Limit local GitHub restriction for web cases to GitHub git provider

Author: axosoft-ramint

src/plus/gk/utils/-webview/integrationAuthentication.utils.ts

@@ -0,0 +1,36 @@
+import { authentication } from 'vscode';
+import { wrapForForcedInsecureSSL } from '@env/fetch';
+import type { IntegrationId } from '../../../../constants.integrations';
+import type { Container } from '../../../../container';
+import { sequentialize } from '../../../../system/function';
+import type { IntegrationAuthenticationSessionDescriptor } from '../../../integrations/authentication/integrationAuthentication';
+import type { ProviderAuthenticationSession } from '../../../integrations/authentication/models';
+
+export async function getBuiltInIntegrationSession(
+	container: Container,
+	id: IntegrationId,
+	descriptor: IntegrationAuthenticationSessionDescriptor,
+	options?:
+		| { createIfNeeded: true; silent?: never; forceNewSession?: never }
+		| { createIfNeeded?: never; silent: true; forceNewSession?: never }
+		| { createIfNeeded?: never; silent?: never; forceNewSession: true },
+): Promise<ProviderAuthenticationSession | undefined> {
+	return sequentialize(() =>
+		wrapForForcedInsecureSSL(
+			container.integrations.ignoreSSLErrors({ id: id, domain: descriptor.domain }),
+			async () => {
+				const session = await authentication.getSession(id, descriptor.scopes, {
+					createIfNone: options?.createIfNeeded,
+					silent: options?.silent,
+					forceNewSession: options?.forceNewSession,
+				});
+				if (session == null) return undefined;
+
+				return {
+					...session,
+					cloud: false,
+				};
+			},
+		),
+	)();
+}

src/plus/integrations/authentication/integrationAuthentication.ts

@@ -1,15 +1,14 @@
 import type { CancellationToken, Disposable, Event, Uri } from 'vscode';
 import { authentication, EventEmitter, window } from 'vscode';
-import { wrapForForcedInsecureSSL } from '@env/fetch';
 import type { IntegrationId } from '../../../constants.integrations';
 import { HostingIntegrationId, IssueIntegrationId, SelfHostedIntegrationId } from '../../../constants.integrations';
 import type { IntegrationAuthenticationKeys, StoredConfiguredIntegrationDescriptor } from '../../../constants.storage';
 import type { Sources } from '../../../constants.telemetry';
 import type { Container } from '../../../container';
 import { gate } from '../../../system/decorators/-webview/gate';
 import { debug, log } from '../../../system/decorators/log';
-import { sequentialize } from '../../../system/decorators/serialize';
 import type { DeferredEventExecutor } from '../../../system/event';
+import { getBuiltInIntegrationSession } from '../../gk/utils/-webview/integrationAuthentication.utils';
 import {
 	isCloudSelfHostedIntegrationId,
 	isSelfHostedIntegrationId,
@@ -480,29 +479,18 @@ class BuiltInAuthenticationProvider extends LocalIntegrationAuthenticationProvid
 	}
 
 	@debug()
-	@sequentialize()
 	override async getSession(
 		descriptor?: IntegrationAuthenticationSessionDescriptor,
 		options?: { createIfNeeded?: boolean; forceNewSession?: boolean },
 	): Promise<ProviderAuthenticationSession | undefined> {
 		if (descriptor == null) return undefined;
 
 		const { createIfNeeded, forceNewSession } = options ?? {};
-		return wrapForForcedInsecureSSL(
-			this.container.integrations.ignoreSSLErrors({ id: this.authProviderId, domain: descriptor?.domain }),
-			async () => {
-				const session = await authentication.getSession(this.authProviderId, descriptor.scopes, {
-					createIfNone: forceNewSession ? undefined : createIfNeeded,
-					silent: !createIfNeeded && !forceNewSession ? true : undefined,
-					forceNewSession: forceNewSession ? true : undefined,
-				});
-				if (session == null) return undefined;
-
-				return {
-					...session,
-					cloud: false,
-				};
-			},
+		return getBuiltInIntegrationSession(
+			this.container,
+			this.authProviderId,
+			descriptor,
+			forceNewSession ? { forceNewSession: true } : createIfNeeded ? { createIfNeeded: true } : { silent: true },
 		);
 	}
 }

