From ace72b77c5dc752f7461f7474bf34fc07072cdc1 Mon Sep 17 00:00:00 2001 From: Rachel Macfarlane Date: Sun, 5 Apr 2020 15:03:17 -0700 Subject: [PATCH] Update trusted extensions flow again --- .../api/browser/mainThreadAuthentication.ts | 31 ++----------------- .../workbench/api/common/extHost.api.impl.ts | 2 +- .../workbench/api/common/extHost.protocol.ts | 3 +- .../api/common/extHostAuthentication.ts | 28 ++--------------- 4 files changed, 7 insertions(+), 57 deletions(-) diff --git a/src/vs/workbench/api/browser/mainThreadAuthentication.ts b/src/vs/workbench/api/browser/mainThreadAuthentication.ts index 52b7f7ef026..fc92d7ae6b5 100644 --- a/src/vs/workbench/api/browser/mainThreadAuthentication.ts +++ b/src/vs/workbench/api/browser/mainThreadAuthentication.ts @@ -35,7 +35,6 @@ const BUILT_IN_AUTH_DEPENDENTS: AuthDependent[] = [ interface AllowedExtension { id: string; name: string; - sessionIds?: string[]; } function readAllowedExtensions(storageService: IStorageService, providerId: string, accountName: string): AllowedExtension[] { @@ -87,15 +86,6 @@ export class MainThreadAuthenticationProvider extends Disposable { const updatedAllowedList = quickPick.selectedItems.map(item => item.extension); storageService.store(`${this.id}-${accountName}`, JSON.stringify(updatedAllowedList), StorageScope.GLOBAL); - // Remove sessions of untrusted extensions - const deselectedItems = items.filter(item => !quickPick.selectedItems.includes(item)); - deselectedItems.forEach(item => { - const extensionData = allowedExtensions.find(extension => item.extension.id === extension.id); - extensionData?.sessionIds?.forEach(sessionId => { - this.logout(sessionId); - }); - }); - quickPick.dispose(); }); @@ -286,19 +276,10 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu this.authenticationService.sessionsUpdate(id, event); } - async $getSessionsPrompt(providerId: string, accountName: string, sessionId: string, providerName: string, extensionId: string, extensionName: string): Promise { + async $getSessionsPrompt(providerId: string, accountName: string, providerName: string, extensionId: string, extensionName: string): Promise { const allowList = readAllowedExtensions(this.storageService, providerId, accountName); const extensionData = allowList.find(extension => extension.id === extensionId); if (extensionData) { - if (!extensionData.sessionIds) { - extensionData.sessionIds = []; - } - - if (!extensionData.sessionIds.find(id => id === sessionId)) { - extensionData.sessionIds.push(sessionId); - this.storageService.store(`${providerId}-${accountName}`, JSON.stringify(allowList), StorageScope.GLOBAL); - } - return true; } @@ -313,7 +294,7 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu const allow = choice === 1; if (allow) { - allowList.push({ id: extensionId, name: extensionName, sessionIds: [sessionId] }); + allowList.push({ id: extensionId, name: extensionName }); this.storageService.store(`${providerId}-${accountName}`, JSON.stringify(allowList), StorageScope.GLOBAL); } @@ -332,12 +313,4 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu return choice === 1; } - - async $setTrustedExtension(providerId: string, accountName: string, extensionId: string, extensionName: string): Promise { - const allowList = readAllowedExtensions(this.storageService, providerId, accountName); - if (!allowList.find(allowed => allowed.id === extensionId)) { - allowList.push({ id: extensionId, name: extensionName, sessionIds: [] }); - this.storageService.store(`${providerId}-${accountName}`, JSON.stringify(allowList), StorageScope.GLOBAL); - } - } } diff --git a/src/vs/workbench/api/common/extHost.api.impl.ts b/src/vs/workbench/api/common/extHost.api.impl.ts index 054aaa0ad6b..224e77efd8b 100644 --- a/src/vs/workbench/api/common/extHost.api.impl.ts +++ b/src/vs/workbench/api/common/extHost.api.impl.ts @@ -133,7 +133,7 @@ export function createApiFactoryAndRegisterActors(accessor: ServicesAccessor): I const extHostLabelService = rpcProtocol.set(ExtHostContext.ExtHosLabelService, new ExtHostLabelService(rpcProtocol)); const extHostNotebook = rpcProtocol.set(ExtHostContext.ExtHostNotebook, new ExtHostNotebookController(rpcProtocol, extHostCommands, extHostDocumentsAndEditors)); const extHostTheming = rpcProtocol.set(ExtHostContext.ExtHostTheming, new ExtHostTheming(rpcProtocol)); - const extHostAuthentication = rpcProtocol.set(ExtHostContext.ExtHostAuthentication, new ExtHostAuthentication(rpcProtocol, extHostStorage)); + const extHostAuthentication = rpcProtocol.set(ExtHostContext.ExtHostAuthentication, new ExtHostAuthentication(rpcProtocol)); const extHostTimeline = rpcProtocol.set(ExtHostContext.ExtHostTimeline, new ExtHostTimeline(rpcProtocol, extHostCommands)); const extHostWebviews = rpcProtocol.set(ExtHostContext.ExtHostWebviews, new ExtHostWebviews(rpcProtocol, initData.environment, extHostWorkspace, extHostLogService, extHostApiDeprecation, extHostDocuments)); diff --git a/src/vs/workbench/api/common/extHost.protocol.ts b/src/vs/workbench/api/common/extHost.protocol.ts