gitlab: invoke GitLab UI helper if available

Invoke the GitLab UI helper if the current session is GUI interactive,
the user has not disabled GUI prompts, and the helper is found.

Author: mjcheetham

src/shared/GitLab.Tests/GitLabAuthenticationTests.cs

@@ -8,89 +8,89 @@ namespace GitLab.Tests
     public class GitLabAuthenticationTests
     {
         [Fact]
-        public void GitLabAuthentication_GetAuthenticationAsync_AuthenticationModesNone_ThrowsException()
+        public async Task GitLabAuthentication_GetAuthenticationAsync_AuthenticationModesNone_ThrowsException()
         {
             var context = new TestCommandContext();
             var auth = new GitLabAuthentication(context);
-            Assert.Throws<ArgumentException>("modes",
-                () => auth.GetAuthentication(null, null, AuthenticationModes.None)
+            await Assert.ThrowsAsync<ArgumentException>("modes",
+                () => auth.GetAuthenticationAsync(null, null, AuthenticationModes.None)
             );
         }
 
         [Theory]
         [InlineData(AuthenticationModes.Browser)]
-        public void GitLabAuthentication_GetAuthenticationAsync_SingleChoice_TerminalAndInteractionNotRequired(GitLab.AuthenticationModes modes)
+        public async Task GitLabAuthentication_GetAuthenticationAsync_SingleChoice_TerminalAndInteractionNotRequired(GitLab.AuthenticationModes modes)
         {
             var context = new TestCommandContext();
             context.Settings.IsTerminalPromptsEnabled = false;
             context.Settings.IsInteractionAllowed = false;
             context.SessionManager.IsDesktopSession = true; // necessary for browser
             var auth = new GitLabAuthentication(context);
-            var result = auth.GetAuthentication(null, null, modes);
+            var result = await auth.GetAuthenticationAsync(null, null, modes);
             Assert.Equal(modes, result.AuthenticationMode);
         }
 
         [Fact]
-        public void GitLabAuthentication_GetAuthenticationAsync_TerminalPromptsDisabled_Throws()
+        public async Task GitLabAuthentication_GetAuthenticationAsync_TerminalPromptsDisabled_Throws()
         {
             var context = new TestCommandContext();
             context.Settings.IsTerminalPromptsEnabled = false;
             var auth = new GitLabAuthentication(context);
-            var exception = Assert.Throws<InvalidOperationException>(
-                () => auth.GetAuthentication(null, null, AuthenticationModes.All)
+            var exception = await Assert.ThrowsAsync<InvalidOperationException>(
+                () => auth.GetAuthenticationAsync(null, null, AuthenticationModes.All)
             );
             Assert.Equal("Cannot prompt because terminal prompts have been disabled.", exception.Message);
         }
 
         [Fact]
-        public void GitLabAuthentication_GetAuthenticationAsync_Terminal()
+        public async Task GitLabAuthentication_GetAuthenticationAsync_Terminal()
         {
             var context = new TestCommandContext();
             var auth = new GitLabAuthentication(context);
             context.SessionManager.IsDesktopSession = true;
             context.Terminal.Prompts["option (enter for default)"] = "";
-            var result = auth.GetAuthentication(null, null, AuthenticationModes.All);
+            var result = await auth.GetAuthenticationAsync(null, null, AuthenticationModes.All);
             Assert.Equal(AuthenticationModes.Browser, result.AuthenticationMode);
         }
 
         [Fact]
-        public void GitLabAuthentication_GetAuthenticationAsync_ChoosePat()
+        public async Task GitLabAuthentication_GetAuthenticationAsync_ChoosePat()
         {
             var context = new TestCommandContext();
             var auth = new GitLabAuthentication(context);
             context.Terminal.Prompts["option (enter for default)"] = "";
             context.Terminal.Prompts["Username"] = "username";
             context.Terminal.SecretPrompts["Personal access token"] = "token";
-            var result = auth.GetAuthentication(null, null, AuthenticationModes.All);
+            var result = await auth.GetAuthenticationAsync(null, null, AuthenticationModes.All);
             Assert.Equal(AuthenticationModes.Pat, result.AuthenticationMode);
             Assert.Equal("username", result.Credential.Account);
             Assert.Equal("token", result.Credential.Password);
         }
 
