Rework CredentialManager

Author: deansheather

App/App.xaml.cs

@@ -1,5 +1,7 @@
 using System;
+using System.Threading;
 using System.Threading.Tasks;
+using Coder.Desktop.App.Models;
 using Coder.Desktop.App.Services;
 using Coder.Desktop.App.ViewModels;
 using Coder.Desktop.App.Views;
@@ -46,17 +48,29 @@ public async Task ExitApplication()
     {
         _handleWindowClosed = false;
         Exit();
-        var rpcManager = _services.GetRequiredService<IRpcController>();
+        var rpcController = _services.GetRequiredService<IRpcController>();
         // TODO: send a StopRequest if we're connected???
-        await rpcManager.DisposeAsync();
+        await rpcController.DisposeAsync();
         Environment.Exit(0);
     }
 
     protected override void OnLaunched(LaunchActivatedEventArgs args)
     {
-        var trayWindow = _services.GetRequiredService<TrayWindow>();
+        // Start connecting to the manager in the background.
+        var rpcController = _services.GetRequiredService<IRpcController>();
+        if (rpcController.GetState().RpcLifecycle == RpcLifecycle.Disconnected)
+            // Passing in a CT with no cancellation is desired here, because
+            // the named pipe open will block until the pipe comes up.
+            _ = rpcController.Reconnect(CancellationToken.None);
+
+        // Load the credentials in the background. Even though we pass a CT
+        // with no cancellation, the method itself will impose a timeout on the
+        // HTTP portion.
+        var credentialManager = _services.GetRequiredService<ICredentialManager>();
+        _ = credentialManager.LoadCredentials(CancellationToken.None);
 
         // Prevent the TrayWindow from closing, just hide it.
+        var trayWindow = _services.GetRequiredService<TrayWindow>();
         trayWindow.Closed += (sender, args) =>
         {
             if (!_handleWindowClosed) return;

App/Services/CredentialManager.cs

@@ -6,8 +6,8 @@
 using System.Threading;
 using System.Threading.Tasks;
 using Coder.Desktop.App.Models;
+using Coder.Desktop.CoderSdk;
 using Coder.Desktop.Vpn.Utilities;
-using CoderSdk;
 
 namespace Coder.Desktop.App.Services;
 
@@ -33,7 +33,7 @@ public interface ICredentialManager
     /// <summary>
     ///     Get any sign-in URL. The returned value is not parsed to check if it's a valid URI.
     /// </summary>
-    public string? GetSignInUri();
+    public Task<string?> GetSignInUri();
 
     /// <summary>
     ///     Returns cached credentials or loads/verifies them from storage if not cached.
@@ -42,35 +42,76 @@ public interface ICredentialManager
 
     public Task SetCredentials(string coderUrl, string apiToken, CancellationToken ct = default);
 
-    public void ClearCredentials();
+    public Task ClearCredentials(CancellationToken ct = default);
 }
 
+public interface ICredentialBackend
+{
+    public Task<RawCredentials?> ReadCredentials(CancellationToken ct = default);
+    public Task WriteCredentials(RawCredentials credentials, CancellationToken ct = default);
+    public Task DeleteCredentials(CancellationToken ct = default);
+}
+
+/// <summary>
+///     Implements ICredentialManager using the Windows Credential Manager to
+///     store credentials.
+/// </summary>
 public class CredentialManager : ICredentialManager
 {
     private const string CredentialsTargetName = "Coder.Desktop.App.Credentials";
 
-    private readonly RaiiSemaphoreSlim _loadLock = new(1, 1);
-    private readonly RaiiSemaphoreSlim _stateLock = new(1, 1);
-    private CredentialModel? _latestCredentials;
+    // _opLock is held for the full duration of SetCredentials, and partially
+    // during LoadCredentials. _lock protects _inFlightLoad, _loadCts, and
+    // writes to _latestCredentials.
+    private readonly RaiiSemaphoreSlim _opLock = new(1, 1);
+
+    // _inFlightLoad and _loadCts are set at the beginning of a LoadCredentials
+    // call.
+    private Task<CredentialModel>? _inFlightLoad;
+    private CancellationTokenSource? _loadCts;
+
+    // Reading and writing a reference in C# is always atomic, so this doesn't
+    // need to be protected on reads with a lock in GetCachedCredentials.
+    //
+    // The volatile keyword disables optimizations on reads/writes which helps
+    // other threads see the new value quickly (no guarantee that it's
+    // immediate).
+    private volatile CredentialModel? _latestCredentials;
+
+    private ICredentialBackend Backend { get; } = new WindowsCredentialBackend(CredentialsTargetName);
+
+    private ICoderApiClientFactory CoderApiClientFactory { get; } = new CoderApiClientFactory();
+
+    public CredentialManager()
+    {
+    }
+
+    public CredentialManager(ICredentialBackend backend, ICoderApiClientFactory coderApiClientFactory)
+    {
+        Backend = backend;
+        CoderApiClientFactory = coderApiClientFactory;
+    }
 
     public event EventHandler<CredentialModel>? CredentialsChanged;
 
     public CredentialModel GetCachedCredentials()
     {
-        using var _ = _stateLock.Lock();
-        if (_latestCredentials != null) return _latestCredentials.Clone();
+        // No lock required to read the reference.
+        var latestCreds = _latestCredentials;
+        // No clone needed as the model is immutable.
+        if (latestCreds != null) return latestCreds;
 
         return new CredentialModel
         {
             State = CredentialState.Unknown,
         };
     }
 
-    public string? GetSignInUri()
+    public async Task<string?> GetSignInUri()
     {
         try
         {
-            var raw = ReadCredentials();
+            var raw = await Backend.ReadCredentials();
             if (raw is not null && !string.IsNullOrWhiteSpace(raw.CoderUrl)) return raw.CoderUrl;
         }
         catch
@@ -81,42 +122,50 @@ public CredentialModel GetCachedCredentials()
         return null;
     }
 
