Follow up 944: authentication sessions are not persistent (#1003)

davegarthsimpson · web-flow · commit eaf14aa1ebad · 2022-06-07T11:46:28.000+02:00
* #944: Fixed auth. sessions not persistent * 944: Prevent race conditions setting authOptions * typo correction, duplicate identifier * prevent block of auth client service on setOptions * consider windows cred. mgr. password len limit
diff --git a/arduino-ide-extension/src/browser/auth/authentication-client-service.ts b/arduino-ide-extension/src/browser/auth/authentication-client-service.ts
@@ -43,15 +43,14 @@ export class AuthenticationClientService
 
   readonly onSessionDidChange = this.onSessionDidChangeEmitter.event;
 
-  onStart(): void {
+  async onStart(): Promise<void> {
     this.toDispose.push(this.onSessionDidChangeEmitter);
     this.service.setClient(this);
     this.service
       .session()
       .then((session) => this.notifySessionDidChange(session));
 
-    this.setOptions();
-    this.service.initAuthSession()
+    this.setOptions().then(() => this.service.initAuthSession());
 
     this.arduinoPreferences.onPreferenceChanged((event) => {
       if (event.preferenceName.startsWith('arduino.auth.')) {
@@ -60,8 +59,8 @@ export class AuthenticationClientService
     });
   }
 
-  setOptions(): void {
-    this.service.setOptions({
+  setOptions(): Promise<void> {
+    return this.service.setOptions({
       redirectUri: `http://localhost:${serverPort}/callback`,
       responseType: 'code',
       clientID: this.arduinoPreferences['arduino.auth.clientID'],
diff --git a/arduino-ide-extension/src/common/protocol/authentication-service.ts b/arduino-ide-extension/src/common/protocol/authentication-service.ts
@@ -22,7 +22,7 @@ export interface AuthenticationService
   logout(): Promise<void>;
   session(): Promise<AuthenticationSession | undefined>;
   disposeClient(client: AuthenticationServiceClient): void;
-  setOptions(authOptions: AuthOptions): void;
+  setOptions(authOptions: AuthOptions): Promise<void>;
   initAuthSession(): Promise<void>;
 }
 
diff --git a/arduino-ide-extension/src/node/auth/arduino-auth-provider.ts b/arduino-ide-extension/src/node/auth/arduino-auth-provider.ts
@@ -89,7 +89,7 @@ export class ArduinoAuthenticationProvider implements AuthenticationProvider {
     setInterval(checkToken, REFRESH_INTERVAL);
   }
 
-  public setOptions(authOptions: AuthOptions) {
+  public async setOptions(authOptions: AuthOptions): Promise<void> {
     this.authOptions = authOptions;
   }
 
diff --git a/arduino-ide-extension/src/node/auth/authentication-service-impl.ts b/arduino-ide-extension/src/node/auth/authentication-service-impl.ts
@@ -20,7 +20,7 @@ export class AuthenticationServiceImpl
   protected readonly clients: AuthenticationServiceClient[] = [];
   protected readonly toDispose = new DisposableCollection();
   
-  private initialized = false; 
+  private initialized = false;
 
   async onStart(): Promise<void> {
     this.toDispose.pushAll([
@@ -49,12 +49,12 @@ export class AuthenticationServiceImpl
   async initAuthSession(): Promise<void> {
     if (!this.initialized) {
       await this.delegate.init();
-      this.initialized = true
+      this.initialized = true;
     }
   }
 
-  setOptions(authOptions: AuthOptions) {
-    this.delegate.setOptions(authOptions);
+  setOptions(authOptions: AuthOptions): Promise<void> {
+    return this.delegate.setOptions(authOptions);
   }
 
   async login(): Promise<AuthenticationSession> {
diff --git a/arduino-ide-extension/src/node/auth/keychain.ts b/arduino-ide-extension/src/node/auth/keychain.ts
@@ -47,6 +47,15 @@ export class Keychain {
       return false;
     }
     try {
+      const stringifiedTokenLength = stringifiedToken.length;
+      const tokenLengthNotSupported =
+        stringifiedTokenLength > 2500 && process.platform === 'win32';
+
+      if (tokenLengthNotSupported) {
+        // TODO manage this specific error appropriately
+        return false;
+      }
+
       await keytar.setPassword(
         this.credentialsSection,
         this.account,
diff --git a/arduino-ide-extension/src/node/auth/utils.ts b/arduino-ide-extension/src/node/auth/utils.ts
@@ -44,7 +44,15 @@ export function token2IToken(token: Token): IToken {
     (token.id_token && jwt_decode(token.id_token)) || {};
 
   return {
-    idToken: token.id_token,
+    /*
+     * ".id_token" is already decoded for account details above
+     * so we probably don't need to keep it around as "idToken".
+     * If we do, and subsequently try to store it with
+     * Windows Credential Manager (WCM) it's probable we'll
+     * exceed WCMs' 2500 password character limit breaking
+     * our auth functionality
+     */
+    // ! idToken: token.id_token,
     expiresIn: token.expires_in,
     expiresAt: token.expires_in
       ? Date.now() + token.expires_in * 1000

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ export interface AuthenticationService`
`22`	`22`	`logout(): Promise<void>;`
`23`	`23`	`session(): Promise<AuthenticationSession \| undefined>;`
`24`	`24`	`disposeClient(client: AuthenticationServiceClient): void;`
`25`		`- setOptions(authOptions: AuthOptions): void;`
	`25`	`+ setOptions(authOptions: AuthOptions): Promise<void>;`
`26`	`26`	`initAuthSession(): Promise<void>;`
`27`	`27`	`}`
`28`	`28`
Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,7 @@ export class ArduinoAuthenticationProvider implements AuthenticationProvider {`
`89`	`89`	`setInterval(checkToken, REFRESH_INTERVAL);`
`90`	`90`	`}`
`91`	`91`
`92`		`- public setOptions(authOptions: AuthOptions) {`
	`92`	`+ public async setOptions(authOptions: AuthOptions): Promise<void> {`
`93`	`93`	`this.authOptions = authOptions;`
`94`	`94`	`}`
`95`	`95`