Remove scopes from config on signout

Author: samgst-amazon

plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/ConfigFilesFacade.kt

@@ -3,6 +3,8 @@
 
 package software.aws.toolkits.jetbrains.core.credentials
 
+import com.intellij.openapi.application.ApplicationManager
+import com.intellij.openapi.fileEditor.FileDocumentManager
 import software.amazon.awssdk.profiles.Profile
 import software.amazon.awssdk.profiles.ProfileFile
 import software.amazon.awssdk.profiles.ProfileFileLocation
@@ -15,6 +17,8 @@ import software.aws.toolkits.core.utils.touch
 import software.aws.toolkits.core.utils.tryDirOp
 import software.aws.toolkits.core.utils.tryFileOp
 import software.aws.toolkits.core.utils.writeText
+import software.aws.toolkits.jetbrains.core.credentials.profiles.ProfileWatcher
+import software.aws.toolkits.jetbrains.core.credentials.profiles.SsoSessionConstants
 import software.aws.toolkits.jetbrains.core.credentials.profiles.ssoSessions
 import java.nio.file.Path
 
@@ -35,6 +39,9 @@ interface ConfigFilesFacade {
     fun appendProfileToCredentials(profile: Profile)
     fun appendSectionToConfig(sectionName: String, profile: Profile)
     fun updateSectionInConfig(sectionName: String, profile: Profile)
+
+    fun deleteSsoConnectionFromConfig(sessionName: String)
+    fun deleteSsoProfileScopesFromConfig(sessionName: String)
 }
 
 class DefaultConfigFilesFacade(
@@ -173,6 +180,49 @@ class DefaultConfigFilesFacade(
         }
     }
 
+    override fun deleteSsoConnectionFromConfig(sessionName: String) {
+        val filePath = configPath
+        val lines = filePath.inputStreamIfExists()?.reader()?.readLines().orEmpty()
+        val ssoHeaderLine = lines.indexOfFirst { it.startsWith("[${SsoSessionConstants.SSO_SESSION_SECTION_NAME} $sessionName]") }
+        if (ssoHeaderLine == -1) return
+        val nextHeaderLine = lines.subList(ssoHeaderLine + 1, lines.size).indexOfFirst { it.startsWith("[") }
+        val endIndex = if (nextHeaderLine == -1) lines.size else ssoHeaderLine + nextHeaderLine + 1
+        val updatedArray = lines.subList(0, ssoHeaderLine) + lines.subList(endIndex, lines.size)
+        val profileHeaderLine = getCorrespondingSsoSessionProfilePosition(updatedArray, sessionName)
+        filePath.writeText(profileHeaderLine.joinToString("\n"))
+
+        val applicationManager = ApplicationManager.getApplication()
+        if (applicationManager != null && !applicationManager.isUnitTestMode) {
+            FileDocumentManager.getInstance().saveAllDocuments()
+            ProfileWatcher.getInstance().forceRefresh()
+        }
+    }
+
+    override fun deleteSsoProfileScopesFromConfig(sessionName: String) {
+        val filePath = configPath
+        val lines = filePath.inputStreamIfExists()?.reader()?.readLines().orEmpty().toMutableList()
+        val ssoHeaderLine = lines.indexOfFirst { it.startsWith("[${SsoSessionConstants.SSO_SESSION_SECTION_NAME} $sessionName]") }
+        if (ssoHeaderLine == -1) return
+        val nextHeaderLine = lines.subList(ssoHeaderLine + 1, lines.size).indexOfFirst { it.startsWith("[") }
+        val endIndex = if (nextHeaderLine == -1) lines.size else ssoHeaderLine + nextHeaderLine + 1
+
+        // Find and remove the sso_registration_scopes line
+        for (i in ssoHeaderLine until endIndex) {
+            if (lines[i].trim().startsWith("sso_registration_scopes=")) {
+                lines.removeAt(i)
+                break
+            }
+        }
+
+        filePath.writeText(lines.joinToString("\n"))
+
+        val applicationManager = ApplicationManager.getApplication()
+        if (applicationManager != null && !applicationManager.isUnitTestMode) {
+            FileDocumentManager.getInstance().saveAllDocuments()
+            ProfileWatcher.getInstance().forceRefresh()
+        }
+    }
+
     private fun getCorrespondingSsoSessionProfilePosition(updatedArray: List<String>, sessionName: String): List<String> {
         var content = updatedArray
         val finalContent = mutableListOf<String>()

plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/ToolkitAuthManager.kt

@@ -13,11 +13,14 @@ import software.amazon.awssdk.services.ssooidc.model.SsoOidcException
 import software.aws.toolkits.core.ClientConnectionSettings
 import software.aws.toolkits.core.ConnectionSettings
 import software.aws.toolkits.core.TokenConnectionSettings
+import software.aws.toolkits.core.credentials.CredentialIdentifier
 import software.aws.toolkits.core.credentials.ToolkitBearerTokenProvider
 import software.aws.toolkits.core.utils.getLogger
 import software.aws.toolkits.core.utils.info
 import software.aws.toolkits.core.utils.warn
 import software.aws.toolkits.jetbrains.core.credentials.pinning.FeatureWithPinnedConnection
+import software.aws.toolkits.jetbrains.core.credentials.profiles.ProfileCredentialsIdentifierSso
+import software.aws.toolkits.jetbrains.core.credentials.profiles.ProfileWatcher
 import software.aws.toolkits.jetbrains.core.credentials.profiles.SsoSessionConstants.SSO_SESSION_SECTION_NAME
 import software.aws.toolkits.jetbrains.core.credentials.sso.bearer.BearerTokenAuthState
 import software.aws.toolkits.jetbrains.core.credentials.sso.bearer.BearerTokenProvider
@@ -202,6 +205,13 @@ fun loginSso(
 fun logoutFromSsoConnection(project: Project?, connection: AwsBearerTokenConnection, callback: () -> Unit = {}) {
     try {
         ToolkitAuthManager.getInstance().deleteConnection(connection.id)
+        ProfileWatcher.getInstance().forceRefresh()
+        project?.let { ToolkitConnectionManager.getInstance(it).switchConnection(null) }
+
+        if (connection is ProfileSsoManagedBearerSsoConnection) {
+            deleteSsoConnection(connection)
+        }
+
     } finally {
         callback()
     }
@@ -327,6 +337,19 @@ fun maybeReauthProviderIfNeeded(
     }
 }
 
+fun deleteSsoConnection(connection: ProfileSsoManagedBearerSsoConnection) =
+    deleteSsoConnection(connection.configSessionName)
+
+fun deleteSsoConnection(connection: CredentialIdentifier) =
+    deleteSsoConnection(getSsoSessionProfileNameFromCredentials(connection))
+
+fun deleteSsoConnection(sessionName: String) = DefaultConfigFilesFacade().deleteSsoProfileScopesFromConfig(sessionName)
+
+private fun getSsoSessionProfileNameFromCredentials(connection: CredentialIdentifier): String {
+    connection as ProfileCredentialsIdentifierSso
+    return connection.ssoSessionName
+}
+
 private fun recordLoginWithBrowser(
     credentialStartUrl: String? = null,
     credentialSourceId: CredentialSourceId? = null,