oauth: disconnect streams from xdg-open

When using the `Process` class to open the user's default browser on
Linux, utilities like `xdg-open` are used. Some of these utilities
do not disconnect child processes from our standard input/output/error
streams. At the same time, browsers like Chromium like to write to
stdout and stderr, which gets fed back to Git or the user's terminal,
respectively. The latter looks messy, and the former causes Git to fail.

On Linux, we instead manually locate a suitable 'shell execute' utility
and launch them directly - this way we can redirect the standard
output/error streams.

For Windows and macOS, this is not an issue and we continue to use the
Framework code to do 'shell execute'.

Author: mjcheetham

src/shared/Atlassian.Bitbucket/BitbucketAuthentication.cs

@@ -129,7 +129,7 @@ public async Task<OAuth2TokenResult> CreateOAuthCredentialsAsync(Uri targetUri)
                 FailureResponseHtmlFormat = BitbucketResources.AuthenticationResponseFailureHtmlFormat
             };
 
-            var browser = new OAuth2SystemWebBrowser(browserOptions);
+            var browser = new OAuth2SystemWebBrowser(Context.Environment, browserOptions);
             var authCodeResult = await oauthClient.GetAuthorizationCodeAsync(Scopes, browser, CancellationToken.None);
 
             return await oauthClient.GetTokenByAuthorizationCodeAsync(authCodeResult, CancellationToken.None);

src/shared/GitHub/GitHubAuthentication.cs

@@ -197,7 +197,7 @@ public async Task<OAuth2TokenResult> GetOAuthTokenAsync(Uri targetUri, IEnumerab
                     SuccessResponseHtml = GitHubResources.AuthenticationResponseSuccessHtml,
                     FailureResponseHtmlFormat = GitHubResources.AuthenticationResponseFailureHtmlFormat
                 };
-                var browser = new OAuth2SystemWebBrowser(browserOptions);
+                var browser = new OAuth2SystemWebBrowser(Context.Environment, browserOptions);
 
                 // Write message to the terminal (if any is attached) for some feedback that we're waiting for a web response
                 Context.Terminal.WriteLine("info: please complete authentication in your browser...");

src/shared/Microsoft.Git.CredentialManager/Authentication/OAuth/OAuth2SystemWebBrowser.cs

@@ -35,10 +35,15 @@ public class OAuth2WebBrowserOptions
 
     public class OAuth2SystemWebBrowser : IOAuth2WebBrowser
     {
+        private readonly IEnvironment _environment;
         private readonly OAuth2WebBrowserOptions _options;
 
-        public OAuth2SystemWebBrowser(OAuth2WebBrowserOptions options)
+        public OAuth2SystemWebBrowser(IEnvironment environment, OAuth2WebBrowserOptions options)
         {
+            EnsureArgument.NotNull(environment, nameof(environment));
+            EnsureArgument.NotNull(options, nameof(options));
+
+            _environment = environment;
             _options = options;
         }
 
@@ -75,18 +80,56 @@ public async Task<Uri> GetAuthenticationCodeAsync(Uri authorizationUri, Uri redi
 
         private void OpenDefaultBrowser(Uri uri)
         {
-            if (!StringComparer.OrdinalIgnoreCase.Equals(Uri.UriSchemeHttp,  uri.Scheme) &&
-                !StringComparer.OrdinalIgnoreCase.Equals(Uri.UriSchemeHttps, uri.Scheme))
+            if (!uri.Scheme.Equals(Uri.UriSchemeHttp, StringComparison.OrdinalIgnoreCase) &&
+                !uri.Scheme.Equals(Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase))
             {
                 throw new ArgumentException("Can only open HTTP/HTTPS URIs", nameof(uri));
             }
 
-            var pci = new ProcessStartInfo(uri.ToString())
+            string url = uri.ToString();
+
+            ProcessStartInfo psi = null;
+            if (PlatformUtils.IsLinux())
             {
-                UseShellExecute = true
-            };
+                // On Linux, 'shell execute' utilities like xdg-open launch a process without
+                // detaching from the standard in/out descriptors. Some applications (like
+                // Chromium) write messages to stdout, which is currently hooked up and being
+                // consumed by Git, and cause errors.
+                //
+                // Sadly, the Framework does not allow us to redirect standard streams if we
+                // set ProcessStartInfo::UseShellExecute = true, so we must manually launch
+                // these utilities and redirect the standard streams manually.
+                //
+                // We try and use the same 'shell execute' utilities as the Framework does,
+                // searching for them in the same order until we find one.
+                foreach (string shellExec in new[] { "xdg-open", "gnome-open", "kfmclient" })
+                {
+                    if (_environment.TryLocateExecutable(shellExec, out string shellExecPath))
+                    {
+                        psi = new ProcessStartInfo(shellExecPath, url)
+                        {
+                            RedirectStandardOutput = true,
+                            RedirectStandardError = true
+                        };
+
+                        // We found a way to open the URI; stop searching!
+                        break;
+                    }
+                }
+
+                if (psi is null)
+                {
+                    throw new Exception("Failed to locate a utility to launch the default web browser.");
+                }
+            }
+            else
+            {
+                // On Windows and macOS, `ShellExecute` and `/usr/bin/open` disconnect the child process
+                // from our standard in/out streams, so we can just use the Framework to do this.
+                psi = new ProcessStartInfo(url) {UseShellExecute = true};
+            }
 
