Dedupe code in ApiClient. Also, cache user data and avoid using the keychain username

shana · shana · commit 35f028990093 · 2018-04-03T16:52:58.000+02:00
The system keychain may have a valid token with an invalid username
because every git client fills out that information slightly different
and the username is not relevant for accessing the API
(only the token is needed). If we encounter a mismatch, don't throw
immediately (the token might be perfectly valid), but always doublecheck
the github user to make sure the username of the connection matches
the user that the token is associated with.

Cache the GitHubUser object in the Connection list (non serialized) so that
if we fill out once and all the information matches, we can reuse it and
avoid pinging the API every time. If another git client tramples all over
our keychain, it's highly likely that they'll also not fill out the username
information anyway, and we always grab the user from GitHub if that happens
so we should be relatively safe trusting the cached GitHubUser object
(it'll get thrown away whenever Unity reloads so it's also likely that we'll
keep refreshing it anyways)

In the process of this, cleaned up some duplicated and uneeded code that could
lead to issues later on.
diff --git a/src/GitHub.Api/Application/ApiClient.cs b/src/GitHub.Api/Application/ApiClient.cs
@@ -10,17 +10,6 @@ namespace GitHub.Unity
 {
     class ApiClient : IApiClient
     {
-        public static IApiClient Create(UriString repositoryUrl, IKeychain keychain, IProcessManager processManager, ITaskManager taskManager, NPath nodeJsExecutablePath, NPath octorunScriptPath)
-        {
-            logger.Trace("Creating ApiClient: {0}", repositoryUrl);
-
-            var credentialStore = keychain.Connect(repositoryUrl);
-            var hostAddress = HostAddress.Create(repositoryUrl);
-
-            return new ApiClient(repositoryUrl, keychain,
-                processManager, taskManager, nodeJsExecutablePath, octorunScriptPath);
-        }
-
         private static readonly ILogging logger = LogHelper.GetLogger<ApiClient>();
         public HostAddress HostAddress { get; }
         public UriString OriginalUrl { get; }
@@ -81,34 +70,20 @@ public async Task GetOrganizations(Action<Organization[]> onSuccess, Action<Exce
             await GetOrganizationInternal(onSuccess, onError);
         }
 
-        public async Task ValidateCurrentUser(Action onSuccess, Action<Exception> onError = null)
+        public async Task GetCurrentUser(Action<GitHubUser> onSuccess, Action<Exception> onError = null)
         {
             Guard.ArgumentNotNull(onSuccess, nameof(onSuccess));
             try
             {
-                var keychainConnection = keychain.Connections.First();
-                var keychainAdapter = await GetValidatedKeychainAdapter(keychainConnection);
-                await GetValidatedGitHubUser(keychainConnection, keychainAdapter);
-                onSuccess();
+                var user = await GetCurrentUser();
+                onSuccess(user);
             }
             catch (Exception e)
             {
                 onError?.Invoke(e);
             }
         }
 
-        public async Task GetCurrentUser(Action<GitHubUser> callback)
-        {
-            Guard.ArgumentNotNull(callback, "callback");
-            
-            //TODO: ONE_USER_LOGIN This assumes only ever one user can login
-            var keychainConnection = keychain.Connections.First();
-            var keychainAdapter = await GetValidatedKeychainAdapter(keychainConnection);
-            var user = await GetValidatedGitHubUser(keychainConnection, keychainAdapter);
-
-            callback(user);
-        }
-
         public async Task Login(string username, string password, Action<LoginResult> need2faCode, Action<bool, string> result)
         {
             Guard.ArgumentNotNull(need2faCode, "need2faCode");
@@ -205,16 +180,33 @@ public async Task<bool> ContinueLoginAsync(LoginResult loginResult, Func<LoginRe
             return result.Code == LoginResultCodes.Success;
         }
 
