Adds support for link to account login (#3390)

* Adds /login link and handler

* Uses options map to pass options rather than scopes

* Fixes error message

* Updates params and messaging

* Accept context param

* Updates wording

Author: axosoft-ramint

src/plus/gk/account/authenticationConnection.ts

@@ -11,6 +11,7 @@ import { getLogScope } from '../../../system/logger.scope';
 import { openUrl } from '../../../system/utils';
 import type { ServerConnection } from '../serverConnection';
 
+export const LoginUriPathPrefix = 'login';
 export const AuthenticationUriPathPrefix = 'did-authenticate';
 
 interface AccountInfo {
@@ -113,7 +114,7 @@ export class AuthenticationConnection implements Disposable {
 				new Promise<string>((_, reject) => setTimeout(reject, 120000, 'Cancelled')),
 			]);
 
-			const token = await this.getTokenFromCodeAndState(scopeKey, code, gkstate);
+			const token = await this.getTokenFromCodeAndState(code, gkstate, scopeKey);
 			return token;
 		} finally {
 			this._cancellationSource?.cancel();
@@ -167,10 +168,12 @@ export class AuthenticationConnection implements Disposable {
 		}
 	}
 
-	private async getTokenFromCodeAndState(scopeKey: string, code: string, state: string): Promise<string> {
-		const existingStates = this._pendingStates.get(scopeKey);
-		if (!existingStates?.includes(state)) {
-			throw new Error('Getting token failed: Invalid state');
+	async getTokenFromCodeAndState(code: string, state?: string, scopeKey?: string): Promise<string> {
+		if (state != null && scopeKey != null) {
+			const existingStates = this._pendingStates.get(scopeKey);
+			if (!existingStates?.includes(state)) {
+				throw new Error('Getting token failed: Invalid state');
+			}
 		}
 
 		const rsp = await this.connection.fetchGkDevApi(
@@ -181,7 +184,7 @@ export class AuthenticationConnection implements Disposable {
 					grant_type: 'authorization_code',
 					client_id: 'gitkraken.gitlens',
 					code: code,
-					state: state,
+					state: state ?? '',
 				}),
 			},
 			{

src/plus/gk/account/authenticationProvider.ts

@@ -28,6 +28,11 @@ export const authenticationProviderId = 'gitlens+';
 export const authenticationProviderScopes = ['gitlens'];
 const authenticationLabel = 'GitKraken: GitLens';
 
+export interface AuthenticationProviderOptions {
+	signUp?: boolean;
+	signIn?: { code: string; state?: string };
+}
+
 export class AccountAuthenticationProvider implements AuthenticationProvider, Disposable {
 	private _onDidChangeSessions = new EventEmitter<AuthenticationProviderAuthenticationSessionsChangeEvent>();
 	get onDidChangeSessions() {
@@ -37,6 +42,7 @@ export class AccountAuthenticationProvider implements AuthenticationProvider, Di
 	private readonly _disposable: Disposable;
 	private readonly _authConnection: AuthenticationConnection;
 	private _sessionsPromise: Promise<AuthenticationSession[]>;
+	private _optionsByScope: Map<string, AuthenticationProviderOptions> | undefined;
 
 	constructor(
 		private readonly container: Container,
@@ -68,22 +74,32 @@ export class AccountAuthenticationProvider implements AuthenticationProvider, Di
 		return this._authConnection.abort();
 	}
 
+	public setOptionsForScopes(scopes: string[], options: AuthenticationProviderOptions) {
+		this._optionsByScope ??= new Map<string, AuthenticationProviderOptions>();
+		this._optionsByScope.set(getScopesKey(scopes), options);
+	}
+
+	public clearOptionsForScopes(scopes: string[]) {
+		this._optionsByScope?.delete(getScopesKey(scopes));
+	}
+
 	@debug()
 	public async createSession(scopes: string[]): Promise<AuthenticationSession> {
 		const scope = getLogScope();
 