         [Fact]
-        public void GitLabAuthentication_GetAuthenticationAsync_ChooseBasic()
+        public async Task GitLabAuthentication_GetAuthenticationAsync_ChooseBasic()
         {
             var context = new TestCommandContext();
             var auth = new GitLabAuthentication(context);
             context.Terminal.Prompts["option (enter for default)"] = "2";
             context.Terminal.Prompts["Username"] = "username";
             context.Terminal.SecretPrompts["Password"] = "password";
-            var result = auth.GetAuthentication(null, null, AuthenticationModes.All);
+            var result = await auth.GetAuthenticationAsync(null, null, AuthenticationModes.All);
             Assert.Equal(AuthenticationModes.Basic, result.AuthenticationMode);
             Assert.Equal("username", result.Credential.Account);
             Assert.Equal("password", result.Credential.Password);
         }
 
         [Fact]
-        public void GitLabAuthentication_GetAuthenticationAsync_AuthenticationModesAll_RequiresInteraction()
+        public async Task GitLabAuthentication_GetAuthenticationAsync_AuthenticationModesAll_RequiresInteraction()
         {
             var context = new TestCommandContext();
             context.Settings.IsInteractionAllowed = false;
             var auth = new GitLabAuthentication(context);
-            var exception = Assert.Throws<InvalidOperationException>(
-                () => auth.GetAuthentication(new Uri("https://GitLab.com"), null, AuthenticationModes.All)
+            var exception = await Assert.ThrowsAsync<InvalidOperationException>(
+                () => auth.GetAuthenticationAsync(new Uri("https://GitLab.com"), null, AuthenticationModes.All)
             );
             Assert.Equal("Cannot prompt because user interactivity has been disabled.", exception.Message);
         }
     }
-}
+}

src/shared/GitLab/GitLabAuthentication.cs

@@ -12,7 +12,7 @@ namespace GitLab
 {
     public interface IGitLabAuthentication : IDisposable
     {
-        AuthenticationPromptResult GetAuthentication(Uri targetUri, string userName, AuthenticationModes modes);
+        Task<AuthenticationPromptResult> GetAuthenticationAsync(Uri targetUri, string userName, AuthenticationModes modes);
 
         Task<OAuth2TokenResult> GetOAuthTokenViaBrowserAsync(Uri targetUri, IEnumerable<string> scopes);
 
@@ -53,7 +53,7 @@ public class GitLabAuthentication : AuthenticationBase, IGitLabAuthentication
         public GitLabAuthentication(ICommandContext context)
             : base(context) { }
 
-        public AuthenticationPromptResult GetAuthentication(Uri targetUri, string userName, AuthenticationModes modes)
+        public async Task<AuthenticationPromptResult> GetAuthenticationAsync(Uri targetUri, string userName, AuthenticationModes modes)
         {
             // If we don't have a desktop session/GUI then we cannot offer browser
             if (!Context.SessionManager.IsDesktopSession)
@@ -67,70 +67,130 @@ public AuthenticationPromptResult GetAuthentication(Uri targetUri, string userNa
                 throw new ArgumentException(@$"Must specify at least one {nameof(AuthenticationModes)}", nameof(modes));
             }
 