+        private async Task<GitHubUser> GetCurrentUser()
+        {
+            //TODO: ONE_USER_LOGIN This assumes we only support one login
+            var keychainConnection = keychain.Connections.FirstOrDefault();
+            if (keychainConnection == null)
+                throw new KeychainEmptyException();
+
+            var keychainAdapter = await GetValidatedKeychainAdapter(keychainConnection);
+
+            // we can't trust that the system keychain has the username filled out correctly.
+            // if it doesn't, we need to grab the username from the server and check it
+            // unfortunately this means that things will be slower when the keychain doesn't have all the info
+            if (keychainConnection.User == null || keychainAdapter.Credential.Username != keychainConnection.Username)
+            {
+                keychainConnection.User = await GetValidatedGitHubUser(keychainConnection, keychainAdapter);
+            }
+            return keychainConnection.User;
+        }
+
         private async Task<GitHubRepository> CreateRepositoryInternal(string repositoryName, string organization, string description, bool isPrivate)
         {
             try
             {
                 logger.Trace("Creating repository");
 
-                //TODO: ONE_USER_LOGIN This assumes only ever one user can login
-                var keychainConnection = keychain.Connections.First();
-                var keychainAdapter = await GetValidatedKeychainAdapter(keychainConnection);
-                await GetValidatedGitHubUser(keychainConnection, keychainAdapter);
+                var user = await GetCurrentUser();
+                var keychainAdapter = keychain.Connect(OriginalUrl);
 
                 var command = new StringBuilder("publish -r \"");
                 command.Append(repositoryName);
@@ -240,7 +232,7 @@ private async Task<GitHubRepository> CreateRepositoryInternal(string repositoryN
                 }
 
                 var octorunTask = new OctorunTask(taskManager.Token, nodeJsExecutablePath, octorunScriptPath, command.ToString(),
-                    user: keychainAdapter.Credential.Username, userToken: keychainAdapter.Credential.Token)
+                    user: user.Login, userToken: keychainAdapter.Credential.Token)
                     .Configure(processManager);
 
                 var ret = await octorunTask.StartAwait();
@@ -268,13 +260,11 @@ private async Task GetOrganizationInternal(Action<Organization[]> onSuccess, Act
             {
                 logger.Trace("Getting Organizations");
 
-                //TODO: ONE_USER_LOGIN This assumes only ever one user can login
-                var keychainConnection = keychain.Connections.First();
-                var keychainAdapter = await GetValidatedKeychainAdapter(keychainConnection);
-                await GetValidatedGitHubUser(keychainConnection, keychainAdapter);
+                var user = await GetCurrentUser();
+                var keychainAdapter = keychain.Connect(OriginalUrl);
 
                 var octorunTask = new OctorunTask(taskManager.Token, nodeJsExecutablePath, octorunScriptPath, "organizations",
-                        user: keychainAdapter.Credential.Username, userToken: keychainAdapter.Credential.Token)
+                        user: user.Login, userToken: keychainAdapter.Credential.Token)
                     .Configure(processManager);
 
                 var ret = await octorunTask.StartAsAsync();
@@ -305,35 +295,30 @@ private async Task GetOrganizationInternal(Action<Organization[]> onSuccess, Act
 
         private async Task<IKeychainAdapter> GetValidatedKeychainAdapter(Connection keychainConnection)
         {
-            if (keychain.HasKeys)
-            {
-                var keychainAdapter = await keychain.Load(keychainConnection.Host);
-
-                if (string.IsNullOrEmpty(keychainAdapter.Credential?.Username))
-                {
-                    logger.Warning("LoadKeychainInternal: Username is empty");
-                    throw new TokenUsernameMismatchException(keychainConnection.Username);
-                }
+            var keychainAdapter = await keychain.Load(keychainConnection.Host);
+            if (keychainAdapter == null)
+                throw new KeychainEmptyException();
 
-                if (keychainAdapter.Credential.Username != keychainConnection.Username)
-                {
-                    logger.Warning("LoadKeychainInternal: Token username does not match");
-                    throw new TokenUsernameMismatchException(keychainConnection.Username, keychainAdapter.Credential.Username);
-                }
+            if (string.IsNullOrEmpty(keychainAdapter.Credential?.Username))
+            {
+                logger.Warning("LoadKeychainInternal: Username is empty");
+                throw new TokenUsernameMismatchException(keychainConnection.Username);
+            }
 