-    public async Task<CredentialModel> LoadCredentials(CancellationToken ct = default)
+    // LoadCredentials may be preempted by SetCredentials.
+    public Task<CredentialModel> LoadCredentials(CancellationToken ct = default)
     {
-        using var _ = await _loadLock.LockAsync(ct);
-        using (await _stateLock.LockAsync(ct))
-        {
-            if (_latestCredentials != null) return _latestCredentials.Clone();
-        }
+        // This function is not `async` because we may return an existing task.
+        // However, we still want to acquire the lock with the
+        // CancellationToken so it can be canceled if needed.
+        using var _ = _opLock.LockAsync(ct).Result;
+
+        // If we already have a cached value, return it.
+        var latestCreds = _latestCredentials;
+        if (latestCreds != null) return Task.FromResult(latestCreds);
+
+        // If we are already loading, return the existing task.
+        if (_inFlightLoad != null) return _inFlightLoad;
+
+        // Otherwise, kick off a new load.
+        // Note: subsequent loads returned from above will ignore the passed in
+        // CancellationToken. We set a maximum timeout of 15 seconds anyway.
+        _loadCts = CancellationTokenSource.CreateLinkedTokenSource(ct);
+        _loadCts.CancelAfter(TimeSpan.FromSeconds(15));
+        _inFlightLoad = LoadCredentialsInner(_loadCts.Token);
+        return _inFlightLoad;
+    }
 
-        CredentialModel model;
-        try
-        {
-            var raw = ReadCredentials();
-            model = await PopulateModel(raw, ct);
-        }
-        catch
+    public async Task SetCredentials(string coderUrl, string apiToken, CancellationToken ct)
+    {
+        using var _ = await _opLock.LockAsync(ct);
+
+        // If there's an ongoing load, cancel it.
+        if (_loadCts != null)
         {
-            // We don't need to clear the credentials here, the app will think
-            // they're unset and any subsequent SetCredentials call after the
-            // user signs in again will overwrite the old invalid ones.
-            model = new CredentialModel
-            {
-                State = CredentialState.Invalid,
-            };
+            await _loadCts.CancelAsync();
+            _loadCts.Dispose();
+            _loadCts = null;
+            _inFlightLoad = null;
         }
 
-        UpdateState(model.Clone());
-        return model.Clone();
-    }
-
-    public async Task SetCredentials(string coderUrl, string apiToken, CancellationToken ct = default)
-    {
         if (string.IsNullOrWhiteSpace(coderUrl)) throw new ArgumentException("Coder URL is required", nameof(coderUrl));
         coderUrl = coderUrl.Trim();
-        if (coderUrl.Length > 128) throw new ArgumentOutOfRangeException(nameof(coderUrl), "Coder URL is too long");
+        if (coderUrl.Length > 128) throw new ArgumentException("Coder URL is too long", nameof(coderUrl));
         if (!Uri.TryCreate(coderUrl, UriKind.Absolute, out var uri))
             throw new ArgumentException($"Coder URL '{coderUrl}' is not a valid URL", nameof(coderUrl));
+        if (uri.Scheme != "http" && uri.Scheme != "https")
+            throw new ArgumentException("Coder URL must be HTTP or HTTPS", nameof(coderUrl));
         if (uri.PathAndQuery != "/") throw new ArgumentException("Coder URL must be the root URL", nameof(coderUrl));
         if (string.IsNullOrWhiteSpace(apiToken)) throw new ArgumentException("API token is required", nameof(apiToken));
         apiToken = apiToken.Trim();
@@ -126,21 +175,66 @@ public async Task SetCredentials(string coderUrl, string apiToken, CancellationT
             CoderUrl = coderUrl,
             ApiToken = apiToken,
         };
-        var model = await PopulateModel(raw, ct);
-        WriteCredentials(raw);
+        var populateCts = CancellationTokenSource.CreateLinkedTokenSource(ct);
+        populateCts.CancelAfter(TimeSpan.FromSeconds(15));
+        var model = await PopulateModel(raw, populateCts.Token);
+        await Backend.WriteCredentials(raw, ct);
         UpdateState(model);
     }
 
-    public void ClearCredentials()
+    public async Task ClearCredentials(CancellationToken ct = default)
     {
-        NativeApi.DeleteCredentials(CredentialsTargetName);
+        using var _ = await _opLock.LockAsync(ct);
+        await Backend.DeleteCredentials(ct);
         UpdateState(new CredentialModel
         {
             State = CredentialState.Invalid,
         });
     }
 
-    private async Task<CredentialModel> PopulateModel(RawCredentials? credentials, CancellationToken ct = default)
+    private async Task<CredentialModel> LoadCredentialsInner(CancellationToken ct)
+    {
+        CredentialModel model;
+        try
+        {
+            var raw = await Backend.ReadCredentials(ct);
+            model = await PopulateModel(raw, ct);
+        }
+        catch
+        {
+            // This catch will be hit if a SetCredentials operation started, or
+            // if the read/populate failed for some other reason (e.g. HTTP
+            // timeout).
+            //
+            // We don't need to clear the credentials here, the app will think
+            // they're unset and any subsequent SetCredentials call after the
+            // user signs in again will overwrite the old invalid ones.
+            model = new CredentialModel
+            {
+                State = CredentialState.Invalid,
+            };
+        }
+
+        // Grab the lock again so we can update the state. If we got cancelled
+        // due to a SetCredentials call, _latestCredentials will be populated so
+        // we just return that instead.
+        using (await _opLock.LockAsync(ct))
+        {
+            var latestCreds = _latestCredentials;
+            if (latestCreds != null) return latestCreds;
+            if (_loadCts != null)
+            {
+                _loadCts.Dispose();
+                _loadCts = null;
+                _inFlightLoad = null;
+            }
+
+            UpdateState(model);
+            return model;
+        }
+    }
+
+    private async Task<CredentialModel> PopulateModel(RawCredentials? credentials, CancellationToken ct)
     {
         if (credentials is null || string.IsNullOrWhiteSpace(credentials.CoderUrl) ||
             string.IsNullOrWhiteSpace(credentials.ApiToken))
@@ -153,19 +247,21 @@ private async Task<CredentialModel> PopulateModel(RawCredentials? credentials, C
         User me;
         try
         {
-            var cts = CancellationTokenSource.CreateLinkedTokenSource(ct);
-            cts.CancelAfter(TimeSpan.FromSeconds(15));
-            var sdkClient = new CoderApiClient(credentials.CoderUrl);
+            var sdkClient = CoderApiClientFactory.Create(credentials.CoderUrl);
+            // BuildInfo does not require authentication.
+            buildInfo = await sdkClient.GetBuildInfo(ct);
             sdkClient.SetSessionToken(credentials.ApiToken);
-            buildInfo = await sdkClient.GetBuildInfo(cts.Token);
-            me = await sdkClient.GetUser(User.Me, cts.Token);
+            me = await sdkClient.GetUser(User.Me, ct);
         }
         catch (Exception e)
         {
             throw new InvalidOperationException("Could not connect to or verify Coder server", e);
         }
 