-            switch (modes)
+            if (Context.Settings.IsGuiPromptsEnabled && Context.SessionManager.IsDesktopSession &&
+                TryFindHelperExecutablePath(out string helperPath))
             {
-                case AuthenticationModes.Basic:
-                    ThrowIfUserInteractionDisabled();
-                    ThrowIfTerminalPromptsDisabled();
-                    Context.Terminal.WriteLine("Enter GitLab credentials for '{0}'...", targetUri);
-
-                    if (string.IsNullOrWhiteSpace(userName))
-                    {
-                        userName = Context.Terminal.Prompt("Username");
-                    }
-                    else
-                    {
-                        Context.Terminal.WriteLine("Username: {0}", userName);
-                    }
-
-                    string password = Context.Terminal.PromptSecret("Password");
-                    return new AuthenticationPromptResult(AuthenticationModes.Basic, new GitCredential(userName, password));
-
-                case AuthenticationModes.Pat:
-                    ThrowIfUserInteractionDisabled();
-                    ThrowIfTerminalPromptsDisabled();
-                    Context.Terminal.WriteLine("Enter GitLab credentials for '{0}'...", targetUri);
-
-                    if (string.IsNullOrWhiteSpace(userName))
-                    {
-                        userName = Context.Terminal.Prompt("Username");
-                    }
-                    else
-                    {
-                        Context.Terminal.WriteLine("Username: {0}", userName);
-                    }
-
-                    string token = Context.Terminal.PromptSecret("Personal access token");
-                    return new AuthenticationPromptResult(AuthenticationModes.Pat, new GitCredential(userName, token));
-
-                case AuthenticationModes.Browser:
-                    return new AuthenticationPromptResult(AuthenticationModes.Browser);
-
-                case AuthenticationModes.None:
-                    throw new ArgumentOutOfRangeException(nameof(modes), @$"At least one {nameof(AuthenticationModes)} must be supplied");
-
-                default:
-                    ThrowIfUserInteractionDisabled();
-                    ThrowIfTerminalPromptsDisabled();
-                    var menuTitle = $"Select an authentication method for '{targetUri}'";
-                    var menu = new TerminalMenu(Context.Terminal, menuTitle);
-
-                    TerminalMenuItem browserItem = null;
-                    TerminalMenuItem basicItem = null;
-                    TerminalMenuItem patItem = null;
-
-                    if ((modes & AuthenticationModes.Browser) != 0) browserItem = menu.Add("Web browser");
-                    if ((modes & AuthenticationModes.Pat) != 0) patItem = menu.Add("Personal access token");
-                    if ((modes & AuthenticationModes.Basic) != 0) basicItem = menu.Add("Username/password");
-
-                    // Default to the 'first' choice in the menu
-                    TerminalMenuItem choice = menu.Show(0);
-
-                    if (choice == browserItem) goto case AuthenticationModes.Browser;
-                    if (choice == basicItem) goto case AuthenticationModes.Basic;
-                    if (choice == patItem) goto case AuthenticationModes.Pat;
-
-                    throw new Exception();
+                var cmdArgs = new StringBuilder("prompt");
+                if (!string.IsNullOrWhiteSpace(userName))
+                {
+                    cmdArgs.AppendFormat(" --username {0}", QuoteCmdArg(userName));
+                }
+
+                if ((modes & AuthenticationModes.Basic) != 0)   cmdArgs.Append(" --basic");
+                if ((modes & AuthenticationModes.Browser) != 0) cmdArgs.Append(" --browser");
+                if ((modes & AuthenticationModes.Pat) != 0)     cmdArgs.Append(" --pat");
+
+                IDictionary<string, string> resultDict = await InvokeHelperAsync(helperPath, cmdArgs.ToString());
+
+                if (!resultDict.TryGetValue("mode", out string responseMode))
+                {
+                    throw new Exception("Missing 'mode' in response");
+                }
+
+                switch (responseMode.ToLowerInvariant())
+                {
+                    case "pat":
+                        if (!resultDict.TryGetValue("pat", out string pat))
+                        {
+                            throw new Exception("Missing 'pat' in response");
+                        }
+
+                        if (!resultDict.TryGetValue("username", out string patUserName))
+                        {
+                            // Username is optional for PATs
+                        }
+
+                        return new AuthenticationPromptResult(
+                            AuthenticationModes.Pat, new GitCredential(patUserName, pat));
+
+                    case "browser":
+                        return new AuthenticationPromptResult(AuthenticationModes.Browser);
+
+                    case "basic":
+                        if (!resultDict.TryGetValue("username", out userName))
+                        {
+                            throw new Exception("Missing 'username' in response");
+                        }
+
+                        if (!resultDict.TryGetValue("password", out string password))
+                        {
+                            throw new Exception("Missing 'password' in response");
+                        }
+
+                        return new AuthenticationPromptResult(
+                            AuthenticationModes.Basic, new GitCredential(userName, password));
+
+                    default:
+                        throw new Exception($"Unknown mode value in response '{responseMode}'");
+                }
+            }
+            else
+            {
+                switch (modes)
+                {
+                    case AuthenticationModes.Basic:
+                        ThrowIfUserInteractionDisabled();
+                        ThrowIfTerminalPromptsDisabled();
+                        Context.Terminal.WriteLine("Enter GitLab credentials for '{0}'...", targetUri);
+
+                        if (string.IsNullOrWhiteSpace(userName))
+                        {
+                            userName = Context.Terminal.Prompt("Username");
+                        }
+                        else
+                        {
+                            Context.Terminal.WriteLine("Username: {0}", userName);
+                        }
+
+                        string password = Context.Terminal.PromptSecret("Password");
+                        return new AuthenticationPromptResult(AuthenticationModes.Basic, new GitCredential(userName, password));
+
+                    case AuthenticationModes.Pat:
+                        ThrowIfUserInteractionDisabled();
+                        ThrowIfTerminalPromptsDisabled();
+                        Context.Terminal.WriteLine("Enter GitLab credentials for '{0}'...", targetUri);
+
+                        if (string.IsNullOrWhiteSpace(userName))
+                        {
+                            userName = Context.Terminal.Prompt("Username");
+                        }
+                        else
+                        {
+                            Context.Terminal.WriteLine("Username: {0}", userName);
+                        }
+
+                        string token = Context.Terminal.PromptSecret("Personal access token");
+                        return new AuthenticationPromptResult(AuthenticationModes.Pat, new GitCredential(userName, token));
+
+                    case AuthenticationModes.Browser:
+                        return new AuthenticationPromptResult(AuthenticationModes.Browser);
+
+                    case AuthenticationModes.None:
+                        throw new ArgumentOutOfRangeException(nameof(modes), @$"At least one {nameof(AuthenticationModes)} must be supplied");
+
+                    default:
+                        ThrowIfUserInteractionDisabled();
+                        ThrowIfTerminalPromptsDisabled();
+                        var menuTitle = $"Select an authentication method for '{targetUri}'";
+                        var menu = new TerminalMenu(Context.Terminal, menuTitle);
+
+                        TerminalMenuItem browserItem = null;
+                        TerminalMenuItem basicItem = null;
+                        TerminalMenuItem patItem = null;
+
+                        if ((modes & AuthenticationModes.Browser) != 0) browserItem = menu.Add("Web browser");
+                        if ((modes & AuthenticationModes.Pat) != 0) patItem = menu.Add("Personal access token");
+                        if ((modes & AuthenticationModes.Basic) != 0) basicItem = menu.Add("Username/password");
+
+                        // Default to the 'first' choice in the menu
+                        TerminalMenuItem choice = menu.Show(0);
+
+                        if (choice == browserItem) goto case AuthenticationModes.Browser;
+                        if (choice == basicItem) goto case AuthenticationModes.Basic;
+                        if (choice == patItem) goto case AuthenticationModes.Pat;
+
+                        throw new Exception();
+                }
             }
         }
 
