impl: rework the handling of missing token code

- the existing code was trying indefinitely to ask for token until the user gets it right.
  This is not a bad idea, however Toolbox has a couple of limitations that make the existing
  approach almost unusable:
  - the input dialog doesn't allow custom actions through which we can spawn a browser at login page.
  The code always opened the login page when the token was wrong which ended up hammering the browser
  with too many tabs.
  - the token UI page can't be reused to request the login page (this one has a "Get token" action button)
  because once the user clicks on the Get token to open the webpage, Toolbox closes the window and forgets
  the last UI page that was visible.

 - instead with this patch we ask the token from the user only once. If something goes wrong (mostly during login)
   we show an error dialog and stop the flow.

Author: fioan89

src/main/kotlin/com/coder/toolbox/util/CoderProtocolHandler.kt

@@ -6,12 +6,10 @@ import com.coder.toolbox.cli.ensureCLI
 import com.coder.toolbox.models.WorkspaceAndAgentStatus
 import com.coder.toolbox.plugin.PluginManager
 import com.coder.toolbox.sdk.CoderRestClient
-import com.coder.toolbox.sdk.ex.APIResponseException
 import com.coder.toolbox.sdk.v2.models.Workspace
 import com.coder.toolbox.sdk.v2.models.WorkspaceAgent
 import com.coder.toolbox.sdk.v2.models.WorkspaceStatus
 import com.coder.toolbox.settings.CoderSettings
-import com.coder.toolbox.settings.Source
 import kotlinx.coroutines.flow.StateFlow
 import kotlinx.coroutines.flow.filter
 import kotlinx.coroutines.launch
@@ -48,12 +46,7 @@ open class CoderProtocolHandler(
             return
         }
 
-        val queryTokenRaw = params.token()
-        val queryToken = if (!queryTokenRaw.isNullOrBlank()) {
-            Pair(queryTokenRaw, Source.QUERY)
-        } else {
-            null
-        }
+        val queryToken = params.token()
         val restClient = try {
             authenticate(deploymentURL, queryToken)
         } catch (ex: MissingArgumentException) {
@@ -158,35 +151,29 @@ open class CoderProtocolHandler(
     }
 
     /**
-     * Return an authenticated Coder CLI, asking for the token as long as it
-     * continues to result in an authentication failure and token authentication
-     * is required.
-     *
-     * Throw MissingArgumentException if the user aborts.  Any network or invalid
+     * Return an authenticated Coder CLI, asking for the token.
+     * Throw MissingArgumentException if the user aborts. Any network or invalid
      * token error may also be thrown.
      */
     private suspend fun authenticate(
         deploymentURL: String,
-        tryToken: Pair<String, Source>?,
-        error: String? = null,
+        tryToken: String?
     ): CoderRestClient {
         val token =
             if (settings.requireTokenAuth) {
                 // Try the provided token immediately on the first attempt.
-                if (tryToken != null && error == null) {
+                if (!tryToken.isNullOrBlank()) {
                     tryToken
                 } else {
+                    context.ui.showWindow()
+                    context.envPageManager.showPluginEnvironmentsPage(false)
                     // Otherwise ask for a new token, showing the previous token.
-                    dialogUi.askToken(
-                        deploymentURL.toURL(),
-                        tryToken,
-                        useExisting = true,
-                        error,
-                    )
+                    dialogUi.askToken(deploymentURL.toURL())
                 }
             } else {
                 null
             }
+
         if (settings.requireTokenAuth && token == null) { // User aborted.
             throw MissingArgumentException("Token is required")
         }
@@ -195,23 +182,18 @@ open class CoderProtocolHandler(
         val client = CoderRestClient(
             context,
             deploymentURL.toURL(),
-            token?.first,
+            token,
             settings,
-            proxyValues = null,
+            proxyValues = null, // TODO - not sure the above comment applies as we are creating our own http client
             PluginManager.pluginInfo.version,
             httpClient
         )
         return try {
             client.authenticate()
             client
-        } catch (ex: APIResponseException) {
-            // If doing token auth we can ask and try again.
-            if (settings.requireTokenAuth && ex.isUnauthorized) {
-                val msg = humanizeConnectionError(client.url, true, ex)
-                authenticate(deploymentURL, token, msg)
-            } else {
-                throw ex
-            }
+        } catch (ex: Exception) {
+            context.ui.showErrorInfoPopup(IllegalStateException(humanizeConnectionError(client.url, true, ex)))
+            throw ex
         }
     }
 