         ServerVersionUtilities.ParseAndValidateServerVersion(buildInfo.Version);
+        if (string.IsNullOrWhiteSpace(me.Username))
+            throw new InvalidOperationException("Could not retrieve user information, username is empty");
+
         return new CredentialModel
         {
             State = CredentialState.Valid,
@@ -175,20 +271,27 @@ private async Task<CredentialModel> PopulateModel(RawCredentials? credentials, C
         };
     }
 
+    // Lock must be held when calling this function.
     private void UpdateState(CredentialModel newModel)
     {
-        using (_stateLock.Lock())
-        {
-            _latestCredentials = newModel.Clone();
-        }
-
+        _latestCredentials = newModel;
         CredentialsChanged?.Invoke(this, newModel.Clone());
     }
+}
+
+public class WindowsCredentialBackend : ICredentialBackend
+{
+    private readonly string _credentialsTargetName;
+
+    public WindowsCredentialBackend(string credentialsTargetName)
+    {
+        _credentialsTargetName = credentialsTargetName;
+    }
 
-    private static RawCredentials? ReadCredentials()
+    public Task<RawCredentials?> ReadCredentials(CancellationToken ct = default)
     {
-        var raw = NativeApi.ReadCredentials(CredentialsTargetName);
-        if (raw == null) return null;
+        var raw = NativeApi.ReadCredentials(_credentialsTargetName);
+        if (raw == null) return Task.FromResult<RawCredentials?>(null);
 
         RawCredentials? credentials;
         try
@@ -197,19 +300,23 @@ private void UpdateState(CredentialModel newModel)
         }
         catch (JsonException)
         {
-            return null;
+            credentials = null;
         }
 
-        if (credentials is null || string.IsNullOrWhiteSpace(credentials.CoderUrl) ||
-            string.IsNullOrWhiteSpace(credentials.ApiToken)) return null;
-
-        return credentials;
+        return Task.FromResult(credentials);
     }
 
-    private static void WriteCredentials(RawCredentials credentials)
+    public Task WriteCredentials(RawCredentials credentials, CancellationToken ct = default)
     {
         var raw = JsonSerializer.Serialize(credentials, RawCredentialsJsonContext.Default.RawCredentials);
-        NativeApi.WriteCredentials(CredentialsTargetName, raw);
+        NativeApi.WriteCredentials(_credentialsTargetName, raw);
+        return Task.CompletedTask;
+    }
+
+    public Task DeleteCredentials(CancellationToken ct = default)
+    {
+        NativeApi.DeleteCredentials(_credentialsTargetName);
+        return Task.CompletedTask;
     }
 
     private static class NativeApi

App/ViewModels/SignInViewModel.cs

@@ -79,8 +79,29 @@ public Uri GenTokenUrl
     public SignInViewModel(ICredentialManager credentialManager)
     {
         _credentialManager = credentialManager;
-        CoderUrl = _credentialManager.GetSignInUri() ?? "";
-        if (!string.IsNullOrWhiteSpace(CoderUrl)) CoderUrlTouched = true;
+    }
+
+    // When the URL box loads, get the old URI from the credential manager.
+    // This is an async operation on paper, but we would expect it to be
+    // synchronous or extremely quick in practice.
+    public void CoderUrl_Loaded(object sender, RoutedEventArgs e)
+    {
+        if (sender is not TextBox textBox) return;
+
+        var dispatcherQueue = textBox.DispatcherQueue;
+        _credentialManager.GetSignInUri().ContinueWith(t =>
+        {
+            if (t.IsCompleted && !string.IsNullOrWhiteSpace(t.Result))
+                dispatcherQueue.TryEnqueue(() =>
+                {
+                    if (!CoderUrlTouched)
+                    {
+                        CoderUrl = t.Result;
+                        CoderUrlTouched = true;
+                        textBox.SelectionStart = CoderUrl.Length;
+                    }
+                });
+        });
     }
 
     public void CoderUrl_FocusLost(object sender, RoutedEventArgs e)

App/Views/Pages/SignInUrlPage.xaml

@@ -46,6 +46,7 @@
                 Grid.Row="0"
                 HorizontalAlignment="Stretch"
                 PlaceholderText="https://coder.example.com"
+                Loaded="{x:Bind ViewModel.CoderUrl_Loaded, Mode=OneWay}"
                 LostFocus="{x:Bind ViewModel.CoderUrl_FocusLost, Mode=OneWay}"
                 Text="{x:Bind ViewModel.CoderUrl, Mode=TwoWay}" />
 