@@ -164,6 +224,15 @@ public async Task<OAuth2TokenResult> GetOAuthTokenViaRefresh(Uri targetUri, stri
             return await oauthClient.GetTokenByRefreshTokenAsync(refreshToken, CancellationToken.None);
         }
 
+        private bool TryFindHelperExecutablePath(out string path)
+        {
+            return TryFindHelperExecutablePath(
+                GitLabConstants.EnvironmentVariables.AuthenticationHelper,
+                GitLabConstants.GitConfiguration.Credential.AuthenticationHelper,
+                GitLabConstants.DefaultAuthenticationHelper,
+                out path);
+        }
+
         private HttpClient _httpClient;
         private HttpClient HttpClient => _httpClient ?? (_httpClient = Context.HttpClientFactory.CreateClient());
 

src/shared/GitLab/GitLabConstants.cs

@@ -6,7 +6,9 @@ public static class GitLabConstants
     {
         public static readonly Uri GitLabDotCom = new Uri("https://gitlab.com");
 
-        // owned by https://gitlab.com/gitcredentialmanager
+        public const string DefaultAuthenticationHelper = "GitLab.UI";
+
+        // Owned by https://gitlab.com/gitcredentialmanager
         public const string OAuthClientId = "172b9f227872b5dde33f4d9b1db06a6a5515ae79508e7a00c973c85ce490671e";
         public const string OAuthClientSecret = "7da92770d1447508601e4ba026bc5eb655c8268e818cd609889cc9bae2023f39";
 
@@ -23,7 +25,7 @@ public static class EnvironmentVariables
             public const string DevOAuthClientSecret = "GCM_DEV_GITLAB_CLIENTSECRET";
             public const string DevOAuthRedirectUri = "GCM_DEV_GITLAB_REDIRECTURI";
             public const string AuthenticationModes = "GCM_GITLAB_AUTHMODES";
-
+            public const string AuthenticationHelper = "GCM_GITLAB_HELPER";
         }
 
         public static class GitConfiguration
@@ -34,6 +36,7 @@ public static class Credential
                 public const string DevOAuthClientId = "gitLabDevClientId";
                 public const string DevOAuthClientSecret = "gitLabDevClientSecret";
                 public const string DevOAuthRedirectUri = "gitLabDevRedirectUri";
+                public const string AuthenticationHelper = "gitLabHelper";
             }
         }
 

src/shared/GitLab/GitLabHostProvider.cs

@@ -97,7 +97,7 @@ public override async Task<ICredential> GenerateCredentialAsync(InputArguments i
 
             AuthenticationModes authModes = GetSupportedAuthenticationModes(remoteUri);
 
-            AuthenticationPromptResult promptResult = _gitLabAuth.GetAuthentication(remoteUri, input.UserName, authModes);
+            AuthenticationPromptResult promptResult = await _gitLabAuth.GetAuthenticationAsync(remoteUri, input.UserName, authModes);
 
             switch (promptResult.AuthenticationMode)
             {