Merge pull request #146 from gjsjohnmurray/pre-do-129

Migrate Server Manager 2 stored passwords

Author: gjsjohnmurray

package.json

@@ -71,6 +71,7 @@
     "onCommand:intersystems-community.servermanager.addServer",
     "onCommand:intersystems-community.servermanager.storePassword",
     "onCommand:intersystems-community.servermanager.clearPassword",
+    "onCommand:intersystems-community.servermanager.migratePasswords",
     "onCommand:intersystems-community.servermanager.importServers",
     "onCommand:intersystems-community.servermanager-credentials.testLogin",
     "onCommand:intersystems-community.servermanager-credentials.testScopedLogin",
@@ -323,6 +324,11 @@
         "category": "InterSystems Server Manager",
         "title": "Clear Password from Keychain"
       },
+      {
+        "command": "intersystems-community.servermanager.migratePasswords",
+        "category": "InterSystems Server Manager",
+        "title": "Migrate Legacy Passwords"
+      },
       {
         "command": "intersystems-community.servermanager.importServers",
         "category": "InterSystems Server Manager",
@@ -479,6 +485,18 @@
           "command": "intersystems-community.servermanager.importServers",
           "when": "isWindows"
         },
+        {
+          "command": "intersystems-community.servermanager.migratePasswords",
+          "when": "config.intersystemsServerManager.authentication.provider == intersystems-server-credentials"
+        },
+        {
+          "command": "intersystems-community.servermanager.storePassword",
+          "when": "false"
+        },
+        {
+          "command": "intersystems-community.servermanager.clearPassword",
+          "when": "false"
+        },
         {
           "command": "intersystems-community.servermanager.addToStarred",
           "when": "false"
@@ -644,12 +662,12 @@
         },
         {
           "command": "intersystems-community.servermanager.storePassword",
-          "when": "view == intersystems-community_servermanager && viewItem =~ /\\.server\\./",
+          "when": "view == intersystems-community_servermanager && viewItem =~ /\\.server\\./ && config.intersystemsServerManager.authentication.provider != intersystems-server-credentials",
           "group": "2_password@10"
         },
         {
           "command": "intersystems-community.servermanager.clearPassword",
-          "when": "view == intersystems-community_servermanager && viewItem =~ /\\.server\\./",
+          "when": "view == intersystems-community_servermanager && viewItem =~ /\\.server\\./ && config.intersystemsServerManager.authentication.provider != intersystems-server-credentials",
           "group": "2_password@20"
         }
       ]

src/commands/managePasswords.ts

@@ -1,6 +1,7 @@
 import * as vscode from "vscode";
 import { getServerNames } from "../api/getServerNames";
 import { credentialCache } from "../api/getServerSpec";
+import { ServerManagerAuthenticationProvider } from "../authenticationProvider";
 import { extensionId } from "../extension";
 import { Keychain } from "../keychain";
 import { ServerTreeItem } from "../ui/serverManagerView";
@@ -60,6 +61,78 @@ export async function clearPassword(treeItem?: ServerTreeItem): Promise<string>
     return reply;
 }
 
+interface IMigratePasswordItem extends vscode.QuickPickItem {
+    serverName: string;
+    userName: string;
+    password: string;
+};
+
+export async function migratePasswords(secretStorage: vscode.SecretStorage): Promise<void> {
+    const credentials = await Keychain.findCredentials();
+    if (credentials.length === 0) {
+        vscode.window.showInformationMessage('No legacy stored passwords found.');
+    } else {
+
+        // Collect only those for which server definition exists with a username
+        // and no credentials yet stored in our SecretStorage
+        const migratableCredentials: IMigratePasswordItem[] = [];
+        (await Promise.all(
+            credentials.map(async (item): Promise<IMigratePasswordItem | undefined> => {
+                const serverName = item.account;
+                const username: string | undefined = vscode.workspace.getConfiguration("intersystems.servers." + serverName).get("username");
+                if (!username) {
+                  return undefined;
+                }
+                if (username === "" || username === "UnknownUser") {
+                  return undefined;
+                }
+                const sessionId = ServerManagerAuthenticationProvider.sessionId(serverName, username);
+                const credentialKey = ServerManagerAuthenticationProvider.credentialKey(sessionId);
+                return (await secretStorage.get(credentialKey) ? undefined : {label: `${serverName} (${username})`, picked: true, serverName, userName: username, password: item.password});
+            })
+            ))
+            .forEach((item) => {
+                if (item) {
+                  migratableCredentials.push(item);
+                }
+            });
+
+        if (migratableCredentials.length === 0) {
+            const message = 'No remaining legacy stored passwords are eligible for migration.';
+            const detail = 'They are either for servers with a password already stored in the new format, or for servers whose definition does not specify a username.'
+            await vscode.window.showWarningMessage(message,
+                {modal: true, detail}
+            );
+        } else {
+            const choices = await vscode.window.showQuickPick<IMigratePasswordItem>(migratableCredentials,
+                {   canPickMany: true,
+                    title: "Migrate Server Manager legacy stored passwords",
+                    placeHolder: "Select connections whose passwords you want to migrate"
+                }
+            )
+            if (!choices) {
+                return;
+            } else if (choices.length > 0) {
+                await Promise.all(choices.map(async (item) => {
+                    const sessionId = ServerManagerAuthenticationProvider.sessionId(item.serverName, item.userName);
+                    const credentialKey = ServerManagerAuthenticationProvider.credentialKey(sessionId);
+                    return secretStorage.store(credentialKey, item.password);
+                }));
+                vscode.window.showInformationMessage(`Migrated ${choices.length} ${choices.length > 1 ? "passwords" : "password"}.`);
+            }
+        }
+        const detail = "Do this to tidy up your keystore once you have migrated passwords and will not be reverting to an earlier Server Manager.";
+        if ((await vscode.window.showInformationMessage(`Delete all legacy stored passwords?`, {modal: true, detail}, {title: "Yes"}, {title: "No", isCloseAffordance: true}))?.title === "Yes") {
+            await Promise.all(credentials.map(async (item) => {
+                const keychain = new Keychain(item.account);
+                return keychain.deletePassword()
+            }));
+            vscode.window.showInformationMessage(`Deleted ${credentials.length} ${credentials.length > 1 ? "passwords" : "password"}.`);
+        }
+    }
+    return;
+}
+
 async function commonPickServer(options?: vscode.QuickPickOptions): Promise<string | undefined> {
     // Deliberately uses its own API to illustrate how other extensions would
     const serverManagerExtension = vscode.extensions.getExtension(extensionId);