App/Views/TrayWindow.xaml.cs

@@ -1,6 +1,5 @@
 using System;
 using System.Runtime.InteropServices;
-using System.Threading;
 using Windows.Foundation;
 using Windows.Graphics;
 using Windows.System;
@@ -28,7 +27,7 @@ public sealed partial class TrayWindow : Window
 
     private readonly IRpcController _rpcController;
     private readonly ICredentialManager _credentialManager;
-    private readonly TrayWindowLoadingPage _loadingPgae;
+    private readonly TrayWindowLoadingPage _loadingPage;
     private readonly TrayWindowDisconnectedPage _disconnectedPage;
     private readonly TrayWindowLoginRequiredPage _loginRequiredPage;
     private readonly TrayWindowMainPage _mainPage;
@@ -40,7 +39,7 @@ public TrayWindow(IRpcController rpcController, ICredentialManager credentialMan
     {
         _rpcController = rpcController;
         _credentialManager = credentialManager;
-        _loadingPgae = loadingPage;
+        _loadingPage = loadingPage;
         _disconnectedPage = disconnectedPage;
         _loginRequiredPage = loginRequiredPage;
         _mainPage = mainPage;
@@ -54,14 +53,6 @@ public TrayWindow(IRpcController rpcController, ICredentialManager credentialMan
         credentialManager.CredentialsChanged += CredentialManager_CredentialsChanged;
         SetPageByState(rpcController.GetState(), credentialManager.GetCachedCredentials());
 
-        // Start connecting in the background.
-        if (rpcController.GetState().RpcLifecycle == RpcLifecycle.Disconnected)
-            _ = _rpcController.Reconnect(CancellationToken.None);
-
-        // Load the credentials in the background. Even though we pass a CT with no cancellation, the method itself will
-        // impose a timeout on the HTTP portion.
-        _ = _credentialManager.LoadCredentials(CancellationToken.None);
-
         // Setting OpenCommand and ExitCommand directly in the .xaml doesn't seem to work for whatever reason.
         TrayIcon.OpenCommand = Tray_OpenCommand;
         TrayIcon.ExitCommand = Tray_ExitCommand;
@@ -89,7 +80,7 @@ private void SetPageByState(RpcModel rpcModel, CredentialModel credentialModel)
     {
         if (credentialModel.State == CredentialState.Unknown)
         {
-            SetRootFrame(_loadingPgae);
+            SetRootFrame(_loadingPage);
             return;
         }
 

Coder.Desktop.sln

@@ -23,6 +23,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Vpn.DebugClient", "Vpn.Debu
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Installer", "Installer\Installer.csproj", "{39F5B55A-09D8-477D-A3FA-ADAC29C52605}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Tests.App", "Tests.App\Tests.App.csproj", "{3E91CED7-5528-4B46-8722-FB95D4FAB967}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -203,8 +205,27 @@ Global
 		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Release|x64.Build.0 = Release|Any CPU
 		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Release|x86.ActiveCfg = Release|Any CPU
 		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Release|x86.Build.0 = Release|Any CPU
+		{3E91CED7-5528-4B46-8722-FB95D4FAB967}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{3E91CED7-5528-4B46-8722-FB95D4FAB967}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{3E91CED7-5528-4B46-8722-FB95D4FAB967}.Debug|ARM64.ActiveCfg = Debug|Any CPU
+		{3E91CED7-5528-4B46-8722-FB95D4FAB967}.Debug|ARM64.Build.0 = Debug|Any CPU
+		{3E91CED7-5528-4B46-8722-FB95D4FAB967}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{3E91CED7-5528-4B46-8722-FB95D4FAB967}.Debug|x64.Build.0 = Debug|Any CPU
+		{3E91CED7-5528-4B46-8722-FB95D4FAB967}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{3E91CED7-5528-4B46-8722-FB95D4FAB967}.Debug|x86.Build.0 = Debug|Any CPU
+		{3E91CED7-5528-4B46-8722-FB95D4FAB967}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{3E91CED7-5528-4B46-8722-FB95D4FAB967}.Release|Any CPU.Build.0 = Release|Any CPU
+		{3E91CED7-5528-4B46-8722-FB95D4FAB967}.Release|ARM64.ActiveCfg = Release|Any CPU
+		{3E91CED7-5528-4B46-8722-FB95D4FAB967}.Release|ARM64.Build.0 = Release|Any CPU
+		{3E91CED7-5528-4B46-8722-FB95D4FAB967}.Release|x64.ActiveCfg = Release|Any CPU
+		{3E91CED7-5528-4B46-8722-FB95D4FAB967}.Release|x64.Build.0 = Release|Any CPU
+		{3E91CED7-5528-4B46-8722-FB95D4FAB967}.Release|x86.ActiveCfg = Release|Any CPU
+		{3E91CED7-5528-4B46-8722-FB95D4FAB967}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {FC108D8D-B425-4DA0-B9CC-69670BCF4835}
+	EndGlobalSection
 EndGlobal

CoderSdk/CoderApiClient.cs

@@ -2,7 +2,25 @@
 using System.Text.Json;
 using System.Text.Json.Serialization;
 
-namespace CoderSdk;
+namespace Coder.Desktop.CoderSdk;
+
+public interface ICoderApiClientFactory
+{
+    public ICoderApiClient Create(string baseUrl);
+}
+
+public class CoderApiClientFactory : ICoderApiClientFactory
+{
+    public ICoderApiClient Create(string baseUrl)
+    {
+        return new CoderApiClient(baseUrl);
+    }
+}
+
+public partial interface ICoderApiClient
+{
+    public void SetSessionToken(string token);
+}
 