-                return keychainAdapter;
+            if (keychainAdapter.Credential.Username != keychainConnection.Username)
+            {
+                logger.Warning("LoadKeychainInternal: Token username does not match");
             }
 
-            logger.Warning("LoadKeychainInternal: No keys to load");
-            throw new KeychainEmptyException();
+            return keychainAdapter;
         }
 
         private async Task<GitHubUser> GetValidatedGitHubUser(Connection keychainConnection, IKeychainAdapter keychainAdapter)
         {
             try
             {
                 var octorunTask = new OctorunTask(taskManager.Token, nodeJsExecutablePath, octorunScriptPath, "validate",
-                        user: keychainAdapter.Credential.Username, userToken: keychainAdapter.Credential.Token)
+                        user: keychainConnection.Username, userToken: keychainAdapter.Credential.Token)
                     .Configure(processManager);
 
                 var ret = await octorunTask.StartAsAsync();
diff --git a/src/GitHub.Api/Application/IApiClient.cs b/src/GitHub.Api/Application/IApiClient.cs
@@ -14,7 +14,6 @@ Task CreateRepository(string name, string description, bool isPrivate,
         Task ContinueLogin(LoginResult loginResult, string code);
         Task<bool> LoginAsync(string username, string password, Func<LoginResult, string> need2faCode);
         Task Logout(UriString host);
-        Task GetCurrentUser(Action<GitHubUser> callback);
-        Task ValidateCurrentUser(Action onSuccess, Action<Exception> onError = null);
+        Task GetCurrentUser(Action<GitHubUser> onSuccess, Action<Exception> onError = null);
     }
 }
diff --git a/src/GitHub.Api/Authentication/Keychain.cs b/src/GitHub.Api/Authentication/Keychain.cs
@@ -12,6 +12,7 @@ public class Connection
     {
         public string Host { get; set; }
         public string Username { get; set; }
+        [NonSerialized] internal GitHubUser User;
 
         // for json serialization
         public Connection()
@@ -99,7 +100,7 @@ public IKeychainAdapter Connect(UriString host)
 
         public async Task<IKeychainAdapter> Load(UriString host)
         {
-            KeychainAdapter keychainAdapter = FindOrCreateAdapter(host);
+            var keychainAdapter = FindOrCreateAdapter(host);
             var connection = GetConnection(host);
 
             //logger.Trace($@"Loading KeychainAdapter Host:""{host}"" Cached Username:""{cachedConnection.Username}""");
@@ -109,6 +110,7 @@ public async Task<IKeychainAdapter> Load(UriString host)
             {
                 logger.Warning("Cannot load host from Credential Manager; removing from cache");
                 await Clear(host, false);
+                keychainAdapter = null;
             }
             else
             {
diff --git a/src/UnityExtension/Assets/Editor/GitHub.Unity/Services/AuthenticationService.cs b/src/UnityExtension/Assets/Editor/GitHub.Unity/Services/AuthenticationService.cs
@@ -10,7 +10,7 @@ class AuthenticationService
 
         public AuthenticationService(UriString host, IKeychain keychain, NPath nodeJsExecutablePath, NPath octorunExecutablePath)
         {
-            client = ApiClient.Create(host, keychain, EntryPoint.ApplicationManager.ProcessManager, EntryPoint.ApplicationManager.TaskManager, nodeJsExecutablePath, octorunExecutablePath);
+            client = new ApiClient(host, keychain, EntryPoint.ApplicationManager.ProcessManager, EntryPoint.ApplicationManager.TaskManager, nodeJsExecutablePath, octorunExecutablePath);
         }
 
         public void Login(string username, string password, Action<string> twofaRequired, Action<bool, string> authResult)
diff --git a/src/UnityExtension/Assets/Editor/GitHub.Unity/UI/PopupWindow.cs b/src/UnityExtension/Assets/Editor/GitHub.Unity/UI/PopupWindow.cs
@@ -120,7 +120,7 @@ private void Open(PopupViewType popupViewType, Action<bool> onClose)
             {
                 //Logger.Trace("Validating to open view");
 
