Skip to content
This repository was archived by the owner on Sep 30, 2024. It is now read-only.

Fix(search): auth issues with Sourcegraph VSCode extension#63175

Merged
peterguy merged 16 commits intomainfrom
peterguy/vscode-sourcegraph-extension-fix-auth
Jun 12, 2024
Merged

Fix(search): auth issues with Sourcegraph VSCode extension#63175
peterguy merged 16 commits intomainfrom
peterguy/vscode-sourcegraph-extension-fix-auth

Conversation

@peterguy
Copy link
Contributor

@peterguy peterguy commented Jun 8, 2024
edited by enriquegh
Loading

Fixes the issues requiring the workaround described in this video.

Closes #60710

No more manual editing of settings.json.

The endpoint URL and access code can now all be managed from the UI

Test plan

First

Build and run locally.

git switch peterguy/vscode-sourcegraph-extension-fix-auth
cd client/vscode
pnpm run build

Then

Launch extension in VSCode: open the Run and Debug sidebar view in VS Code, then select Launch VS Code Extension from the dropdown menu.
Click on Have an account? to open the login dialog.
Enter an access token and the URL of the Sourcegraph instance to which you would like to connect.
Click Authenticate account.
In the Help and Feedback section, click your username to open the logout panel, then log out.
Repeat the login process.
You can check settings.json if you'd like to confirm that it's no longer being used.
If you're logging in to dotcom, you'll probably se a SQL error. The login process still works; the SQL error does not have long to live.

Changelog

  • Entering the URL and access token in the UI now works - no more manual editing of settings.json

peterguy added 7 commits June 5, 2024 20:30
@peterguy
Load endpoint URL before access token
2676f56 
`requestGraphQLFromVSCode`` accepts the endpoint URL
and access token as parameters, loading each from
storage if they are not provided.
The order in which those two parameters are
resolved is important because the key to the
access token is the endpoint URL. The resolution
order was backward: it first loaded the storage for
the access token (`session`), using the stored
endpoint URL (ignoring the passed-in value) and
then resolved the endpoint URL.
This resulted in a mismatch between the endpoint URL
and the access token, requiring the user to manually
edit the settings.json file to specify those two
parameters.

There are still problems with the auth process,
but now it will actually use the values entered
in the UI.
@peterguy
Use endpointSetting() to get the endpoint URL
d38b8b8 
Instead of directly accessing `vscode.workspace.getConfiguration('sourcegraph').get<string>('url')`.

This will allow for replacing where the endpoint URL is stored, and also, it may be that using `getConfiguration('sourcegraph')` to get the section of the config file was not working correctly. I was seeing some strange behavior with `readConfiguration()`, which does this internally.
@peterguy
export the extension context from activate
1cab2c1 
It is a literal export of the context, and I'm thinking there has to be a better way to do it.
It's used only in `endpointSetting.js` currently; there may be a way to register it there, but for now, this works.

The context is used to access the globalState storage, in which the endpoint URL is (will be, in a subsequent commit) stored.

Exporting the context, rather than `extensionCoreAPI` or `localStorageService` because it's the simplest right now.
@peterguy
Store the endpoint URL in the extension context
fe02455 
Instead of `settings.json`.

Add a migration from `settings.json` if it's being used.

The order of resolving the endpoint URL is:
1. extension context
2. settings.json
3. default value
@peterguy
Register an authentication provider when the endpoint URL changes.
be7b45b 
When the endpoint URL was being stored in `settings.json`, a user could modify it directly instead of going through the UI, so the extension would be reloaded every time the endpoint URL was changed in `settings.json`, re-running `activate`, in which an authentication provider is registered for the current endpoint URL.

Now that the endpoint URL is managed only via the UI and is stored out of reach of the user in the extension context, register an authentication prodiver whenever the endpoint URL changes, rather than reloading the whole extension and triggering `activate`.
@peterguy
Clear out the endpoint URL on logout.
52e74bf 
Avoids error messages about wrong/missing access tokens.

There's probably room for improvement here (like maintaining a MRU of URLs), but this is a quick fix.
@peterguy
Cleanup unused code.
58d85a7 
No longer need the code to keep an eye on `settings.json` to reload the extension if the endpoint URL changed.

Don't need `readConfiguration` to access `settings.json` anymore.
@cla-bot cla-bot bot added the cla-signed label Jun 8, 2024
@peterguy peterguy requested review from a team June 8, 2024 06:30
@peterguy peterguy self-assigned this Jun 8, 2024
@peterguy peterguy added vscode-search team/code-search Issues owned by the code search team labels Jun 8, 2024
@peterguy
Copy link
Contributor Author

peterguy commented Jun 8, 2024

Tagging @sourcegraph/security-code-review (@shivasurya) for a review, because this involves managing an access token.