 /// <summary>
 ///     Changes names from PascalCase to snake_case.
@@ -24,11 +42,18 @@ public partial class CoderSdkJsonContext : JsonSerializerContext;
 /// <summary>
 ///     Provides a limited selection of API methods for a Coder instance.
 /// </summary>
-public partial class CoderApiClient
+public partial class CoderApiClient : ICoderApiClient
 {
+    public static readonly JsonSerializerOptions JsonOptions = new()
+    {
+        TypeInfoResolver = CoderSdkJsonContext.Default,
+        PropertyNameCaseInsensitive = true,
+        PropertyNamingPolicy = new SnakeCaseNamingPolicy(),
+        DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull,
+    };
+
     // TODO: allow adding headers
     private readonly HttpClient _httpClient = new();
-    private readonly JsonSerializerOptions _jsonOptions;
 
     public CoderApiClient(string baseUrl) : this(new Uri(baseUrl, UriKind.Absolute))
     {
@@ -39,13 +64,6 @@ public CoderApiClient(Uri baseUrl)
         if (baseUrl.PathAndQuery != "/")
             throw new ArgumentException($"Base URL '{baseUrl}' must not contain a path", nameof(baseUrl));
         _httpClient.BaseAddress = baseUrl;
-        _jsonOptions = new JsonSerializerOptions
-        {
-            TypeInfoResolver = CoderSdkJsonContext.Default,
-            PropertyNameCaseInsensitive = true,
-            PropertyNamingPolicy = new SnakeCaseNamingPolicy(),
-            DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull,
-        };
     }
 
     public CoderApiClient(string baseUrl, string token) : this(baseUrl)
@@ -74,7 +92,7 @@ private async Task<TResponse> SendRequestAsync<TRequest, TResponse>(HttpMethod m
 
             if (payload is not null)
             {
-                var json = JsonSerializer.Serialize(payload, typeof(TRequest), _jsonOptions);
+                var json = JsonSerializer.Serialize(payload, typeof(TRequest), JsonOptions);
                 request.Content = new StringContent(json, Encoding.UTF8, "application/json");
             }
 
@@ -83,7 +101,7 @@ private async Task<TResponse> SendRequestAsync<TRequest, TResponse>(HttpMethod m
             res.EnsureSuccessStatusCode();
 
             var content = await res.Content.ReadAsStringAsync(ct);
-            var data = JsonSerializer.Deserialize<TResponse>(content, _jsonOptions);
+            var data = JsonSerializer.Deserialize<TResponse>(content, JsonOptions);
             if (data is null) throw new JsonException("Deserialized response is null");
             return data;
         }

CoderSdk/Deployment.cs

@@ -1,16 +1,13 @@
-namespace CoderSdk;
+namespace Coder.Desktop.CoderSdk;
+
+public partial interface ICoderApiClient
+{
+    public Task<BuildInfo> GetBuildInfo(CancellationToken ct = default);
+}
 
 public class BuildInfo
 {
-    public string ExternalUrl { get; set; } = "";
     public string Version { get; set; } = "";
-    public string DashboardUrl { get; set; } = "";
-    public bool Telemetry { get; set; } = false;
-    public bool WorkspaceProxy { get; set; } = false;
-    public string AgentApiVersion { get; set; } = "";
-    public string ProvisionerApiVersion { get; set; } = "";
-    public string UpgradeMessage { get; set; } = "";
-    public string DeploymentId { get; set; } = "";
 }
 
 public partial class CoderApiClient

CoderSdk/Users.cs

@@ -1,10 +1,14 @@
-namespace CoderSdk;
+namespace Coder.Desktop.CoderSdk;
+
+public partial interface ICoderApiClient
+{
+    public Task<User> GetUser(string user, CancellationToken ct = default);
+}
 
 public class User
 {
     public const string Me = "me";
 
-    // TODO: fill out more fields
     public string Username { get; set; } = "";
 }
 

