpoint } from '../../settings/endpointSetting'
+import { setEndpoint } from '../../settings/endpointSetting'
 
 export const secretTokenKey = 'SOURCEGRAPH_AUTH'
 
-class SourcegraphAuthSession implements AuthenticationSession {
-    public readonly account = {
-        id: SourcegraphAuthProvider.id,
-        label: SourcegraphAuthProvider.label,
-    }
-    public readonly id = SourcegraphAuthProvider.id
-    public readonly scopes = []
-
-    constructor(public readonly accessToken: string) {}
-}
-
-export class SourcegraphAuthProvider implements AuthenticationProvider, Disposable {
-    public static id = endpointSetting()
-    private static secretKey = secretTokenKey
-    public static label = secretTokenKey
-
-    // Kept track of token changes through out the session
-    private currentToken: string | undefined
-    private initializedDisposable: Disposable | undefined
-    private _onDidChangeSessions = new EventEmitter<AuthenticationProviderAuthenticationSessionsChangeEvent>()
-    public get onDidChangeSessions(): Event<AuthenticationProviderAuthenticationSessionsChangeEvent> {
-        return this._onDidChangeSessions.event
-    }
-
-    constructor(private readonly secretStorage: SecretStorage) {}
-
-    public dispose(): void {
-        this.initializedDisposable?.dispose()
-    }
-
-    private async ensureInitialized(): Promise<void> {
-        if (this.initializedDisposable === undefined) {
-            await this.cacheTokenFromStorage()
-            this.initializedDisposable = Disposable.from(
-                this.secretStorage.onDidChange(async event => {
-                    if (event.key === SourcegraphAuthProvider.secretKey) {
-                        await this.checkForUpdates()
-                    }
-                }),
-                authentication.onDidChangeSessions(async event => {
-                    if (event.provider.id === SourcegraphAuthProvider.id) {
-                        await this.checkForUpdates()
-                    }
-                })
-            )
-        }
-    }
-
-    // Check if token has been updated across VS Code
-    private async checkForUpdates(): Promise<void> {
-        const added: AuthenticationSession[] = []
-        const removed: AuthenticationSession[] = []
-        const changed: AuthenticationSession[] = []
-        const previousToken = this.currentToken
-        const session = (await this.getSessions())[0]
-        if (session?.accessToken && !previousToken) {
-            added.push(session)
-        } else if (!session?.accessToken && previousToken) {
-            removed.push(session)
-        } else if (session?.accessToken !== previousToken) {
-            changed.push(session)
-        } else {
-            return
-        }
-        await this.cacheTokenFromStorage()
-        // Update the polyfillEventSource on token changes
-        polyfillEventSource(
-            this.currentToken
-                ? { Authorization: `token ${this.currentToken}`, ...endpointRequestHeadersSetting() }
-                : {},
-            getProxyAgent()
-        )
-        this._onDidChangeSessions.fire({ added, removed, changed })
-    }
-
-    // Get token from Storage
-    private async cacheTokenFromStorage(): Promise<string | undefined> {
-        const token = await this.secretStorage.get(SourcegraphAuthProvider.secretKey)
-        this.currentToken = token
-        return this.currentToken
-    }
-
-    // This is called first when `vscode.authentication.getSessions` is called.
-    public async getSessions(_scopes?: string[]): Promise<readonly AuthenticationSession[]> {
-        await this.ensureInitialized()
-        const token = await this.cacheTokenFromStorage()
-        return token ? [new SourcegraphAuthSession(token)] : []
-    }
-
-    // This is called after `this.getSessions` is called,
-    // and only when `createIfNone` or `forceNewSession` are set to true
-    public async createSession(_scopes: string[]): Promise<AuthenticationSession> {
-        await this.ensureInitialized()
-        // Get token from scret storage
-        let token = await this.secretStorage.get(SourcegraphAuthProvider.secretKey)
-        if (token) {
-            console.log('Successfully logged in to Sourcegraph', token)
-            await this.secretStorage.store(SourcegraphAuthProvider.secretKey, token)
-        }
-        if (!token) {
-            token = ''
-        }
-        return new SourcegraphAuthSession(token)
-    }
-
-    // To sign out
-    public async removeSession(_sessionId: string): Promise<void> {
-        await this.secretStorage.delete(SourcegraphAuthProvider.secretKey)
-        console.log('Successfully logged out of Sourcegraph')
-    }
-}
-
 export class SourcegraphAuthActions {
-    private currentEndpoint = endpointSetting()
-
     constructor(private readonly secretStorage: SecretStorage) {}
 
     public async login(newtoken: string, newuri: string): Promise<void> {
         try {
             await this.secretStorage.store(secretTokenKey, newtoken)
-            if (this.currentEndpoint !== newuri) {
-                setEndpoint(newuri)
-            }
+            setEndpoint(newuri)
             return
         } catch (error) {
             console.error(error)
