oauth: provide UI prompts for generic OAuth auth

mjcheetham · mjcheetham · commit 8d2ace54d21e · 2023-02-01T11:09:03.000-08:00
Add detection and use of GUI prompts for OAuth authentication.
diff --git a/src/shared/Core/Authentication/OAuthAuthentication.cs b/src/shared/Core/Authentication/OAuthAuthentication.cs
@@ -57,35 +57,77 @@ public async Task<OAuthAuthenticationModes> GetAuthenticationModeAsync(
                 return modes;
             }
 
-            ThrowIfTerminalPromptsDisabled();
-
-            switch (modes)
+            if (Context.Settings.IsGuiPromptsEnabled && Context.SessionManager.IsDesktopSession &&
+                TryFindHelperCommand(out string command, out string args))
+            {
+                var promptArgs = new StringBuilder(args);
+                promptArgs.Append("oauth");
+
+                if (!string.IsNullOrWhiteSpace(resource))
+                {
+                    promptArgs.AppendFormat(" --resource {0}", QuoteCmdArg(resource));
+                }
+
+                if ((modes & OAuthAuthenticationModes.Browser) != 0)
+                {
+                    promptArgs.Append(" --browser");
+                }
+
+                if ((modes & OAuthAuthenticationModes.DeviceCode) != 0)
+                {
+                    promptArgs.Append(" --device-code");
+                }
+
+                IDictionary<string, string> resultDict = await InvokeHelperAsync(command, promptArgs.ToString());
+
+                if (!resultDict.TryGetValue("mode", out string responseMode))
+                {
+                    throw new Exception("Missing 'mode' in response");
+                }
+
+                switch (responseMode.ToLowerInvariant())
+                {
+                    case "browser":
+                        return OAuthAuthenticationModes.Browser;
+
+                    case "devicecode":
+                        return OAuthAuthenticationModes.DeviceCode;
+
+                    default:
+                        throw new Exception($"Unknown mode value in response '{responseMode}'");
+                }
+            }
+            else
             {
-                case OAuthAuthenticationModes.Browser:
-                    return OAuthAuthenticationModes.Browser;
+                ThrowIfTerminalPromptsDisabled();
 
-                case OAuthAuthenticationModes.DeviceCode:
-                    return OAuthAuthenticationModes.DeviceCode;
+                switch (modes)
+                {
+                    case OAuthAuthenticationModes.Browser:
+                        return OAuthAuthenticationModes.Browser;
 
-                default:
-                    var menuTitle = $"Select an authentication method for '{resource}'";
-                    var menu = new TerminalMenu(Context.Terminal, menuTitle);
+                    case OAuthAuthenticationModes.DeviceCode:
+                        return OAuthAuthenticationModes.DeviceCode;
 
-                    TerminalMenuItem browserItem = null;
-                    TerminalMenuItem deviceItem = null;
+                    default:
+                        var menuTitle = $"Select an authentication method for '{resource}'";
+                        var menu = new TerminalMenu(Context.Terminal, menuTitle);
 
-                    if ((modes & OAuthAuthenticationModes.Browser)    != 0) browserItem = menu.Add("Web browser");
-                    if ((modes & OAuthAuthenticationModes.DeviceCode) != 0) deviceItem  = menu.Add("Device code");
+                        TerminalMenuItem browserItem = null;
+                        TerminalMenuItem deviceItem = null;
 
-                    // Default to the 'first' choice in the menu
-                    TerminalMenuItem choice = menu.Show(0);
+                        if ((modes & OAuthAuthenticationModes.Browser)    != 0) browserItem = menu.Add("Web browser");
+                        if ((modes & OAuthAuthenticationModes.DeviceCode) != 0) deviceItem  = menu.Add("Device code");
 
-                    if (choice == browserItem) goto case OAuthAuthenticationModes.Browser;
-                    if (choice == deviceItem)  goto case OAuthAuthenticationModes.DeviceCode;
+                        // Default to the 'first' choice in the menu
+                        TerminalMenuItem choice = menu.Show(0);
 
-                    throw new Exception();
+                        if (choice == browserItem) goto case OAuthAuthenticationModes.Browser;
+                        if (choice == deviceItem)  goto case OAuthAuthenticationModes.DeviceCode;
+
+                        throw new Exception();
+                }
             }
-            
         }
 
         public async Task<OAuth2TokenResult> GetTokenByBrowserAsync(OAuth2Client client, string[] scopes)
@@ -110,14 +152,68 @@ public async Task<OAuth2TokenResult> GetTokenByDeviceCodeAsync(OAuth2Client clie
 
             OAuth2DeviceCodeResult dcr = await client.GetDeviceCodeAsync(scopes, CancellationToken.None);
 
-            ThrowIfTerminalPromptsDisabled();
+            // If we have a desktop session show the device code in a dialog
+            if (Context.Settings.IsGuiPromptsEnabled && Context.SessionManager.IsDesktopSession &&
+                TryFindHelperCommand(out string command, out string args))
+            {
+                var promptArgs = new StringBuilder(args);
+                promptArgs.Append("device");
+                promptArgs.AppendFormat(" --code {0} ", QuoteCmdArg(dcr.UserCode));
+                promptArgs.AppendFormat(" --url {0}", QuoteCmdArg(dcr.VerificationUri.ToString()));
+
+                var promptCts = new CancellationTokenSource();
+                var tokenCts = new CancellationTokenSource();
+
+                // Show the dialog with the device code but don't await its closure
+                Task promptTask = InvokeHelperAsync(command, promptArgs.ToString(), null, promptCts.Token);
+
+                // Start the request for an OAuth token but don't wait
+                Task<OAuth2TokenResult> tokenTask = client.GetTokenByDeviceCodeAsync(dcr, tokenCts.Token);
+
+                Task t = await Task.WhenAny(promptTask, tokenTask);
+
+                // If the dialog was closed the user wishes to cancel the request
+                if (t == promptTask)
+                {
+                    tokenCts.Cancel();
+                }
+
+                OAuth2TokenResult tokenResult;
+                try
+                {
+                    tokenResult = await tokenTask;
+                }
+                catch (OperationCanceledException)
+                {
+                    throw new Exception("User canceled device code authentication");
+                }
+
+                // Close the dialog
+                promptCts.Cancel();
+
+                return tokenResult;
+            }
+            else
+            {
+                ThrowIfTerminalPromptsDisabled();
 
-            string deviceMessage = $"To complete authentication please visit {dcr.VerificationUri} and enter the following code:" +
-                                    Environment.NewLine +
-                                    dcr.UserCode;
-            Context.Terminal.WriteLine(deviceMessage);
+                string deviceMessage = $"To complete authentication please visit {dcr.VerificationUri} and enter the following code:" +
+                                       Environment.NewLine +
+                                       dcr.UserCode;
+                Context.Terminal.WriteLine(deviceMessage);
 
-            return await client.GetTokenByDeviceCodeAsync(dcr, CancellationToken.None);
+                return await client.GetTokenByDeviceCodeAsync(dcr, CancellationToken.None);
+            }
+        }
+
+        private bool TryFindHelperCommand(out string command, out string args)
+        {
+            return TryFindHelperCommand(
+                Constants.EnvironmentVariables.GcmUiHelper,
+                Constants.GitConfiguration.Credential.UiHelper,
+                Constants.DefaultUiHelper,
+                out command,
+                out args);
         }
     }
 }