Tests.App/Services/CredentialManagerTest.cs

@@ -0,0 +1,316 @@
+using System.Diagnostics;
+using Coder.Desktop.App.Models;
+using Coder.Desktop.App.Services;
+using Coder.Desktop.CoderSdk;
+using Moq;
+
+namespace Coder.Desktop.Tests.App.Services;
+
+[TestFixture]
+public class CredentialManagerTest
+{
+    private const string TestServerUrl = "https://dev.coder.com";
+    private const string TestApiToken = "abcdef1234-abcdef1234567890ABCDEF";
+    private const string TestUsername = "dean";
+
+    [Test(Description = "End to end test with WindowsCredentialBackend")]
+    [CancelAfter(30_000)]
+    public async Task EndToEnd(CancellationToken ct)
+    {
+        var credentialBackend = new WindowsCredentialBackend($"Coder.Desktop.Test.App.{Guid.NewGuid()}");
+
+        // I lied. It's not fully end to end. We don't use a real or fake API
+        // server for this and use a mock client instead.
+        var apiClient = new Mock<ICoderApiClient>(MockBehavior.Strict);
+        apiClient.Setup(x => x.SetSessionToken(TestApiToken));
+        apiClient.Setup(x => x.GetBuildInfo(It.IsAny<CancellationToken>()).Result)
+            .Returns(new BuildInfo { Version = "v2.20.0" });
+        apiClient.Setup(x => x.GetUser(User.Me, It.IsAny<CancellationToken>()).Result)
+            .Returns(new User { Username = TestUsername });
+        var apiClientFactory = new Mock<ICoderApiClientFactory>(MockBehavior.Strict);
+        apiClientFactory.Setup(x => x.Create(TestServerUrl))
+            .Returns(apiClient.Object);
+
+        try
+        {
+            var manager1 = new CredentialManager(credentialBackend, apiClientFactory.Object);
+
+            // Cached credential should be unknown.
+            var cred = manager1.GetCachedCredentials();
+            Assert.That(cred.State, Is.EqualTo(CredentialState.Unknown));
+
+            // Load credentials from backend. No credentials are stored so it
+            // should be invalid.
+            cred = await manager1.LoadCredentials(ct);
+            Assert.That(cred.State, Is.EqualTo(CredentialState.Invalid));
+
+            // SetCredentials should succeed.
+            await manager1.SetCredentials(TestServerUrl, TestApiToken, ct);
+
+            // Cached credential should be valid.
+            cred = manager1.GetCachedCredentials();
+            Assert.That(cred.State, Is.EqualTo(CredentialState.Valid));
+            Assert.That(cred.CoderUrl, Is.EqualTo(TestServerUrl));
+            Assert.That(cred.ApiToken, Is.EqualTo(TestApiToken));
+            Assert.That(cred.Username, Is.EqualTo(TestUsername));
+
+            // Load credentials should return the same reference.
+            var loadedCred = await manager1.LoadCredentials(ct);
+            Assert.That(ReferenceEquals(cred, loadedCred), Is.True);
+
+            // A second manager should be able to load the same credentials.
+            var manager2 = new CredentialManager(credentialBackend, apiClientFactory.Object);
+            cred = await manager2.LoadCredentials(ct);
+            Assert.That(cred.State, Is.EqualTo(CredentialState.Valid));
+            Assert.That(cred.CoderUrl, Is.EqualTo(TestServerUrl));
+            Assert.That(cred.ApiToken, Is.EqualTo(TestApiToken));
+            Assert.That(cred.Username, Is.EqualTo(TestUsername));
+
+            // Clearing the credentials should make them invalid.
+            await manager1.ClearCredentials(ct);
+            cred = manager1.GetCachedCredentials();
+            Assert.That(cred.State, Is.EqualTo(CredentialState.Invalid));
+
+            // And loading them in a new manager should also be invalid.
+            var manager3 = new CredentialManager(credentialBackend, apiClientFactory.Object);
+            cred = await manager3.LoadCredentials(ct);
+            Assert.That(cred.State, Is.EqualTo(CredentialState.Invalid));
+        }
+        finally
+        {
+            // In case something goes wrong, make sure to clean up.
+            await credentialBackend.DeleteCredentials(CancellationToken.None);
+        }
+    }
+
+    [Test(Description = "Test SetCredentials with invalid URL or token")]
+    public void SetCredentialsInvalidUrlOrToken()
+    {
+        var credentialBackend = new Mock<ICredentialBackend>(MockBehavior.Strict);
+        var apiClientFactory = new Mock<ICoderApiClientFactory>(MockBehavior.Strict);
+        var manager = new CredentialManager(credentialBackend.Object, apiClientFactory.Object);
+
+        var cases = new List<(string, string, string)>
+        {
+            (null!, TestApiToken, "Coder URL is required"),
+            ("", TestApiToken, "Coder URL is required"),
+            (" ", TestApiToken, "Coder URL is required"),
+            (new string('a', 129), TestApiToken, "Coder URL is too long"),
+            ("a", TestApiToken, "not a valid URL"),
+            ("ftp://dev.coder.com", TestApiToken, "Coder URL must be HTTP or HTTPS"),
+
+            (TestServerUrl, null!, "API token is required"),
+            (TestServerUrl, "", "API token is required"),
+            (TestServerUrl, " ", "API token is required"),
+        };
+
+        foreach (var (url, token, expectedMessage) in cases)
+        {
+            var ex = Assert.ThrowsAsync<ArgumentException>(() =>
+                manager.SetCredentials(url, token, CancellationToken.None));
+            Assert.That(ex.Message, Does.Contain(expectedMessage));
+        }
+    }
+
+    [Test(Description = "Invalid server buildinfo response")]
+    public void InvalidServerBuildInfoResponse()
+    {
+        var credentialBackend = new Mock<ICredentialBackend>(MockBehavior.Strict);
+        var apiClient = new Mock<ICoderApiClient>(MockBehavior.Strict);
+        apiClient.Setup(x => x.GetBuildInfo(It.IsAny<CancellationToken>()).Result)
+            .Throws(new Exception("Test exception"));
+        var apiClientFactory = new Mock<ICoderApiClientFactory>(MockBehavior.Strict);
+        apiClientFactory.Setup(x => x.Create(TestServerUrl))
+            .Returns(apiClient.Object);
+
+        // Attempt a set.
+        var manager = new CredentialManager(credentialBackend.Object, apiClientFactory.Object);
+        var ex = Assert.ThrowsAsync<InvalidOperationException>(() =>
+            manager.SetCredentials(TestServerUrl, TestApiToken, CancellationToken.None));
+        Assert.That(ex.Message, Does.Contain("Could not connect to or verify Coder server"));
+
+        // Attempt a load.
+        credentialBackend.Setup(x => x.ReadCredentials(It.IsAny<CancellationToken>()).Result)
+            .Returns(new RawCredentials
+            {
+                CoderUrl = TestServerUrl,
+                ApiToken = TestApiToken,
+            });
+        var cred = manager.LoadCredentials(CancellationToken.None).Result;
+        Assert.That(cred.State, Is.EqualTo(CredentialState.Invalid));
+    }
+
+    [Test(Description = "Invalid server version")]
+    public void InvalidServerVersion()
+    {
+        var credentialBackend = new Mock<ICredentialBackend>(MockBehavior.Strict);
+        var apiClient = new Mock<ICoderApiClient>(MockBehavior.Strict);
+        apiClient.Setup(x => x.GetBuildInfo(It.IsAny<CancellationToken>()).Result)
+            .Returns(new BuildInfo { Version = "v2.19.0" });
+        apiClient.Setup(x => x.SetSessionToken(TestApiToken));
+        apiClient.Setup(x => x.GetUser(User.Me, It.IsAny<CancellationToken>()).Result)
+            .Returns(new User { Username = TestUsername });
+        var apiClientFactory = new Mock<ICoderApiClientFactory>(MockBehavior.Strict);
+        apiClientFactory.Setup(x => x.Create(TestServerUrl))
+            .Returns(apiClient.Object);
+
+        // Attempt a set.
+        var manager = new CredentialManager(credentialBackend.Object, apiClientFactory.Object);
+        var ex = Assert.ThrowsAsync<ArgumentException>(() =>
