Skip to content

feat: detect revoked token and offer re-authentication

Tomas Vik (OOO back on 2024-07-02) requested to merge tv/2024-01/revoked-token into main

Description

The main goal of this MR is to detect when the token has been revoked or expired and offer the user to re-authenticate.

Originally, I planned to react to every 401 and 400 errors caused by an invalid token, but that would require a larger re-design of the extension. I settled for detecting an expired token on extension startup, which should catch most cases.

This MR introduces Validate GitLab Accounts command that will check if any of the accounts has expired token. This command is also automatically run during extension startup.

Screenshot_2024-01-16_at_10.41.28

re-authenticate

Related Issues

Resolves #1157 (closed)

How has this been tested?

The errors are described in #1157 (comment 1720320171), but this MR only handles the errors on startup.

Setup (before each scenario)

  1. Remove your extension accounts
  2. Authenticate with OAuth (command GitLab: Authetnicate to GitLab.com)
  3. Go to https://gitlab.com/-/user_settings/applications and revoke the GitLab Workflow VS Code Extension app

Scenario 1: Revoked token - re-authenticate

  1. Start the extension in development mode
  2. See this error message
  • Screenshot_2024-01-16_at_10.41.28
  1. Click on Re-Authenticate
  2. Follow the OAuth flow and see that you are successfully authenticated

Scenario 2: Revoked token - Ignore

  1. Start the extension in development mode
  2. See this error message
  • Screenshot_2024-01-16_at_10.41.28
  1. Click ignore
  2. Run the Validate GitLab Accounts command and see that the error gets ignored

Scenario 3: Revoked refresh token - re-authenticate

  1. Wait for 2h so that the OAuth token expires and the extension tries to use refresh token
  2. Start the extension in development mode
  3. See this error message
  • Screenshot_2024-01-16_at_10.41.28
  1. Click on Re-Authenticate
  2. Follow the OAuth flow and see that you are successfully authenticated

Scenario 4: Revoked PAT (without the setup)

  1. Remove accounts in the extension
  2. Add a PAT account GitLab: Add Account to VS Code
  1. Revoke the token and close the VS Code window
  2. Start the extension in development mode
  3. See this error message
  • image
  1. Click on Delete Account (PAT can't be re-authenticated)
  2. See there is no GitLab account (Run Validate GitLab Accounts command and see that there are none)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation
  • Chore (Related to CI or Packaging to platforms)
  • Test gap
Edited by Tomas Vik (OOO back on 2024-07-02)

Merge request reports