src/extension.ts

@@ -9,7 +9,7 @@ import { getServerSummary } from "./api/getServerSummary";
 import { pickServer } from "./api/pickServer";
 import { AUTHENTICATION_PROVIDER, ServerManagerAuthenticationProvider } from "./authenticationProvider";
 import { importFromRegistry } from "./commands/importFromRegistry";
-import { clearPassword, storePassword } from "./commands/managePasswords";
+import { clearPassword, migratePasswords, storePassword } from "./commands/managePasswords";
 import { cookieJar } from "./makeRESTRequest";
 import { NamespaceTreeItem, ProjectTreeItem, ServerManagerView, ServerTreeItem, SMTreeItem } from "./ui/serverManagerView";
 
@@ -269,6 +269,11 @@ export function activate(context: vscode.ExtensionContext) {
             });
         }),
     );
+    context.subscriptions.push(
+        vscode.commands.registerCommand(`${extensionId}.migratePasswords`, async () => {
+            await migratePasswords(context.secrets);
+        }),
+    );
     context.subscriptions.push(
         vscode.commands.registerCommand(`${extensionId}.setIconRed`, (server?: ServerTreeItem) => {
             if (server?.name) {

src/keychain.ts

@@ -18,11 +18,16 @@ export interface IKeytar {
     getPassword: typeof keytarType["getPassword"];
     setPassword: typeof keytarType["setPassword"];
     deletePassword: typeof keytarType["deletePassword"];
+    findCredentials: typeof keytarType["findCredentials"];
+}
+
+function serviceId(): string {
+  return `${vscode.env.uriScheme}-${extensionId}:password`;
 }
 
 export class Keychain {
+
     private keytar: IKeytar;
-    private serviceId: string;
     private accountId: string;
 
     constructor(connectionName: string) {
@@ -32,13 +37,12 @@ export class Keychain {
         }
 
         this.keytar = keytar;
-        this.serviceId = `${vscode.env.uriScheme}-${extensionId}:password`;
         this.accountId = connectionName;
     }
 
     public async setPassword(password: string): Promise<void> {
         try {
-            return await this.keytar.setPassword(this.serviceId, this.accountId, password);
+            return await this.keytar.setPassword(serviceId(), this.accountId, password);
         } catch (e) {
             // Ignore
             await vscode.window.showErrorMessage(
@@ -50,7 +54,7 @@ export class Keychain {
 
     public async getPassword(): Promise<string | null | undefined> {
         try {
-            return await this.keytar.getPassword(this.serviceId, this.accountId);
+            return await this.keytar.getPassword(serviceId(), this.accountId);
         } catch (e) {
             // Ignore
             logger.error(`Getting password failed: ${e}`);
@@ -60,11 +64,27 @@ export class Keychain {
 
     public async deletePassword(): Promise<boolean | undefined> {
         try {
-            return await this.keytar.deletePassword(this.serviceId, this.accountId);
+            return await this.keytar.deletePassword(serviceId(), this.accountId);
         } catch (e) {
             // Ignore
             logger.error(`Deleting password failed: ${e}`);
             return Promise.resolve(undefined);
         }
     }
+
+    public static async findCredentials(): Promise<{account: string; password: string}[]> {
+      console.log(serviceId());
+      const keytar = getKeytar();
+      try {
+        if (!keytar) {
+            throw new Error("System keychain unavailable");
+        }
+        return await keytar.findCredentials(serviceId());
+      } catch (e) {
+          // Ignore
+          logger.error(`Finding credentials failed: ${e}`);
+          return Promise.resolve([]);
+      }
+
+    }
 }