+            manager.SetCredentials(TestServerUrl, TestApiToken, CancellationToken.None));
+        Assert.That(ex.Message, Does.Contain("not within required server version range"));
+
+        // Attempt a load.
+        credentialBackend.Setup(x => x.ReadCredentials(It.IsAny<CancellationToken>()).Result)
+            .Returns(new RawCredentials
+            {
+                CoderUrl = TestServerUrl,
+                ApiToken = TestApiToken,
+            });
+        var cred = manager.LoadCredentials(CancellationToken.None).Result;
+        Assert.That(cred.State, Is.EqualTo(CredentialState.Invalid));
+    }
+
+    [Test(Description = "Invalid server user response")]
+    public void InvalidServerUserResponse()
+    {
+        var credentialBackend = new Mock<ICredentialBackend>(MockBehavior.Strict);
+        var apiClient = new Mock<ICoderApiClient>(MockBehavior.Strict);
+        apiClient.Setup(x => x.GetBuildInfo(It.IsAny<CancellationToken>()).Result)
+            .Returns(new BuildInfo { Version = "v2.20.0" });
+        apiClient.Setup(x => x.SetSessionToken(TestApiToken));
+        apiClient.Setup(x => x.GetUser(User.Me, It.IsAny<CancellationToken>()).Result)
+            .Throws(new Exception("Test exception"));
+        var apiClientFactory = new Mock<ICoderApiClientFactory>(MockBehavior.Strict);
+        apiClientFactory.Setup(x => x.Create(TestServerUrl))
+            .Returns(apiClient.Object);
+
+        // Attempt a set.
+        var manager = new CredentialManager(credentialBackend.Object, apiClientFactory.Object);
+        var ex = Assert.ThrowsAsync<InvalidOperationException>(() =>
+            manager.SetCredentials(TestServerUrl, TestApiToken, CancellationToken.None));
+        Assert.That(ex.Message, Does.Contain("Could not connect to or verify Coder server"));
+
+        // Attempt a load.
+        credentialBackend.Setup(x => x.ReadCredentials(It.IsAny<CancellationToken>()).Result)
+            .Returns(new RawCredentials
+            {
+                CoderUrl = TestServerUrl,
+                ApiToken = TestApiToken,
+            });
+        var cred = manager.LoadCredentials(CancellationToken.None).Result;
+        Assert.That(cred.State, Is.EqualTo(CredentialState.Invalid));
+    }
+
+    [Test(Description = "Invalid username")]
+    public void InvalidUsername()
+    {
+        var credentialBackend = new Mock<ICredentialBackend>(MockBehavior.Strict);
+        var apiClient = new Mock<ICoderApiClient>(MockBehavior.Strict);
+        apiClient.Setup(x => x.GetBuildInfo(It.IsAny<CancellationToken>()).Result)
+            .Returns(new BuildInfo { Version = "v2.20.0" });
+        apiClient.Setup(x => x.SetSessionToken(TestApiToken));
+        apiClient.Setup(x => x.GetUser(User.Me, It.IsAny<CancellationToken>()).Result)
+            .Returns(new User { Username = "" });
+        var apiClientFactory = new Mock<ICoderApiClientFactory>(MockBehavior.Strict);
+        apiClientFactory.Setup(x => x.Create(TestServerUrl))
+            .Returns(apiClient.Object);
+
+        // Attempt a set.
+        var manager = new CredentialManager(credentialBackend.Object, apiClientFactory.Object);
+        var ex = Assert.ThrowsAsync<InvalidOperationException>(() =>
+            manager.SetCredentials(TestServerUrl, TestApiToken, CancellationToken.None));
+        Assert.That(ex.Message, Does.Contain("username is empty"));
+
+        // Attempt a load.
+        credentialBackend.Setup(x => x.ReadCredentials(It.IsAny<CancellationToken>()).Result)
+            .Returns(new RawCredentials
+            {
+                CoderUrl = TestServerUrl,
+                ApiToken = TestApiToken,
+            });
+        var cred = manager.LoadCredentials(CancellationToken.None).Result;
+        Assert.That(cred.State, Is.EqualTo(CredentialState.Invalid));
+    }
+
+    [Test(Description = "Duplicate loads should use the same Task")]
+    [CancelAfter(30_000)]
+    public async Task DuplicateLoads(CancellationToken ct)
+    {
+        var credentialBackend = new Mock<ICredentialBackend>(MockBehavior.Strict);
+        credentialBackend.Setup(x => x.ReadCredentials(It.IsAny<CancellationToken>()).Result)
+            .Returns(new RawCredentials
+            {
+                CoderUrl = TestServerUrl,
+                ApiToken = TestApiToken,
+            })
+            .Verifiable(Times.Exactly(1));
+        var apiClient = new Mock<ICoderApiClient>(MockBehavior.Strict);
+        // To accomplish delay, the GetBuildInfo will wait for a TCS.
+        var tcs = new TaskCompletionSource();
+        apiClient.Setup(x => x.GetBuildInfo(It.IsAny<CancellationToken>()))
+            .Returns(async (CancellationToken _) =>
+            {
+                await tcs.Task;
+                return new BuildInfo { Version = "v2.20.0" };
+            })
+            .Verifiable(Times.Exactly(1));
+        apiClient.Setup(x => x.SetSessionToken(TestApiToken));
+        apiClient.Setup(x => x.GetUser(User.Me, It.IsAny<CancellationToken>()).Result)
+            .Returns(new User { Username = TestUsername })
+            .Verifiable(Times.Exactly(1));
+        var apiClientFactory = new Mock<ICoderApiClientFactory>(MockBehavior.Strict);
+        apiClientFactory.Setup(x => x.Create(TestServerUrl))
+            .Returns(apiClient.Object)
+            .Verifiable(Times.Exactly(1));
+
+        var manager = new CredentialManager(credentialBackend.Object, apiClientFactory.Object);
+        var cred1Task = manager.LoadCredentials(ct);
+        var cred2Task = manager.LoadCredentials(ct);
+        Assert.That(ReferenceEquals(cred1Task, cred2Task), Is.True);
+        tcs.SetResult();
+        var cred1 = await cred1Task;
+        var cred2 = await cred2Task;
+        Assert.That(ReferenceEquals(cred1, cred2), Is.True);
+
+        credentialBackend.Verify();
+        apiClient.Verify();
+        apiClientFactory.Verify();
+    }
+
+    [Test(Description = "A set during a load should cancel the load")]
+    [CancelAfter(30_000)]
+    public async Task SetDuringLoad(CancellationToken ct)
+    {
+        var credentialBackend = new Mock<ICredentialBackend>(MockBehavior.Strict);
+        // To accomplish a delay on the load, ReadCredentials will block on the CT.
+        credentialBackend.Setup(x => x.ReadCredentials(It.IsAny<CancellationToken>()))
+            .Returns(async (CancellationToken innerCt) =>
+            {
+                await Task.Delay(Timeout.Infinite, innerCt);
+                throw new UnreachableException();
+            });
+        credentialBackend.Setup(x =>
+                x.WriteCredentials(
+                    It.Is<RawCredentials>(c => c.CoderUrl == TestServerUrl && c.ApiToken == TestApiToken),
+                    It.IsAny<CancellationToken>()))
+            .Returns(Task.CompletedTask);
+        var apiClient = new Mock<ICoderApiClient>(MockBehavior.Strict);
+        apiClient.Setup(x => x.GetBuildInfo(It.IsAny<CancellationToken>()).Result)
+            .Returns(new BuildInfo { Version = "v2.20.0" });
+        apiClient.Setup(x => x.SetSessionToken(TestApiToken));
+        apiClient.Setup(x => x.GetUser(User.Me, It.IsAny<CancellationToken>()).Result)
+            .Returns(new User { Username = TestUsername });
+        var apiClientFactory = new Mock<ICoderApiClientFactory>(MockBehavior.Strict);
+        apiClientFactory.Setup(x => x.Create(TestServerUrl))
+            .Returns(apiClient.Object);
+
+        var manager = new CredentialManager(credentialBackend.Object, apiClientFactory.Object);
+        // Start a load...
+        var loadTask = manager.LoadCredentials(ct);
+        // Then fully perform a set.
+        await manager.SetCredentials(TestServerUrl, TestApiToken, ct);
+        // The load should have been cancelled.
+        Assert.ThrowsAsync<TaskCanceledException>(() => loadTask);
+    }
+}

