feat: reworked credential management

Store passwords in the system keychain.

Signed-off-by: Gordon Smith <GordonJSmith@gmail.com>

Author: GordonSmith

.vscode/launch.json

@@ -17,6 +17,8 @@
             "runtimeExecutable": "${execPath}",
             "args": [
                 "--disable-extensions",
+                "--enable-extension",
+                "GordonSmith.observable-js",
                 "--extensionDevelopmentPath=${workspaceRoot}",
                 "${workspaceRoot}/ecl-sample"
             ],

README.md

@@ -159,7 +159,28 @@ _Version 2.x introduces a new streamlined submission process. The "old" Run/Debu
 
 ## ECL
 
-\n+## AI / Chat Integration
+## Secure Credential Storage
+
+**Important:** As of version 2.33.0, the extension now uses VS Code's secure storage for HPCC Platform credentials instead of storing passwords in plaintext in your launch configuration files.
+
+### What This Means for You
+
+- **Your passwords are now encrypted** using your operating system's native credential manager (Windows Credential Manager, macOS Keychain, or Linux Secret Service)
+- **No more plaintext passwords** in workspace files that could accidentally be committed to version control
+- **Automatic migration**: Existing passwords are automatically moved to secure storage on first use
+- **Stay logged in** across VS Code sessions without re-entering credentials
+
+### What You Need to Do
+
+**Nothing!** The migration happens automatically. When you connect to an HPCC Platform:
+
+1. If a password exists in your launch configuration, it will be securely stored and removed from the file
+2. For new connections, you'll be prompted for credentials which will be securely saved
+3. Your credentials persist across VS Code restarts
+
+You can safely remove any `"password"` fields from your `launch.json` files if you prefer.
+
+## AI / Chat Integration
 
 The extension contributes experimental Language Model (AI) tools and a chat participant:
 

ecl-sample/.vscode/launch.json

@@ -15,8 +15,7 @@
             "rejectUnauthorized": true,
             "resultLimit": 100,
             "timeoutSecs": 60,
-            "user": "vscode_user",
-            "password": ""
+            "user": "gordon"
         },
         {
             "name": "play",
@@ -29,8 +28,7 @@
             "rejectUnauthorized": false,
             "resultLimit": 100,
             "timeoutSecs": 60,
-            "user": "vscode_user",
-            "password": ""
+            "user": "vscode_user"
         },
         {
             "name": "localhost (https)",

package-lock.json

@@ -1,7 +1,7 @@
 {
   "private": true,
   "name": "ecl",
-  "version": "2.32.1",
+  "version": "2.32.2",
   "publisher": "hpcc-systems",
   "displayName": "ECL Language",
   "description": "ECL (Enterprise Control Language) support for Visual Studio Code",
@@ -134,6 +134,13 @@
   "engines": {
     "vscode": "^1.105.0"
   },
+  "releaseNotes": [
+    {
+      "previousVersion": "2.32.0",
+      "message": "Credential storage has been upgraded to use VS Code's secure storage. Your existing credentials have been automatically migrated.",
+      "learnMoreUrl": "README.md#secure-credential-storage"
+    }
+  ],
   "galleryBanner": {
     "color": "#CFB69A",
     "theme": "light"
@@ -147,8 +154,7 @@
     "workspaceContains:*.ecllib",
     "workspaceContains:*.mod",
     "workspaceContains:*.eclnb",
-    "workspaceContains:*.kel",
-    "workspaceContains:*.dashy"
+    "workspaceContains:*.kel"
   ],
   "contributes": {
     "languageModelTools": [
@@ -428,6 +434,12 @@
         "title": "%Copy as ECL ID%",
         "description": "%Copy path as Qualified ECL ID%"
       },
+      {
+        "command": "ecl.clearStoredPasswords",
+        "category": "ECL",
+        "title": "%Clear All Passwords%",
+        "description": "%Clear all stored HPCC Platform passwords from secure storage%"
+      },
       {
         "command": "hpccPlatform.copyWUID",
         "category": "ECL",
@@ -625,6 +637,20 @@
           "dark": "resources/dark/server-process.svg"
         }
       },
+      {
+        "command": "hpccPlatform.login",
+        "category": "ECL",
+        "title": "%Login%",
+        "description": "%Login to HPCC Platform%",
+        "icon": "$(sign-in)"
+      },
+      {
+        "command": "hpccPlatform.logout",
+        "category": "ECL",
+        "title": "%Logout (and forget password)%",
+        "description": "%Logout (and forget password) from HPCC Platform%",
+        "icon": "$(sign-out)"
+      },
       {
         "command": "hpccPlatform.switchTargetCluster",
         "category": "ECL",
@@ -1046,6 +1072,16 @@
           "when": "view == hpccPlatform",
           "group": "navigation@60"
         },
+        {
+          "command": "hpccPlatform.login",
+          "when": "view == hpccPlatform && !ecl.connected",
+          "group": "navigation@65"
+        },
+        {
+          "command": "hpccPlatform.logout",
+          "when": "view == hpccPlatform && ecl.connected",
+          "group": "navigation@65"
+        },
         {
           "command": "hpccResources.bundles.homepage",
           "when": "view == hpccResources.bundles",
@@ -1481,7 +1517,7 @@
         "ecl.pingInterval": {
           "type": "number",
           "scope": "resource",
-          "default": 5,
+          "default": 60,
           "description": "%Ping interval (secs, -1 to disable)%"
         },
         "dashy.libraryLocation": {
@@ -1671,11 +1707,6 @@
                 "type": "string",
                 "description": "%User ID%",
                 "default": ""
-              },
-              "password": {
-                "type": "string",
-                "description": "%User password%",
-                "default": ""
               }
             }
           }
@@ -1694,8 +1725,7 @@
             "rejectUnauthorized": true,
             "resultLimit": 100,
             "timeoutSecs": 60,
-            "user": "vscode_user",
-            "password": ""
+            "user": "vscode_user"
           }
         ],
         "configurationSnippets": [
@@ -1715,8 +1745,7 @@
               "rejectUnauthorized": true,
               "resultLimit": 100,
               "timeoutSecs": 60,
-              "user": "vscode_user",
-              "password": ""
+              "user": "vscode_user"
             }
           },
           {
@@ -1735,8 +1764,7 @@
               "rejectUnauthorized": false,
               "resultLimit": 100,
               "timeoutSecs": 60,
-              "user": "vscode_user",
-              "password": ""
+              "user": "vscode_user"
             }
           }
         ]