index 4b0770b4b5a..1aa6d171ff2 100644 --- a/src/vs/workbench/api/common/extHost.protocol.ts +++ b/src/vs/workbench/api/common/extHost.protocol.ts @@ -158,9 +158,8 @@ export interface MainThreadAuthenticationShape extends IDisposable { $registerAuthenticationProvider(id: string, displayName: string): void; $unregisterAuthenticationProvider(id: string): void; $onDidChangeSessions(providerId: string, event: modes.AuthenticationSessionsChangeEvent): void; - $getSessionsPrompt(providerId: string, accountName: string, sessionId: string, providerName: string, extensionId: string, extensionName: string): Promise; + $getSessionsPrompt(providerId: string, accountName: string, providerName: string, extensionId: string, extensionName: string): Promise; $loginPrompt(providerName: string, extensionName: string): Promise; - $setTrustedExtension(providerId: string, accountName: string, extensionId: string, extensionName: string): Promise; } export interface MainThreadConfigurationShape extends IDisposable { diff --git a/src/vs/workbench/api/common/extHostAuthentication.ts b/src/vs/workbench/api/common/extHostAuthentication.ts index fe4613bf6ec..2af521dad00 100644 --- a/src/vs/workbench/api/common/extHostAuthentication.ts +++ b/src/vs/workbench/api/common/extHostAuthentication.ts @@ -9,7 +9,6 @@ import { Emitter, Event } from 'vs/base/common/event'; import { IMainContext, MainContext, MainThreadAuthenticationShape, ExtHostAuthenticationShape } from 'vs/workbench/api/common/extHost.protocol'; import { Disposable } from 'vs/workbench/api/common/extHostTypes'; import { IExtensionDescription, ExtensionIdentifier } from 'vs/platform/extensions/common/extensions'; -import { IExtHostStorage } from 'vs/workbench/api/common/extHostStorage'; export class ExtHostAuthentication implements ExtHostAuthenticationShape { private _proxy: MainThreadAuthenticationShape; @@ -21,8 +20,7 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape { private _onDidChangeSessions = new Emitter<{ [providerId: string]: vscode.AuthenticationSessionsChangeEvent }>(); readonly onDidChangeSessions: Event<{ [providerId: string]: vscode.AuthenticationSessionsChangeEvent }> = this._onDidChangeSessions.event; - constructor(mainContext: IMainContext, - @IExtHostStorage private readonly storageService: IExtHostStorage) { + constructor(mainContext: IMainContext) { this._proxy = mainContext.getProxy(MainContext.MainThreadAuthentication); } @@ -35,20 +33,6 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape { return ids; } - private async hasNotBeenReadByOtherExtension(providerId: string, session: vscode.AuthenticationSession, extensionId: string): Promise { - const readerId = await this.storageService.getValue(true, `${providerId}-${session.accountName}-${session.id}`); - if (!readerId) { - await this.storageService.setValue(true, `${providerId}-${session.accountName}-${session.id}`, extensionId as any); - return true; - } - - return readerId === extensionId; - } - - private async isMatchingSession(session: vscode.AuthenticationSession, scopes: string, providerId: string, extensionId: string): Promise { - return session.scopes.sort().join(' ') === scopes && (await this.hasNotBeenReadByOtherExtension(providerId, session, extensionId)); - } - async getSessions(requestingExtension: IExtensionDescription, providerId: string, scopes: string[]): Promise { const provider = this._authenticationProviders.get(providerId); if (!provider) { @@ -58,11 +42,8 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape { const extensionId = ExtensionIdentifier.toKey(requestingExtension.identifier); const orderedScopes = scopes.sort().join(' '); - const sessions = await provider.getSessions(); - const filteredSessions = await Promise.all(sessions.map(session => this.isMatchingSession(session, orderedScopes, providerId, extensionId))); - - return sessions - .filter((_, i) => { return filteredSessions[i]; }) + return (await provider.getSessions()) + .filter(session => session.scopes.sort().join(' ') === orderedScopes) .map(session => { return { id: session.id, @@ -72,7 +53,6 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape { const isAllowed = await this._proxy.$getSessionsPrompt( provider.id, session.accountName, - session.id, provider.displayName, extensionId, requestingExtension.displayName || requestingExtension.name); @@ -100,7 +80,6 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape { } const session = await provider.login(scopes); - await this._proxy.$setTrustedExtension(provider.id, session.accountName, ExtensionIdentifier.toKey(requestingExtension.identifier), extensionName); return { id: session.id, accountName: session.accountName, @@ -109,7 +88,6 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape { const isAllowed = await this._proxy.$getSessionsPrompt( provider.id, session.accountName, - session.id, provider.displayName, ExtensionIdentifier.toKey(requestingExtension.identifier), requestingExtension.displayName || requestingExtension.name);