Merge pull request #111 from gjsjohnmurray/authentication-provider

Seed new `prerelease` branch with v3 authentication provider development

Author: gjsjohnmurray

.github/workflows/main.yml

@@ -14,6 +14,8 @@ on:
     branches:
       - master
   release:
+    branches:
+      - master
     types:
       - released
 jobs:

.github/workflows/prerelease.yml

@@ -0,0 +1,174 @@
+name: CI-prerelease
+
+on:
+  push:
+    branches:
+      - prerelease
+    paths-ignore:
+      - "docs/**"
+      - ".vscode/**"
+      - ".github/**"
+      - "*.md"
+      - "**/*.md"
+  pull_request:
+    branches:
+      - prerelease
+  release:
+    branches:
+      - prerelease
+    types:
+      - released
+jobs:
+  build:
+    timeout-minutes: 10
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macOS-latest]
+    steps:
+      - uses: actions/checkout@v2
+      - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
+      - name: Set an output
+        id: set-version
+        if: runner.os == 'Windows'
+        shell: bash
+        run: |
+          set -x
+          VERSION=$(jq -r '.version' package.json | cut -d- -f1)
+          [ $GITHUB_EVENT_NAME == 'release' ] && VERSION=${{ github.event.release.tag_name }} && VERSION=${VERSION/v/}
+          CHANGELOG=$(cat CHANGELOG.md | sed -n "/## \[${VERSION}\]/,/## /p" | sed '/^$/d;1d;$d')
+          CHANGELOG="${CHANGELOG//$'\n'/'%0A'}"
+          echo ::set-output name=changelog::$CHANGELOG
+          git tag -l | cat
+          [ $GITHUB_EVENT_NAME == 'push' ] && VERSION+=-beta && VERSION+=.$(($(git tag -l "v$VERSION.*" | sort -nt. -k4 2>/dev/null | tail -1 | cut -d. -f4)+1))
+          [ $GITHUB_EVENT_NAME == 'pull_request' ] && VERSION+=-dev.${{ github.event.pull_request.number }}
+          echo ::set-output name=version::$VERSION
+          NAME=$(jq -r '.name' package.json)-$VERSION
+          echo ::set-output name=name::$NAME
+          tmp=$(mktemp)
+          jq --arg version "$VERSION" '.version = $version' package.json > "$tmp" && mv "$tmp" package.json
+          mkdir dist
+          echo $VERSION > .version
+          echo $NAME > .name
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: 14.x
+      - run: npm install
+      - run: npm run compile
+      - name: npm test
+        uses: GabrielBB/[email protected]
+        with:
+          run: npm run test
+      - name: Build pre-release package
+        if: runner.os == 'Windows'
+        run: |
+          npx vsce package --pre-release -o ${{ steps.set-version.outputs.name }}.vsix
+      - uses: actions/upload-artifact@v2
+        if: runner.os == 'Windows'
+        with:
+          name: ${{ steps.set-version.outputs.name }}.vsix
+          path: ${{ steps.set-version.outputs.name }}.vsix
+      - uses: actions/upload-artifact@v2
+        if: runner.os == 'Windows'
+        with:
+          name: meta
+          path: |
+            .name
+            .version
+  beta:
+    if: (github.event_name == 'push')
+    runs-on: windows-latest
+    needs: build
+    steps:
+      - uses: actions/download-artifact@v2
+        with:
+          name: meta
+          path: .
+      - name: Set an output
+        id: set-version
+        if: runner.os == 'Windows'
+        run: |
+          set -x
+          echo ::set-output name=version::`cat .version`
+          echo ::set-output name=name::`cat .name`
+      - uses: actions/download-artifact@v2
+        with:
+          name: ${{ steps.set-version.outputs.name }}.vsix
+      - name: Create Pre-Release
+        id: create_release
+        uses: actions/create-release@v1
+        if: runner.os == 'Windows'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: v${{ steps.set-version.outputs.version }}
+          release_name: v${{ steps.set-version.outputs.version }}
+          prerelease: ${{ github.event_name != 'release' }}
+          body: |
+            Changes in this pre-release
+            ${{ steps.set-version.outputs.changelog }}
+      - name: Upload Pre-Release Asset
+        id: upload-release-asset
+        uses: actions/upload-release-asset@v1
+        if: runner.os == 'Windows'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ${{ steps.set-version.outputs.name }}.vsix
+          asset_name: ${{ steps.set-version.outputs.name }}.vsix
+          asset_content_type: application/zip
+  publish:
+    if: github.event_name == 'release'
+    runs-on: windows-latest
+    needs: build
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: prerelease
+          token: ${{ secrets.TOKEN }}
+      - uses: actions/download-artifact@v2
+        with:
+          name: meta
+          path: .
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: 14.x
+      - name: Prepare pre-release build
+        id: set-version
+        shell: bash
+        run: |
+          VERSION=`cat .version`
+          NEXT_VERSION=`cat .version | awk -F. '/[0-9]+\./{$NF++;print}' OFS=.`
+          echo ::set-output name=name::`cat .name`
+          tmp=$(mktemp)
+          git config --global user.name 'ProjectBot'
+          git config --global user.email '[email protected]'
+          jq --arg version "${NEXT_VERSION}-SNAPSHOT" '.version = $version' package.json > "$tmp" && mv "$tmp" package.json
+          git add package.json
+          git commit -m 'auto bump version after pre-release'
+          jq --arg version "$VERSION" '.version = $version' package.json > "$tmp" && mv "$tmp" package.json
+          npm install
+          jq 'del(.enableProposedApi,.enabledApiProposals)' package.json > "$tmp" && mv "$tmp" package.json
+          git push
+      - name: Build pre-release package
+        run: |
+          npx vsce package --pre-release -o ${{ steps.set-version.outputs.name }}.vsix
+      - name: Upload Release Asset
+        id: upload-release-asset
+        uses: actions/upload-release-asset@v1
+        if: runner.os == 'Windows'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: ${{ steps.set-version.outputs.name }}.vsix
+          asset_name: ${{ steps.set-version.outputs.name }}.vsix
+          asset_content_type: application/zip
+      - name: Publish to VSCode Marketplace
+        shell: bash
+        run: |
+          [ -n "${{ secrets.VSCE_TOKEN }}" ] && \
+            npx vsce publish --pre-release --packagePath ${{ steps.set-version.outputs.name }}.vsix -p ${{ secrets.VSCE_TOKEN }} || true