package.json

@@ -22,6 +22,7 @@
     "Build flags, to be passed to the eclcc compiler": "Build flags, to be passed to the eclcc compiler",
     "Bundles": "Bundles",
     "Bundles Homepage": "Bundles Homepage",
+    "Cancel": "Cancel",
     "Cannot search: HPCC Platform not connected": "Cannot search: HPCC Platform not connected",
     "Check ECL Syntax": "Check ECL Syntax",
     "Checking ECL syntax": "Checking ECL syntax",
@@ -30,6 +31,11 @@
     "Check syntax with KEL grammar (fast)": "Check syntax with KEL grammar (fast)",
     "Check the syntax of ECL code?": "Check the syntax of ECL code?",
     "Clear all previously reported ECL Syntax Check results": "Clear all previously reported ECL Syntax Check results",
+    "Clear All Passwords": "Clear All Passwords",
+    "Clear all stored HPCC Platform passwords from secure storage": "Clear all stored HPCC Platform passwords from secure storage",
+    "All stored passwords have been cleared.": "All stored passwords have been cleared.",
+    "Failed to clear stored passwords: ": "Failed to clear stored passwords: ",
+    "This will clear all stored HPCC Platform passwords. You will need to re-enter your credentials on the next connection. Are you sure?": "This will clear all stored HPCC Platform passwords. You will need to re-enter your credentials on the next connection. Are you sure?",
     "Client Tools": "Client Tools",
     "Client Tools Homepage": "Client Tools Homepage",
     "Compile": "Compile",
@@ -40,17 +46,20 @@
     "Copy as ECL ID": "Copy as ECL ID",
     "Copy path as Qualified ECL ID": "Copy path as Qualified ECL ID",
     "Copy WUID": "Copy WUID",
+    "Credential storage has been upgraded to use VS Code's secure storage. Your existing credentials have been automatically migrated.": "Credential storage has been upgraded to use VS Code's secure storage. Your existing credentials have been automatically migrated.",
     "Dashy library location (bundled, latest, localPath)": "Dashy library location (bundled, latest, localPath)",
     "Dashy Library Path (libraryLocation === \"localPath\")": "Dashy Library Path (libraryLocation === \"localPath\")",
     "Database Name": "Database Name",
     "Debug level logging (requires restart)": "Debug level logging (requires restart)",
     "Default launch configuration": "Default launch configuration",
+    "Dismiss": "Dismiss",
     "Default timeout (secs)": "Default timeout (secs)",
     "Delete Workunit": "Delete Workunit",
     "Digitally sign ECL file": "Digitally sign ECL file",
     "Down": "Down",
     "eclcc syntax check arguments": "eclcc syntax check arguments",
     "ECL Client Tools Terminal": "ECL Client Tools Terminal",
+    "ECL Extension Updated": "ECL Extension Updated",
     "ECL Notebook": "ECL Notebook",
     "ECL syntax is invalid.": "ECL syntax is invalid.",
     "ECL syntax is valid.": "ECL syntax is valid.",
@@ -80,6 +89,16 @@
     "Language Reference Lookup": "Language Reference Lookup",
     "Language Reference Website": "Language Reference Website",
     "Launch ECL Watch": "Launch ECL Watch",
+    "Login": "Login",
+    "Login to HPCC Platform": "Login to HPCC Platform",
+    "Login failed": "Login failed",
+    "Logout (and forget password)": "Logout (and forget password)",
+    "Logout (and forget password) from HPCC Platform": "Logout (and forget password) from HPCC Platform",
+    "Logout failed": "Logout failed",
+    "Learn More": "Learn More",
+    "No HPCC Platform connection available": "No HPCC Platform connection available",
+    "Successfully logged in to HPCC Platform": "Successfully logged in to HPCC Platform",
+    "Successfully logged out from HPCC Platform": "Successfully logged out from HPCC Platform",
     "List recent HPCC workunits": "List recent HPCC workunits",
     "List Workunits Tool": "List Workunits Tool",
     "Max result limit for workunit results": "Max result limit for workunit results",

