Completes the cloud integration reauth flow by disconnecting cloud token (#3636)

axosoft-ramint · web-flow · commit 89c9dea972cb · 2024-10-01T15:30:00.000-07:00
* Completes the cloud integration reauth flow by disconnecting cloud token

* Kicks out early if the disconnect failed
diff --git a/src/constants.telemetry.ts b/src/constants.telemetry.ts
@@ -65,6 +65,12 @@ export type TelemetryEvents = {
 		'integration.connected.ids': string | undefined;
 	};
 
+	/** Sent when disconnecting a provider from the api fails*/
+	'cloudIntegrations/disconnect/failed': {
+		code: number | undefined;
+		'integration.id': string | undefined;
+	};
+
 	/** Sent when getting connected providers from the api fails*/
 	'cloudIntegrations/getConnections/failed': {
 		code: number | undefined;
diff --git a/src/plus/integrations/authentication/cloudIntegrationService.ts b/src/plus/integrations/authentication/cloudIntegrationService.ts
@@ -90,4 +90,36 @@ export class CloudIntegrationService {
 
 		return (await tokenRsp.json())?.data as Promise<CloudIntegrationAuthenticationSession | undefined>;
 	}
+
+	async disconnect(id: IntegrationId): Promise<boolean> {
+		const scope = getLogScope();
+
+		const cloudIntegrationType = toCloudIntegrationType[id];
+		if (cloudIntegrationType == null) {
+			Logger.error(undefined, scope, `Unsupported cloud integration type: ${id}`);
+			return false;
+		}
+
+		const tokenRsp = await this.connection.fetchGkDevApi(
+			`v1/provider-tokens/${cloudIntegrationType}`,
+			{ method: 'DELETE' },
+			{ organizationId: false },
+		);
+		if (!tokenRsp.ok) {
+			const error = (await tokenRsp.json())?.error;
+			const errorMessage = typeof error === 'string' ? error : (error?.message as string) ?? tokenRsp.statusText;
+			if (error != null) {
+				Logger.error(undefined, scope, `Failed to disconnect ${id} token from cloud: ${errorMessage}`);
+			}
+			if (this.container.telemetry.enabled) {
+				this.container.telemetry.sendEvent('cloudIntegrations/disconnect/failed', {
+					code: tokenRsp.status,
+					'integration.id': id,
+				});
+			}
+			return false;
+		}
+
+		return true;
+	}
 }
diff --git a/src/plus/integrations/authentication/integrationAuthentication.ts b/src/plus/integrations/authentication/integrationAuthentication.ts
@@ -267,7 +267,7 @@ export abstract class CloudIntegrationAuthenticationProvider<
 	}
 
 	protected override async fetchOrCreateSession(
-		storedSession: ProviderAuthenticationSession | undefined,
+		_storedSession: ProviderAuthenticationSession | undefined,
 		descriptor?: IntegrationAuthenticationSessionDescriptor,
 		options?:
 			| {
@@ -285,6 +285,14 @@ export abstract class CloudIntegrationAuthenticationProvider<
 					source?: Sources;
 			  },
 	): Promise<ProviderAuthenticationSession | undefined> {
+		if (options?.forceNewSession) {
+			if (!(await this.disconnectSession())) {
+				return undefined;
+			}
+
+			void this.connectCloudIntegration(false, options?.source);
+			return undefined;
+		}
 		// TODO: This is a stopgap to make sure we're not hammering the api on automatic calls to get the session.
 		// Ultimately we want to timestamp calls to syncCloudIntegrations and use that to determine whether we should
 		// make the call or not.
@@ -293,10 +301,7 @@ export abstract class CloudIntegrationAuthenticationProvider<
 				? await this.fetchSession(descriptor)
 				: undefined;
 
-		if (shouldForceNewSession(storedSession, session, options)) {
-			// TODO: gk.dev doesn't yet support forcing a new session, so the user will need to disconnect and reconnect
-			void this.connectCloudIntegration(false, options?.source);
-		} else if (shouldCreateSession(session, options)) {
+		if (shouldCreateSession(session, options)) {
 			const connected = await this.connectCloudIntegration(true, options?.source);
 			if (!connected) return undefined;
 			session = await this.getSession(descriptor, { source: options?.source });
@@ -357,6 +362,16 @@ export abstract class CloudIntegrationAuthenticationProvider<
 		};
 	}
 
+	private async disconnectSession(): Promise<boolean> {
+		const loggedIn = await this.container.subscription.getAuthenticationSession(false);
+		if (!loggedIn) return false;
+
+		const cloudIntegrations = await this.container.cloudIntegrations;
+		if (cloudIntegrations == null) return false;
+
+		return cloudIntegrations.disconnect(this.authProviderId);
+	}
+
 	private async openCompletionInput(cancellationToken: CancellationToken) {
 		const input = window.createInputBox();
 		input.ignoreFocusOut = true;
@@ -569,19 +584,6 @@ function convertStoredSessionToSession(
 	};
 }
 
-function shouldForceNewSession(
-	storedSession: ProviderAuthenticationSession | undefined,
-	newSession: ProviderAuthenticationSession | undefined,
-	options?: { createIfNeeded?: boolean; forceNewSession?: boolean },
-) {
-	return (
-		options?.forceNewSession &&
-		storedSession != null &&
-		newSession != null &&
-		storedSession.accessToken === newSession.accessToken
-	);
-}
-
 function shouldCreateSession(
 	storedSession: ProviderAuthenticationSession | undefined,
 	options?: { createIfNeeded?: boolean; forceNewSession?: boolean },