src/plus/integrations/authentication/models.ts

@@ -1,5 +1,4 @@
 import type { AuthenticationSession } from 'vscode';
-import { isWeb } from '@env/platform';
 import type { IntegrationId, SupportedCloudIntegrationIds } from '../../../constants.integrations';
 import {
 	HostingIntegrationId,
@@ -56,15 +55,9 @@ export type CloudIntegrationAuthType = 'oauth' | 'pat';
 export const CloudIntegrationAuthenticationUriPathPrefix = 'did-authenticate-cloud-integration';
 
 export function getSupportedCloudIntegrationIds(): SupportedCloudIntegrationIds[] {
-	let supportedCloudIntegrationIds = configuration.get('cloudIntegrations.enabled', undefined, true)
+	return configuration.get('cloudIntegrations.enabled', undefined, true)
 		? supportedOrderedCloudIntegrationIds
 		: supportedOrderedCloudIssueIntegrationIds;
-	if (isWeb) {
-		// We always have a local GitHub session on vscode.dev and github.dev
-		supportedCloudIntegrationIds = supportedCloudIntegrationIds.filter(id => id !== HostingIntegrationId.GitHub);
-	}
-
-	return supportedCloudIntegrationIds;
 }
 
 export function isSupportedCloudIntegrationId(id: string): id is SupportedCloudIntegrationIds {

src/plus/integrations/providers/github/githubGitProvider.ts

@@ -77,6 +77,7 @@ import { isAbsolute, maybeUri, normalizePath } from '../../../../system/path';
 import { asSettled, getSettledValue } from '../../../../system/promise';
 import type { CachedBlame, TrackedGitDocument } from '../../../../trackers/trackedDocument';
 import { GitDocumentState } from '../../../../trackers/trackedDocument';
+import { getBuiltInIntegrationSession } from '../../../gk/utils/-webview/integrationAuthentication.utils';
 import type { GitHubAuthorityMetadata, Metadata, RemoteHubApi } from '../../../remotehub';
 import { getRemoteHubApi, HeadType, RepositoryRefType } from '../../../remotehub';
 import type {
@@ -1464,24 +1465,36 @@ export class GitHubGitProvider implements GitProvider, Disposable {
 			async function getSession(this: GitHubGitProvider): Promise<AuthenticationSession> {
 				let skip = this.container.storage.get(`provider:authentication:skip:${this.descriptor.id}`, false);
 				const authenticationProvider = await this.authenticationService.get(this.authenticationProviderId);
+				let options:
+					| { forceNewSession: true; createIfNeeded?: never; silent?: never }
+					| { forceNewSession?: never; createIfNeeded: true; silent?: never }
+					| { forceNewSession?: never; createIfNeeded?: never; silent: true } = isWeb
+					? { createIfNeeded: true }
+					: { silent: true };
 
 				try {
-					let session;
 					if (force) {
 						skip = false;
 						void this.container.storage.delete(`provider:authentication:skip:${this.descriptor.id}`);
-
-						session = await authenticationProvider.getSession(this.authenticationDescriptor, {
-							forceNewSession: true,
-						});
+						options = { forceNewSession: true };
 					} else if (!skip && !silent) {
-						session = await authenticationProvider.getSession(this.authenticationDescriptor, {
-							createIfNeeded: true,
-						});
+						options = { createIfNeeded: true };
 					} else {
-						session = await authenticationProvider.getSession(this.authenticationDescriptor);
+						options = isWeb ? { createIfNeeded: true } : { silent: true };
 					}
 
+					const session = isWeb
+						? await getBuiltInIntegrationSession(
+								this.container,
+								HostingIntegrationId.GitHub,
+								this.authenticationDescriptor,
+								options,
+						  )
+						: await authenticationProvider.getSession(
+								this.authenticationDescriptor,
+								options.silent ? undefined : options,
+						  );
+
 					if (session != null) return session;
 
 					throw new Error('User did not consent');