package.nls.json

@@ -0,0 +1,74 @@
+import { describe, it, expect, beforeEach, vi } from "vitest";
+import * as vscode from "vscode";
+
+// Mock the localize function
+vi.mock("../util/localize", () => ({
+    default: (key: string) => key
+}));
+
+describe("versionNotification", () => {
+    let mockContext: any;
+    let mockGlobalState: Map<string, any>;
+
+    beforeEach(() => {
+        mockGlobalState = new Map();
+        mockContext = {
+            extension: {
+                packageJSON: {
+                    version: "2.33.0"
+                }
+            },
+            extensionUri: vscode.Uri.file("/mock/path"),
+            globalState: {
+                get: vi.fn((key: string) => mockGlobalState.get(key)),
+                update: vi.fn((key: string, value: any) => {
+                    mockGlobalState.set(key, value);
+                    return Promise.resolve();
+                })
+            }
+        };
+    });
+
+    it("should store the current version on first activation", async () => {
+        const { checkForUpgrade } = await import("../util/versionNotification");
+
+        await checkForUpgrade(mockContext);
+
+        expect(mockContext.globalState.update).toHaveBeenCalledWith(
+            "ecl.lastVersion",
+            "2.33.0"
+        );
+    });
+
+    it("should detect version upgrade", async () => {
+        mockGlobalState.set("ecl.lastVersion", "2.32.0");
+
+        const showInformationMessageSpy = vi.spyOn(vscode.window, "showInformationMessage")
+            .mockResolvedValue(undefined as any);
+
+        const { checkForUpgrade } = await import("../util/versionNotification");
+
+        await checkForUpgrade(mockContext);
+
+        expect(showInformationMessageSpy).toHaveBeenCalled();
+        const call = showInformationMessageSpy.mock.calls[0];
+        expect(call[0]).toContain("2.33.0");
+
+        showInformationMessageSpy.mockRestore();
+    });
+
+    it("should not show notification when version hasn't changed", async () => {
+        mockGlobalState.set("ecl.lastVersion", "2.33.0");
+
+        const showInformationMessageSpy = vi.spyOn(vscode.window, "showInformationMessage")
+            .mockResolvedValue(undefined as any);
+
+        const { checkForUpgrade } = await import("../util/versionNotification");
+
+        await checkForUpgrade(mockContext);
+
+        expect(showInformationMessageSpy).not.toHaveBeenCalled();
+
+        showInformationMessageSpy.mockRestore();
+    });
+});

src/__tests__/versionNotification.test.ts

@@ -12,6 +12,7 @@ import localize from "../util/localize";
 import { createDirectory, exists, writeFile } from "../util/fs";
 import { ECLR_EN_US, matchTopics, SLR_EN_US } from "./docs";
 import { SaveData } from "./saveData";
+import { credentialManager } from "../util/credentialManager";
 
 const IMPORT_MARKER = "//Import:";
 const SKIP = localize("Skip");
@@ -45,6 +46,7 @@ export class ECLCommands {
         ctx.subscriptions.push(vscode.commands.registerCommand("ecl.verify", this.verify, this));
         ctx.subscriptions.push(vscode.commands.registerCommand("ecl.importModFile", this.importModFile, this));
         ctx.subscriptions.push(vscode.commands.registerCommand("ecl.copyAsEclID", this.copyAsEclID, this));
+        ctx.subscriptions.push(vscode.commands.registerCommand("ecl.clearStoredPasswords", this.clearStoredPasswords, this));
     }
 
     static attach(ctx: vscode.ExtensionContext): ECLCommands {
@@ -331,4 +333,22 @@ export class ECLCommands {
             vscode.env.clipboard.writeText(ids.join(os.EOL));
         }
     }
+
+    async clearStoredPasswords() {
+        const confirm = await vscode.window.showWarningMessage(
+            localize("This will clear all stored HPCC Platform passwords. You will need to re-enter your credentials on the next connection. Are you sure?"),
+            { modal: true },
+            localize("Clear All Passwords"),
+            localize("Cancel")
+        );
+
+        if (confirm === localize("Clear All Passwords")) {
+            try {
+                await credentialManager.clearAllCredentials();
+                vscode.window.showInformationMessage(localize("All stored passwords have been cleared."));
+            } catch (error: any) {
+                vscode.window.showErrorMessage(localize("Failed to clear stored passwords: ") + error.message);
+            }
+        }
+    }
 }