-		const signUp = scopes.includes('signUp');
-		// 'signUp' is just a flag, not a valid scope, so remove it before continuing
-		if (signUp) {
-			scopes = scopes.filter(s => s !== 'signUp');
+		const options = this._optionsByScope?.get(getScopesKey(scopes));
+		if (options != null) {
+			this._optionsByScope?.delete(getScopesKey(scopes));
 		}
-
 		// Ensure that the scopes are sorted consistently (since we use them for matching and order doesn't matter)
 		scopes = scopes.sort();
 		const scopesKey = getScopesKey(scopes);
 
 		try {
-			const token = await this._authConnection.login(scopes, scopesKey, signUp);
+			const token =
+				options?.signIn != null
+					? await this._authConnection.getTokenFromCodeAndState(options.signIn.code, options.signIn.state)
+					: await this._authConnection.login(scopes, scopesKey, options?.signUp);
 			const session = await this.createSessionForToken(token, scopes);
 
 			const sessions = await this._sessionsPromise;

src/plus/gk/account/subscriptionService.ts

@@ -5,6 +5,7 @@ import type {
 	Event,
 	MessageItem,
 	StatusBarItem,
+	Uri,
 } from 'vscode';
 import {
 	authentication,
@@ -106,6 +107,7 @@ export class SubscriptionService implements Disposable {
 				}
 			}),
 			container.uri.onDidReceiveSubscriptionUpdatedUri(this.onSubscriptionUpdatedUri, this),
+			container.uri.onDidReceiveLoginUri(this.onLoginUri, this),
 		);
 
 		const subscription = this.getStoredSubscription();
@@ -359,14 +361,39 @@ export class SubscriptionService implements Disposable {
 			);
 		}
 
+		return this.loginCore({ signUp: signUp, source: source });
+	}
+
+	async loginWithCode(authentication: { code: string; state?: string }, source?: Source): Promise<boolean> {
+		if (!(await ensurePlusFeaturesEnabled())) return false;
+		if (this.container.telemetry.enabled) {
+			this.container.telemetry.sendEvent('subscription/action', { action: 'sign-in' }, source);
+		}
+
+		const session = await this.ensureSession(false);
+		if (session != null) {
+			await this.logout(undefined, source);
+		}
+
+		return this.loginCore({ signIn: authentication, source: source });
+	}
+
+	private async loginCore(options?: {
+		signUp?: boolean;
+		source?: Source;
+		signIn?: { code: string; state?: string };
+	}): Promise<boolean> {
 		// Abort any waiting authentication to ensure we can start a new flow
 		await this.container.accountAuthentication.abort();
 		void this.showAccountView();
 
-		const session = await this.ensureSession(true, { signUp: signUp });
+		const session = await this.ensureSession(true, {
+			signIn: options?.signIn,
+			signUp: options?.signUp,
+		});
 		const loggedIn = Boolean(session);
 		if (loggedIn) {
-			void this.showPlanMessage(source);
+			void this.showPlanMessage(options?.source);
 		}
 		return loggedIn;
 	}
@@ -914,7 +941,7 @@ export class SubscriptionService implements Disposable {
 	@debug()
 	private async ensureSession(
 		createIfNeeded: boolean,
-		options?: { force?: boolean; signUp?: boolean },
+		options?: { force?: boolean; signUp?: boolean; signIn?: { code: string; state?: string } },
 	): Promise<AuthenticationSession | undefined> {
 		if (this._sessionPromise != null) {
 			void (await this._sessionPromise);
@@ -924,7 +951,10 @@ export class SubscriptionService implements Disposable {
 		if (this._session === null && !createIfNeeded) return undefined;
 
 		if (this._sessionPromise === undefined) {
-			this._sessionPromise = this.getOrCreateSession(createIfNeeded, options?.signUp).then(
+			this._sessionPromise = this.getOrCreateSession(createIfNeeded, {
+				signUp: options?.signUp,
+				signIn: options?.signIn,
+			}).then(
 				s => {
 					this._session = s;
 					this._sessionPromise = undefined;
@@ -945,23 +975,24 @@ export class SubscriptionService implements Disposable {
 	@debug()
 	private async getOrCreateSession(
 		createIfNeeded: boolean,
-		signUp: boolean = false,
+		options?: { signUp?: boolean; signIn?: { code: string; state?: string } },
 	): Promise<AuthenticationSession | null> {
 		const scope = getLogScope();
 