-                Client.ValidateCurrentUser(() => {
+                Client.GetCurrentUser(user => {
 
                     //Logger.Trace("User validated opening view");
 
@@ -192,7 +192,7 @@ public IApiClient Client
                         host = UriString.ToUriString(HostAddress.GitHubDotComHostAddress.WebUri);
                     }
 
-                    client = ApiClient.Create(host, Platform.Keychain, Manager.ProcessManager, TaskManager, Environment.NodeJsExecutablePath, Environment.OctorunScriptPath);
+                    client = new ApiClient(host, Platform.Keychain, Manager.ProcessManager, TaskManager, Environment.NodeJsExecutablePath, Environment.OctorunScriptPath);
                 }
 
                 return client;
diff --git a/src/UnityExtension/Assets/Editor/GitHub.Unity/UI/PublishView.cs b/src/UnityExtension/Assets/Editor/GitHub.Unity/UI/PublishView.cs
@@ -52,7 +52,7 @@ public IApiClient Client
                         host = UriString.ToUriString(HostAddress.GitHubDotComHostAddress.WebUri);
                     }
 
-                    client = ApiClient.Create(host, Platform.Keychain, Manager.ProcessManager, TaskManager, Environment.NodeJsExecutablePath, Environment.OctorunScriptPath);
+                    client = new ApiClient(host, Platform.Keychain, Manager.ProcessManager, TaskManager, Environment.NodeJsExecutablePath, Environment.OctorunScriptPath);
                 }
 
                 return client;
diff --git a/src/UnityExtension/Assets/Editor/GitHub.Unity/UI/Window.cs b/src/UnityExtension/Assets/Editor/GitHub.Unity/UI/Window.cs
@@ -500,7 +500,7 @@ private void SignOut(object obj)
                 host = UriString.ToUriString(HostAddress.GitHubDotComHostAddress.WebUri);
             }
 
-            var apiClient = ApiClient.Create(host, Platform.Keychain, null, null, NPath.Default, NPath.Default);
+            var apiClient = new ApiClient(host, Platform.Keychain, null, null, NPath.Default, NPath.Default);
             apiClient.Logout(host);
         }
 
diff --git a/src/tests/UnitTests/Authentication/KeychainTests.cs b/src/tests/UnitTests/Authentication/KeychainTests.cs
@@ -223,7 +223,7 @@ public void ShouldDeleteFromCacheWhenLoadReturnsNullFromConnectionManager()
 
             var uriString = keychain.Hosts.FirstOrDefault();
             var keychainAdapter = keychain.Load(uriString).Result;
-            keychainAdapter.Credential.Should().BeNull();
+            keychainAdapter.Should().BeNull();
 
             fileSystem.DidNotReceive().FileExists(Args.String);
             fileSystem.DidNotReceive().ReadAllText(Args.String);

