Follow up 944: authentication sessions are not persistent (#1003)

* #944: Fixed auth. sessions not persistent * 944: Prevent race conditions setting authOptions * typo correction, duplicate identifier * prevent block of auth client service on setOptions * consider windows cred. mgr. password len limit
2025-11-19 07:09:28 +00:00 · 2022-06-07 11:46:28 +02:00
parent a59e0da2af
commit eaf14aa1eb
6 changed files with 28 additions and 12 deletions
--- a/arduino-ide-extension/src/node/auth/arduino-auth-provider.ts
+++ b/arduino-ide-extension/src/node/auth/arduino-auth-provider.ts
@@ -89,7 +89,7 @@ export class ArduinoAuthenticationProvider implements AuthenticationProvider {
    setInterval(checkToken, REFRESH_INTERVAL);
  }

-  public setOptions(authOptions: AuthOptions) {
+  public async setOptions(authOptions: AuthOptions): Promise<void> {
    this.authOptions = authOptions;
  }

--- a/arduino-ide-extension/src/node/auth/authentication-service-impl.ts
+++ b/arduino-ide-extension/src/node/auth/authentication-service-impl.ts
@@ -20,7 +20,7 @@ export class AuthenticationServiceImpl
  protected readonly clients: AuthenticationServiceClient[] = [];
  protected readonly toDispose = new DisposableCollection();
  
-  private initialized = false; 
+  private initialized = false;

  async onStart(): Promise<void> {
    this.toDispose.pushAll([
@@ -49,12 +49,12 @@ export class AuthenticationServiceImpl
  async initAuthSession(): Promise<void> {
    if (!this.initialized) {
      await this.delegate.init();
-      this.initialized = true
+      this.initialized = true;
    }
  }

-  setOptions(authOptions: AuthOptions) {
-    this.delegate.setOptions(authOptions);
+  setOptions(authOptions: AuthOptions): Promise<void> {
+    return this.delegate.setOptions(authOptions);
  }

  async login(): Promise<AuthenticationSession> {
--- a/arduino-ide-extension/src/node/auth/keychain.ts
+++ b/arduino-ide-extension/src/node/auth/keychain.ts
@@ -47,6 +47,15 @@ export class Keychain {
      return false;
    }
    try {
+      const stringifiedTokenLength = stringifiedToken.length;
+      const tokenLengthNotSupported =
+        stringifiedTokenLength > 2500 && process.platform === 'win32';
+
+      if (tokenLengthNotSupported) {
+        // TODO manage this specific error appropriately
+        return false;
+      }
+
      await keytar.setPassword(
        this.credentialsSection,
        this.account,
--- a/arduino-ide-extension/src/node/auth/utils.ts
+++ b/arduino-ide-extension/src/node/auth/utils.ts
@@ -44,7 +44,15 @@ export function token2IToken(token: Token): IToken {
    (token.id_token && jwt_decode(token.id_token)) || {};

  return {
-    idToken: token.id_token,
+    /*
+     * ".id_token" is already decoded for account details above
+     * so we probably don't need to keep it around as "idToken".
+     * If we do, and subsequently try to store it with
+     * Windows Credential Manager (WCM) it's probable we'll
+     * exceed WCMs' 2500 password character limit breaking
+     * our auth functionality
+     */
+    // ! idToken: token.id_token,
    expiresIn: token.expires_in,
    expiresAt: token.expires_in
      ? Date.now() + token.expires_in * 1000