CHANGELOG.md

@@ -1,3 +1,13 @@
+## 3.1.2022012601 (26-Jan-2022 pre-release)
+* Update README.
+* Automate pre-release publication to Marketplace.
+
+## 3.1.2021122102 (21-Dec-2021 pre-release)
+* Make username case-insensitive in authentication provider.
+
+## 3.0.0 (27-Nov-2021 pre-release)
+* Implement `intersystems-server-credentials` authentication provider.
+
 ## 2.0.6 (28-Sep-2021)
 * Apply `pathPrefix` correctly (#95, #99).
 * Update vulnerable dependencies.

README.md

@@ -5,12 +5,78 @@ InterSystems Server Manager is a Visual Studio Code extension for defining conne
 
 See the [CHANGELOG](https://marketplace.visualstudio.com/items/intersystems-community.servermanager/changelog) for changes in each release.
 
-# New in 2.0 - April 2021
+# New in Version 3 - November 2021
 
-> We are pleased to publish version 2.0 of this extension, adding a tree-style user interface. This significant new release won the [April 2021 InterSystems Programming Contest for Developer Tools](https://openexchange.intersystems.com/contest/13).
+We are pleased to publish version 3 of this extension which improves the security of stored passwords by integrating with VS Code's [Authentication Provider API](https://code.visualstudio.com/api/references/vscode-api#AuthenticationProvider). This significant new release took part in the [November 2021 InterSystems Security Contest](https://openexchange.intersystems.com/contest/19).
+
+> 2022-01-26: This is currently a **pre-release**.
 
