Skip to content

Commit e743814

Browse files
improve sessions
Signed-off-by: Roman Nikitenko <rnikiten@redhat.com>
1 parent d52806d commit e743814

2 files changed

Lines changed: 9 additions & 29 deletions

File tree

code/extensions/che-github-authentication/src/github.ts

Lines changed: 8 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ import type { DeviceAuthentication } from './device-authentication';
1717
import { ErrorHandler } from './error-handler';
1818
import { ExtensionContext } from './extension-context';
1919
import { Logger } from './logger';
20-
import { getMatchingHydrationScopeBundles, hasAllScopes, isUnauthorizedError, isWorkspacePatSession, sessionMatchesRequestedScopes, WORKSPACE_PAT_SCOPE } from './utils';
20+
import { getMatchingHydrationScopeBundles, hasAllScopes, isUnauthorizedError, sessionMatchesRequestedScopes } from './utils';
2121

2222
export interface GithubUser {
2323
login: string;
@@ -65,15 +65,12 @@ export class GitHubAuthProvider implements vscode.AuthenticationProvider {
6565
if (sessions.length > 0) {
6666
try {
6767
await this.githubService.getTokenScopes(sessions[0].accessToken);
68-
const isDeviceAuthToken = await this.githubService.isDeviceAuthToken();
69-
const sessionsNeedRetag = isDeviceAuthToken
70-
? sessions.some(session => isWorkspacePatSession(session.scopes))
71-
: sessions.some(session => !isWorkspacePatSession(session.scopes));
72-
if (!sessionsNeedRetag) {
73-
this.logger.info('GitHubAuthProvider: existing session token is valid');
68+
const currentToken = await this.githubService.getToken();
69+
if (sessions[0].accessToken === currentToken) {
70+
this.logger.info('GitHubAuthProvider: existing sessions are up to date');
7471
return;
7572
}
76-
this.logger.info('GitHubAuthProvider: re-hydrating sessions to match current token source');
73+
this.logger.info('GitHubAuthProvider: token changed, re-hydrating sessions');
7774
} catch (error) {
7875
if (isUnauthorizedError(error)) {
7976
this.logger.warn('GitHubAuthProvider: existing session token is not valid, clearing sessions');
@@ -124,19 +121,17 @@ export class GitHubAuthProvider implements vscode.AuthenticationProvider {
124121
return;
125122
}
126123

127-
const isDeviceAuthToken = await this.githubService.isDeviceAuthToken();
128124
const account = { label: githubUser.login, id: githubUser.id.toString() };
129125
const hydratedSessions = matchingBundles.map(scopes => ({
130126
id: v4(),
131127
accessToken: token,
132128
account,
133-
scopes: isDeviceAuthToken ? scopes : [...scopes, WORKSPACE_PAT_SCOPE],
129+
scopes,
134130
}));
135131

136132
await this.storeSessions(hydratedSessions);
137133
this.sessionChangeEmitter.fire({ added: hydratedSessions, removed: [], changed: [] });
138-
const tokenSource = isDeviceAuthToken ? 'device authentication' : 'workspace PAT';
139-
this.logger.info(`GitHubAuthProvider: hydrated ${hydratedSessions.length} session(s) from K8s ${tokenSource}`);
134+
this.logger.info(`GitHubAuthProvider: hydrated ${hydratedSessions.length} session(s) from K8s token`);
140135
} catch (error) {
141136
if (isUnauthorizedError(error)) {
142137
this.logger.warn('GitHubAuthProvider: hydrate failed, token is not valid');
@@ -191,12 +186,11 @@ export class GitHubAuthProvider implements vscode.AuthenticationProvider {
191186
}
192187

193188
const sessions = await this.sessionsPromise;
194-
const isDeviceAuthToken = await this.githubService.isDeviceAuthToken();
195189
const session: vscode.AuthenticationSession = {
196190
id: v4(),
197191
accessToken: token,
198192
account: { label: githubUser.login, id: githubUser.id.toString() },
199-
scopes: isDeviceAuthToken ? scopes : [...scopes, WORKSPACE_PAT_SCOPE],
193+
scopes,
200194
};
201195

202196
const sessionIndex = sessions.findIndex(s => sessionMatchesRequestedScopes(s.scopes, sortedScopes));

code/extensions/che-github-authentication/src/utils.ts

Lines changed: 1 addition & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -38,22 +38,8 @@ export function hasAllScopes(existingScopes: string[], requestedScopes: string[]
3838
return requestedScopes.every(scope => existingScopes.includes(scope));
3939
}
4040

41-
/**
42-
* Marker scope on sessions backed by a workspace PAT. Copilot requests exact scope lists and
43-
* will not match these sessions; other extensions use superset matching in getSessions.
44-
*/
45-
export const WORKSPACE_PAT_SCOPE = 'che:workspace-pat';
46-
47-
export function isWorkspacePatSession(scopes: readonly string[]): boolean {
48-
return scopes.includes(WORKSPACE_PAT_SCOPE);
49-
}
50-
5141
export function sessionMatchesRequestedScopes(sessionScopes: readonly string[], requestedScopes: readonly string[]): boolean {
52-
if (isWorkspacePatSession(sessionScopes)) {
53-
const tokenScopes = sessionScopes.filter(scope => scope !== WORKSPACE_PAT_SCOPE);
54-
return hasAllScopes(tokenScopes, [...requestedScopes]);
55-
}
56-
return arrayEquals([...sessionScopes].sort(), [...requestedScopes].sort());
42+
return hasAllScopes([...sessionScopes], [...requestedScopes]);
5743
}
5844

5945
/** Scope bundles used by Copilot / github / GHPRI / Agent Host — session keys match vanilla createSession. */

0 commit comments

Comments
 (0)