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,6 @@ Task CreateRepository(string name, string description, bool isPrivate,`
`14`	`14`	`Task ContinueLogin(LoginResult loginResult, string code);`
`15`	`15`	`Task<bool> LoginAsync(string username, string password, Func<LoginResult, string> need2faCode);`
`16`	`16`	`Task Logout(UriString host);`
`17`		`- Task GetCurrentUser(Action<GitHubUser> callback);`
`18`		`- Task ValidateCurrentUser(Action onSuccess, Action<Exception> onError = null);`
	`17`	`+ Task GetCurrentUser(Action<GitHubUser> onSuccess, Action<Exception> onError = null);`
`19`	`18`	`}`
`20`	`19`	`}`
Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@ public class Connection`
`12`	`12`	`{`
`13`	`13`	`public string Host { get; set; }`
`14`	`14`	`public string Username { get; set; }`
	`15`	`+ [NonSerialized] internal GitHubUser User;`
`15`	`16`
`16`	`17`	`// for json serialization`
`17`	`18`	`public Connection()`
`@@ -99,7 +100,7 @@ public IKeychainAdapter Connect(UriString host)`
`99`	`100`
`100`	`101`	`public async Task<IKeychainAdapter> Load(UriString host)`
`101`	`102`	`{`
`102`		`- KeychainAdapter keychainAdapter = FindOrCreateAdapter(host);`
	`103`	`+ var keychainAdapter = FindOrCreateAdapter(host);`
`103`	`104`	`var connection = GetConnection(host);`
`104`	`105`
`105`	`106`	`//logger.Trace($@"Loading KeychainAdapter Host:""{host}"" Cached Username:""{cachedConnection.Username}""");`
`@@ -109,6 +110,7 @@ public async Task<IKeychainAdapter> Load(UriString host)`
`109`	`110`	`{`
`110`	`111`	`logger.Warning("Cannot load host from Credential Manager; removing from cache");`
`111`	`112`	`await Clear(host, false);`
	`113`	`+ keychainAdapter = null;`
`112`	`114`	`}`
`113`	`115`	`else`
`114`	`116`	`{`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ class AuthenticationService`
`10`	`10`
`11`	`11`	`public AuthenticationService(UriString host, IKeychain keychain, NPath nodeJsExecutablePath, NPath octorunExecutablePath)`
`12`	`12`	`{`
`13`		`- client = ApiClient.Create(host, keychain, EntryPoint.ApplicationManager.ProcessManager, EntryPoint.ApplicationManager.TaskManager, nodeJsExecutablePath, octorunExecutablePath);`
	`13`	`+ client = new ApiClient(host, keychain, EntryPoint.ApplicationManager.ProcessManager, EntryPoint.ApplicationManager.TaskManager, nodeJsExecutablePath, octorunExecutablePath);`
`14`	`14`	`}`
`15`	`15`
`16`	`16`	`public void Login(string username, string password, Action<string> twofaRequired, Action<bool, string> authResult)`
Original file line number	Diff line number	Diff line change
`@@ -120,7 +120,7 @@ private void Open(PopupViewType popupViewType, Action<bool> onClose)`
`120`	`120`	`{`
`121`	`121`	`//Logger.Trace("Validating to open view");`
`122`	`122`
`123`		`- Client.ValidateCurrentUser(() => {`
	`123`	`+ Client.GetCurrentUser(user => {`
`124`	`124`
`125`	`125`	`//Logger.Trace("User validated opening view");`
`126`	`126`
`@@ -192,7 +192,7 @@ public IApiClient Client`
`192`	`192`	`host = UriString.ToUriString(HostAddress.GitHubDotComHostAddress.WebUri);`
`193`	`193`	`}`
`194`	`194`
`195`		`- client = ApiClient.Create(host, Platform.Keychain, Manager.ProcessManager, TaskManager, Environment.NodeJsExecutablePath, Environment.OctorunScriptPath);`
	`195`	`+ client = new ApiClient(host, Platform.Keychain, Manager.ProcessManager, TaskManager, Environment.NodeJsExecutablePath, Environment.OctorunScriptPath);`
`196`	`196`	`}`
`197`	`197`
`198`	`198`	`return client;`
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ public IApiClient Client`
`52`	`52`	`host = UriString.ToUriString(HostAddress.GitHubDotComHostAddress.WebUri);`
`53`	`53`	`}`
`54`	`54`
`55`		`- client = ApiClient.Create(host, Platform.Keychain, Manager.ProcessManager, TaskManager, Environment.NodeJsExecutablePath, Environment.OctorunScriptPath);`
	`55`	`+ client = new ApiClient(host, Platform.Keychain, Manager.ProcessManager, TaskManager, Environment.NodeJsExecutablePath, Environment.OctorunScriptPath);`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`return client;`
Original file line number	Diff line number	Diff line change
`@@ -500,7 +500,7 @@ private void SignOut(object obj)`
`500`	`500`	`host = UriString.ToUriString(HostAddress.GitHubDotComHostAddress.WebUri);`
`501`	`501`	`}`
`502`	`502`
`503`		`- var apiClient = ApiClient.Create(host, Platform.Keychain, null, null, NPath.Default, NPath.Default);`
	`503`	`+ var apiClient = new ApiClient(host, Platform.Keychain, null, null, NPath.Default, NPath.Default);`
`504`	`504`	`apiClient.Logout(host);`
`505`	`505`	`}`
`506`	`506`