The original code had a listener that reloaded the extension if the endpoint URL in settings.json changed in order, "to prevent data 'contamination' (e.g. sending private repo names to Cloud instance)." Now that the endpoint URL and access token are managed in the UI only, that reload is not should not be necessary; I would appreciate another set of eyes to confirm that.

Also, is it possible to meddle with the extension's globalState storage? If so, we should add more safeguards to prevent "data 'contamination'".

@peterguy
Found another usage of readConfiguration
424da3b 
Changed to use `vscode.workspace.getConfiguration()` as it does elsewhere in the code.

There are stull instances of `vscode.workspace.getConfiguration('sourcegraph')` also; I'm nost sure which is better, but I did have some possible issues with `readConfiguration()` when I first started researching the auth issues so I prefer `vscode.workspace.getConfiguration()`.
@evict
Copy link
Contributor

evict commented Jun 8, 2024

Also, is it possible to meddle with the extension's globalState storage? If so, we should add more safeguards to prevent "data 'contamination'".

That should be private to the extension only.
🔒

peterguy added 7 commits June 8, 2024 12:47
@peterguy
Merge branch 'main' into peterguy/vscode-sourcegraph-extension-fix-auth
a3fa427
@peterguy
bazel configure
ce6deda
@peterguy
removeOldEndpointURLSetting() does not need to be exported
542538f
@peterguy
Remove unused code.
c853735 
No more invalidating because of changes to the endpoint URL
@peterguy
Remove the 'sourcegraph_url_change' state.
de59334 
Also no longer needed because the endpoint URL is no longer stored in `settings.json`.
@peterguy
Update changelog
4b11f82
@peterguy
Updating error message wording.
e5a2f5d 
Remove language about restarting VSCode to accomodate new Sourcegraph URL.
@camdencheek
Copy link
Member

camdencheek commented Jun 11, 2024

I tried this out locally, but was unable to get it to work. I attempted to log in with S2 with an access token I just created, but got the following error:

screenshot-2024-06-11_10-48-54@2x

After the error, the Sourcegraph panel has no option to try to log in again and when I try to run a search, I get 401 Unauthorized errors:

	at checkOk (/Users/camdencheek/src/sourcegraph/sourcegraph/client/http-client/src/http-status-error.ts:39:15)
	at requestGraphQLFromVSCode (/Users/camdencheek/src/sourcegraph/sourcegraph/client/vscode/src/backend/requestGraphQl.ts:47:26)
	at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {name: 'HTTPStatusError', status: 401, stack: 'HTTPStatusError: Request to https://sourcegra…ions (node:internal/process/task_queues:95:5)', message: 'Request to https://sourcegraph.sourcegraph.c…eProductVersion failed with 401 Unauthorized'}

Anything else I should try to collect?

@peterguy
Copy link
Contributor Author

peterguy commented Jun 11, 2024

@camdencheek Make sure you're switching to the feature branch peterguy/vscode-sourcegraph-extension-fix-auth before testing.

Here's a walkthrough of how I test login.

Screen.Recording.2024-06-11.at.14.12.53.mp4

This was linked to issues Jun 11, 2024
Sourcegraph Code Search VS Code Extension Auth Does Not Work #61269
Closed
VSCode Search extension does not persist creds unless manually added to json settings #58722
Closed
@camdencheek
Copy link
Member

camdencheek commented Jun 11, 2024

Aah, I think I missed the pnpm build step. I was thinking the "run and debug extension" did that. Anyways after going through the steps in the video, it works great! Thanks Peter!

@peterguy
Copy link
Contributor Author

peterguy commented Jun 12, 2024

I was thinking the "run and debug extension" did that
The README for the extension does say to use either pnpm run build OR "run and debug", but I've found I need to do both. I haven't updated the README yet. :-D

@peterguy peterguy merged commit 9d82cd1 into main Jun 12, 2024
@peterguy peterguy deleted the peterguy/vscode-sourcegraph-extension-fix-auth branch June 12, 2024 14:07
This was linked to issues Jun 14, 2024
VSCode Bug report: can not authenticate account #57607
Closed
Unable to authenticate access token + vscode #41620
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@evict evict evict approved these changes

@camdencheek camdencheek camdencheek approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@peterguy peterguy

Labels

cla-signed team/code-search Issues owned by the code search team vscode-search

Projects

None yet

Milestone

No milestone

3 participants

@peterguy @evict @camdencheek