Tests.App/Tests.App.csproj

@@ -0,0 +1,38 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+    <PropertyGroup>
+        <AssemblyName>Coder.Desktop.Tests.App</AssemblyName>
+        <RootNamespace>Coder.Desktop.Tests.App</RootNamespace>
+        <TargetFramework>net8.0-windows10.0.19041.0</TargetFramework>
+        <LangVersion>preview</LangVersion>
+        <ImplicitUsings>enable</ImplicitUsings>
+        <Nullable>enable</Nullable>
+        <EnableMsixTooling>true</EnableMsixTooling>
+
+        <IsPackable>false</IsPackable>
+        <IsTestProject>true</IsTestProject>
+    </PropertyGroup>
+
+    <ItemGroup>
+        <PackageReference Include="coverlet.collector" Version="6.0.4">
+            <PrivateAssets>all</PrivateAssets>
+            <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+        </PackageReference>
+        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
+        <PackageReference Include="Moq" Version="4.20.72" />
+        <PackageReference Include="NUnit" Version="4.3.2" />
+        <PackageReference Include="NUnit.Analyzers" Version="4.6.0">
+            <PrivateAssets>all</PrivateAssets>
+            <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+        </PackageReference>
+        <PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />
+    </ItemGroup>
+
+    <ItemGroup>
+        <Using Include="NUnit.Framework" />
+    </ItemGroup>
+
+    <ItemGroup>
+        <ProjectReference Include="..\App\App.csproj" />
+    </ItemGroup>
+</Project>

Tests.Vpn/Utilities/ServerVersionUtilitiesTest.cs

@@ -30,7 +30,8 @@ public void InvalidVersions()
 
         foreach (var (version, expectedErrorMessage) in invalidVersions)
         {
-            var ex = Assert.Throws<ArgumentException>(() => ServerVersionUtilities.ParseAndValidateServerVersion(version));
+            var ex = Assert.Throws<ArgumentException>(() =>
+                ServerVersionUtilities.ParseAndValidateServerVersion(version));
             Assert.That(ex.Message, Does.Contain(expectedErrorMessage));
         }
     }

Vpn.Service/Manager.cs

@@ -1,7 +1,7 @@
 using System.Runtime.InteropServices;
+using Coder.Desktop.CoderSdk;
 using Coder.Desktop.Vpn.Proto;
 using Coder.Desktop.Vpn.Utilities;
-using CoderSdk;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Semver;

Vpn/Utilities/RaiiSemaphoreSlim.cs

@@ -30,30 +30,30 @@ public IDisposable Lock()
         return new Locker(_semaphore);
     }
 
-    public async ValueTask<IDisposable> LockAsync(CancellationToken ct = default)
+    public async Task<IDisposable> LockAsync(CancellationToken ct = default)
     {
         await _semaphore.WaitAsync(ct);
         return new Locker(_semaphore);
     }
 
-    public async ValueTask<IDisposable?> LockAsync(TimeSpan timeout, CancellationToken ct = default)
+    public async Task<IDisposable?> LockAsync(TimeSpan timeout, CancellationToken ct = default)
     {
         if (!await _semaphore.WaitAsync(timeout, ct)) return null;
         return new Locker(_semaphore);
     }
 
     private class Locker : IDisposable
     {
-        private readonly SemaphoreSlim _semaphore1;
+        private readonly SemaphoreSlim _semaphore;
 
         public Locker(SemaphoreSlim semaphore)
         {
-            _semaphore1 = semaphore;
+            _semaphore = semaphore;
         }
 
         public void Dispose()
         {
-            _semaphore1.Release();
+            _semaphore.Release();
             GC.SuppressFinalize(this);
         }
     }