 > Thanks to [George James Software](https://georgejames.com) for backing this development effort.
 
+## The Authentication Provider
+
+Since version 2 Server Manager has enabled you to store connection passwords in the native keystore of your workstation's operating system. This was a more secure alternative to you putting them as plaintext in your JSON files. However, the `getServerSpec` function in Server Manager 2's API allowed **any** installed extension to obtain these stored passwords without requiring your permission.
+
+VS Code's Authentication Provider API, introduced in version 1.54 ([February 2021](https://code.visualstudio.com/updates/v1_54#_authentication-provider-api)) became mature enough in version 1.63 for us to use.
+
+Server Manager 3 does the following:
+
+1. Implements an authentication provider called 'intersystems-server-credentials'.
+2. Uses this authentication provider when accessing servers from its own [Server Tree](#the-server-tree).
+3. No longer returns passwords to callers of `getServerSpec`.
+
+> Items #2 and #3 have implications regarding backward compatibility. An interim [legacy mode](#legacy-mode) is available to help with the transition.
+
+### Signing In
+
+The first time you expand a server in the tree VS Code displays a modal dialog asking for your permission:
+
+![Allow an extension](images/README/authenticationProvider-allow.png)
+
+If you allow this and your server definition in `intersystems.servers` does not specify a `username` the next step is:
+
+![Enter username](images/README/authenticationProvider-username.png)
+
+If you proceed, or if this step was skipped because your server definition includes a username, the next step is:
+
+![Enter password](images/README/authenticationProvider-password.png)
+
+If you click the 'key' button after typing your password it will be saved securely in your workstation keychain, from where the 'InterSystems Server Credentials' authentication provider will be able to retrieve it after you restart VS Code.
+
+If instead you press 'Enter' the password will be available only until you restart VS Code.
+
+Either way, you are now signed in on the specified account.
+
+### Trusting Other Extensions
+
+When another extension first asks to use an InterSystems Server Credentials account you must either allow this or deny it. For example, with a pre-release build of the InterSystems ObjectScript extension which uses the new authentication provider you get this after you click the edit pencil button alongside a namespace in the [Server Manager tree](#the-server-tree):
+
+![Allow another extension](images/README/authenticationProvider-allow.png)
+
+### Managing Signed In Accounts
+
+You can use the menu of VS Code's Accounts icon in the activity bar to manage your signed in accounts:
+
+![Manage account](images/README/authenticationProvider-signedIn.png)
+
+The 'Manage Trusted Extensions' option lets you remove an extension from the list of those you previously granted access to this InterSystems Server Credentials account:
+
+![Manage trusted extension list](images/README/authenticationProvider-manageTrusted.png)
+
+The 'Sign Out' option lets you sign out this account after confirmation:
+
+![Sign out](images/README/authenticationProvider-signOut.png)
+
+When signing out an account for which you previously saved the password will get an option to delete the password, unless you have altered the `intersystemsServerManager.credentialsProvider.deletePasswordOnSignout` setting:
+
+![Delete password](images/README/authenticationProvider-deletePassword.png)
+
+---
+
+# New in Version 2 - April 2021
+
+The following features were originally introduced in Server Manager version 2.
+
 ## The Server Tree
 
 Server Manager displays connection definitions as a tree on an InterSystems Tools view:
@@ -131,6 +197,14 @@ Use the server's context menu. Alternatively, run `InterSystems Server Manager:
 
 ## Technical Notes
 
+### Legacy Mode
+
+Server Manager 3 makes changes which may degrade the user experience relative to version 2. To revert, make this user-level setting:
+```json
+"intersystemsServerManager.authentication.provider": "none"
+```
+Please only use this as a short term measure until extensions that use the Server Manager `getServerSpec` API get updated to use the 'intersystems-server-credentials' authentication provider. The setting may be removed in a future release.
+
 ### Colors, Favorites and Recents
 
 These features use VS Code's extension-private global state storage. Data is not present in your `settings.json` file.