-            Process.Start(pci);
+            Process.Start(psi);
         }
 
         private async Task<Uri> InterceptRequestsAsync(Uri listenUri, CancellationToken ct)

src/shared/Microsoft.Git.CredentialManager/BrowserHelper.cs

@@ -1,5 +1,6 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT license.
+using System.Diagnostics;
 using System.Security;
 using System.Windows.Input;
 using Microsoft.Git.CredentialManager;
@@ -23,8 +24,8 @@ public CredentialsViewModel(string username)
         {
             LoginCommand = new RelayCommand(Accept, () => IsValid);
             CancelCommand = new RelayCommand(Cancel);
-            ForgotPasswordCommand = new RelayCommand(() => BrowserHelper.OpenDefaultBrowser(BitbucketResources.PasswordResetUrl));
-            SignUpCommand = new RelayCommand(() => BrowserHelper.OpenDefaultBrowser(BitbucketResources.SignUpLinkUrl));
+            ForgotPasswordCommand = new RelayCommand(() => OpenDefaultBrowser(BitbucketResources.PasswordResetUrl));
+            SignUpCommand = new RelayCommand(() => OpenDefaultBrowser(BitbucketResources.SignUpLinkUrl));
 
             LoginValidator = PropertyValidator.For(this, x => x.Login).Required(BitbucketResources.LoginRequired);
             PasswordValidator = PropertyValidator.For(this, x => x.Password).Required(BitbucketResources.PasswordRequired);

src/windows/Atlassian.Bitbucket.UI.Windows/ViewModels/CredentialsViewModel.cs

@@ -1,5 +1,6 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT license.
+using System.Diagnostics;
 using System.Windows.Input;
 using Microsoft.Git.CredentialManager;
 using Microsoft.Git.CredentialManager.UI;
@@ -16,9 +17,9 @@ public OAuthViewModel()
         {
             OkCommand = new RelayCommand(Accept);
             CancelCommand = new RelayCommand(Cancel);
-            LearnMoreCommand = new RelayCommand(() => BrowserHelper.OpenDefaultBrowser(BitbucketResources.TwoFactorLearnMoreLinkUrl));
-            ForgotPasswordCommand = new RelayCommand(() => BrowserHelper.OpenDefaultBrowser(BitbucketResources.PasswordResetUrl));
-            SignUpCommand = new RelayCommand(() => BrowserHelper.OpenDefaultBrowser(BitbucketResources.SignUpLinkUrl));
+            LearnMoreCommand = new RelayCommand(() => OpenDefaultBrowser(BitbucketResources.TwoFactorLearnMoreLinkUrl));
+            ForgotPasswordCommand = new RelayCommand(() => OpenDefaultBrowser(BitbucketResources.PasswordResetUrl));
+            SignUpCommand = new RelayCommand(() => OpenDefaultBrowser(BitbucketResources.SignUpLinkUrl));
         }
 
         public override string Title => BitbucketResources.OAuthWindowTitle;

src/windows/Atlassian.Bitbucket.UI.Windows/ViewModels/OAuthViewModel.cs

@@ -1,4 +1,5 @@
-using System.Windows.Input;
+using System.Diagnostics;
+using System.Windows.Input;
 using Microsoft.Git.CredentialManager;
 using Microsoft.Git.CredentialManager.UI;
 using Microsoft.Git.CredentialManager.UI.ViewModels;
@@ -87,7 +88,7 @@ private void Verify()
 
         private void NavigateLearnMore()
         {
-            BrowserHelper.OpenDefaultBrowser(NavigateLearnMoreUrl);
+            OpenDefaultBrowser(NavigateLearnMoreUrl);
         }
 
         public string NavigateLearnMoreUrl => "https://aka.ms/vs-core-github-auth-help";

src/windows/GitHub.UI.Windows/Login/Login2FaViewModel.cs

@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT license.
 using System;
+using System.Diagnostics;
 
 namespace Microsoft.Git.CredentialManager.UI.ViewModels
 {
@@ -20,5 +21,21 @@ public void Cancel()
         {
             Canceled?.Invoke(this, EventArgs.Empty);
         }
+
+        public static void OpenDefaultBrowser(string url)
+        {
+            if (!url.StartsWith(Uri.UriSchemeHttp, StringComparison.OrdinalIgnoreCase) &&
+                !url.StartsWith(Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase))
+            {
+                throw new ArgumentException("Can only open HTTP/HTTPS URLs", nameof(url));
+            }
+
+            var psi = new ProcessStartInfo(url)
+            {
+                UseShellExecute = true
+            };
+
+            Process.Start(psi);
+        }
     }
 }