 		let session: AuthenticationSession | null | undefined;
-
 		try {
-			session = await authentication.getSession(
-				authenticationProviderId,
-				signUp ? [...authenticationProviderScopes, 'signUp'] : authenticationProviderScopes,
-				{
-					createIfNone: createIfNeeded,
-					silent: !createIfNeeded,
-				},
-			);
+			if (options != null && createIfNeeded) {
+				this.container.accountAuthentication.setOptionsForScopes(authenticationProviderScopes, options);
+			}
+			session = await authentication.getSession(authenticationProviderId, authenticationProviderScopes, {
+				createIfNone: createIfNeeded,
+				silent: !createIfNeeded,
+			});
 		} catch (ex) {
 			session = null;
+			if (options != null && createIfNeeded) {
+				this.container.accountAuthentication.clearOptionsForScopes(authenticationProviderScopes);
+			}
 
 			if (ex instanceof Error && ex.message.includes('User did not consent')) {
 				setLogScopeExit(scope, ' \u2022 User declined authentication');
@@ -1349,6 +1380,31 @@ export class SubscriptionService implements Disposable {
 		);
 	}
 
+	onLoginUri(uri: Uri) {
+		const scope = getLogScope();
+		const queryParams: URLSearchParams = new URLSearchParams(uri.query);
+		const code = queryParams.get('code');
+		const state = queryParams.get('state');
+		const context = queryParams.get('context');
+		let contextMessage = 'sign in to GitKraken';
+
+		switch (context) {
+			case 'start_trial':
+				contextMessage = 'start a Pro trial';
+				break;
+		}
+
+		if (code == null) {
+			Logger.error(`No code provided. Link: ${uri.toString(true)}`, scope);
+			void window.showErrorMessage(
+				`Unable to ${contextMessage} with that link. Please try clicking the link again. If this issue persists, please contact support.`,
+			);
+			return;
+		}
+
+		void this.loginWithCode({ code: code, state: state ?? undefined }, { source: 'deeplink' });
+	}
+
 	async onSubscriptionUpdatedUri() {
 		if (this._session == null) return;
 		const oldSubscriptionState = this._subscription.state;

src/uris/uriService.ts

@@ -1,7 +1,7 @@
 import type { Disposable, Event, Uri, UriHandler } from 'vscode';
 import { EventEmitter, window } from 'vscode';
 import type { Container } from '../container';
-import { AuthenticationUriPathPrefix } from '../plus/gk/account/authenticationConnection';
+import { AuthenticationUriPathPrefix, LoginUriPathPrefix } from '../plus/gk/account/authenticationConnection';
 import { SubscriptionUpdatedUriPathPrefix } from '../plus/gk/account/subscription';
 import { CloudIntegrationAuthenticationUriPathPrefix } from '../plus/integrations/authentication/models';
 import { log } from '../system/decorators/log';
@@ -13,13 +13,18 @@ export class UriService implements Disposable, UriHandler {
 	private _disposable: Disposable;
 
 	private _onDidReceiveAuthenticationUri: EventEmitter<Uri> = new EventEmitter<Uri>();
+	private _onDidReceiveLoginUri: EventEmitter<Uri> = new EventEmitter<Uri>();
 	private _onDidReceiveCloudIntegrationAuthenticationUri: EventEmitter<Uri> = new EventEmitter<Uri>();
 	private _onDidReceiveSubscriptionUpdatedUri: EventEmitter<Uri> = new EventEmitter<Uri>();
 
 	get onDidReceiveAuthenticationUri(): Event<Uri> {
 		return this._onDidReceiveAuthenticationUri.event;
 	}
 
+	get onDidReceiveLoginUri(): Event<Uri> {
+		return this._onDidReceiveLoginUri.event;
+	}
+
 	get onDidReceiveCloudIntegrationAuthenticationUri(): Event<Uri> {
 		return this._onDidReceiveCloudIntegrationAuthenticationUri.event;
 	}
@@ -53,6 +58,9 @@ export class UriService implements Disposable, UriHandler {
 		} else if (type === SubscriptionUpdatedUriPathPrefix) {
 			this._onDidReceiveSubscriptionUpdatedUri.fire(uri);
 			return;
+		} else if (type === LoginUriPathPrefix) {
+			this._onDidReceiveLoginUri.fire(uri);
+			return;
 		}
 
 		this._onDidReceiveUri.fire(uri);