src/main/kotlin/com/coder/toolbox/util/Dialogs.kt

@@ -3,7 +3,6 @@ package com.coder.toolbox.util
 import com.coder.toolbox.CoderToolboxContext
 import com.coder.toolbox.browser.BrowserUtil
 import com.coder.toolbox.settings.CoderSettings
-import com.coder.toolbox.settings.Source
 import com.jetbrains.toolbox.api.localization.LocalizableString
 import com.jetbrains.toolbox.api.ui.components.TextType
 import java.net.URL
@@ -26,9 +25,6 @@ class DialogUi(
         title: LocalizableString,
         description: LocalizableString,
         placeholder: LocalizableString? = null,
-        // TODO check: there is no link or error support in Toolbox so for now isError and  link are unused.
-        isError: Boolean = false,
-        link: Pair<String, String>? = null,
     ): String? {
         return context.ui.showTextInputPopup(
             title,
@@ -40,68 +36,38 @@ class DialogUi(
         )
     }
 
+    suspend fun askPassword(
+        title: LocalizableString,
+        description: LocalizableString,
+        placeholder: LocalizableString? = null,
+    ): String? {
+        return context.ui.showTextInputPopup(
+            title,
+            description,
+            placeholder,
+            TextType.Password,
+            context.i18n.ptrl("OK"),
+            context.i18n.ptrl("Cancel")
+        )
+    }
+
     private suspend fun openUrl(url: URL) {
         BrowserUtil.browse(url.toString()) {
             context.ui.showErrorInfoPopup(it)
         }
     }
 
     /**
-     * Open a dialog for providing the token.  Show any existing token so
-     * the user can validate it if a previous connection failed.
-     *
-     * If we have not already tried once (no error) and the user has not checked
-     * the existing token box then also open a browser to the auth page.
-     *
-     * If the user has checked the existing token box then return the token
-     * on disk immediately and skip the dialog (this will overwrite any
-     * other existing token) unless this is a retry to avoid clobbering the
-     * token that just failed.
+     * Open a dialog for providing the token.
      */
     suspend fun askToken(
         url: URL,
-        token: Pair<String, Source>?,
-        useExisting: Boolean,
-        error: String?,
-    ): Pair<String, Source>? {
-        val getTokenUrl = url.withPath("/login?redirect=%2Fcli-auth")
-
-        // On the first run (no error) either open a browser to generate a new
-        // token or, if using an existing token, use the token on disk if it
-        // exists otherwise assume the user already copied an existing token and
-        // they will paste in.
-        if (error == null) {
-            if (!useExisting) {
-                openUrl(getTokenUrl)
-            } else {
-                // Look on disk in case we already have a token, either in
-                // the deployment's config or the global config.
-                val tryToken = settings.token(url)
-                if (tryToken != null && tryToken.first != token?.first) {
-                    return tryToken
-                }
-            }
-        }
-
-        // On subsequent tries or if not using an existing token, ask the user
-        // for the token.
-        val tokenFromUser =
-            ask(
-                title = context.i18n.ptrl("Session Token"),
-                description = context.i18n.pnotr(
-                    error
-                        ?: token?.second?.description("token")
-                        ?: "No existing token for ${url.host} found."
-                ),
-                placeholder = token?.first?.let { context.i18n.pnotr(it) },
-                link = Pair("Session Token:", getTokenUrl.toString()),
-                isError = error != null,
-            )
-        if (tokenFromUser.isNullOrBlank()) {
-            return null
-        }
-        // If the user submitted the same token, keep the same source too.
-        val source = if (tokenFromUser == token?.first) token.second else Source.USER
-        return Pair(tokenFromUser, source)
+    ): String? {
+        openUrl(url.withPath("/login?redirect=%2Fcli-auth"))
+        return askPassword(
+            title = context.i18n.ptrl("Session Token"),
+            description = context.i18n.pnotr("Please paste the session token from the web-page"),
+            placeholder = context.i18n.pnotr("")
+        )
     }
 }

src/main/kotlin/com/coder/toolbox/views/TokenPage.kt

@@ -20,7 +20,7 @@ import java.net.URL
  * enter their own.
  */
 class TokenPage(
-    private val context: CoderToolboxContext,
+    context: CoderToolboxContext,
     deploymentURL: URL,
     token: Pair<String, Source>?,
     private val onToken: ((token: String) -> Unit),