fix(ssoAccessTokenProvider): use globalState abstraction

justinmk3 · justinmk3 · commit d8cce7c5a079 · 2024-07-11T17:06:10.000-07:00
diff --git a/packages/core/src/auth/sso/ssoAccessTokenProvider.ts b/packages/core/src/auth/sso/ssoAccessTokenProvider.ts
@@ -107,7 +107,7 @@ export abstract class SsoAccessTokenProvider {
         const access = await this.runFlow()
         const identity = this.tokenCacheKey
         await this.cache.token.save(identity, access)
-        await setSessionCreationDate(this.tokenCacheKey, new Date())
+        await globals.globalState.setSsoSessionCreationDate(this.tokenCacheKey, new globals.clock.Date())
 
         return { ...access.token, identity }
     }
@@ -309,25 +309,13 @@ async function pollForTokenWithProgress<T extends { requestId?: string }>(
     )
 }
 
-const sessionCreationDateKey = '#sessionCreationDates'
-async function setSessionCreationDate(id: string, date: Date, memento = globals.context.globalState) {
-    try {
-        await memento.update(sessionCreationDateKey, {
-            ...memento.get(sessionCreationDateKey),
-            [id]: date.getTime(),
-        })
-    } catch (err) {
-        getLogger().verbose('auth: failed to set session creation date: %s', err)
-    }
-}
-
-function getSessionCreationDate(id: string, memento = globals.context.globalState): number | undefined {
-    return memento.get(sessionCreationDateKey, {} as Record<string, number>)[id]
-}
-
-function getSessionDuration(id: string, memento = globals.context.globalState) {
-    const creationDate = getSessionCreationDate(id, memento)
-
+/**
+ * Gets SSO session creation timestamp for the given session `id`.
+ *
+ * @param id Session id
+ */
+function getSessionDuration(id: string) {
+    const creationDate = globals.globalState.getSsoSessionCreationDate(id)
     return creationDate !== undefined ? Date.now() - creationDate : undefined
 }
 
diff --git a/packages/core/src/shared/extensionGlobals.ts b/packages/core/src/shared/extensionGlobals.ts
@@ -170,7 +170,7 @@ export { globals as default }
  */
 interface ToolkitGlobals {
     readonly context: ExtensionContext
-    /** Global, shared, mutable, persisted state (survives IDE restart), namespaced to the extension (i.e. not shared with other vscode extensions). */
+    /** Global, shared (with all vscode instances, including remote!), mutable, persisted state (survives IDE restart), namespaced to the extension (not shared with other vscode extensions). */
     readonly globalState: GlobalState
     /** Decides the prefix for package.json extension parameters, e.g. commands, 'setContext' values, etc. */
     contextPrefix: string
diff --git a/packages/core/src/shared/globalState.ts b/packages/core/src/shared/globalState.ts
@@ -20,6 +20,8 @@ type globalKey =
     | 'CODEWHISPERER_USER_GROUP'
     | 'gumby.wasQCodeTransformationUsed'
     | 'hasAlreadyOpenedAmazonQ'
+    // Legacy name from `ssoAccessTokenProvider.ts`.
+    | '#sessionCreationDates'
 
 /**
  * Extension-local (not visible to other vscode extensions) shared state which persists after IDE
@@ -136,20 +138,66 @@ export class GlobalState implements vscode.Memento {
      * explorer node is not refreshed yet.
      */
     getRedshiftConnection(warehouseArn: string): redshift.ConnectionParams | undefined | 'DELETE_CONNECTION' {
-        const allCxns = this.tryGet(
+        const all = this.tryGet<Record<string, redshift.ConnectionParams | 'DELETE_CONNECTION'>>(
             'aws.redshift.connections',
             v => {
                 if (v !== undefined && typeof v !== 'object') {
                     throw new Error()
                 }
-                const cxn = (v as any)?.[warehouseArn]
-                if (cxn !== undefined && typeof cxn !== 'object' && cxn !== 'DELETE_CONNECTION') {
+                const item = (v as any)?.[warehouseArn]
+                // Requested item must be object or 'DELETE_CONNECTION'.
+                if (item !== undefined && typeof item !== 'object' && item !== 'DELETE_CONNECTION') {
                     throw new Error()
                 }
                 return v
             },
             undefined
         )
-        return (allCxns as any)?.[warehouseArn]
+        return all?.[warehouseArn]
+    }
+
+    /**
+     * Sets SSO session creation timestamp for the given session `id`.
+     *
+     * TODO: this never garbage-collects old connections, so the state will grow forever...
+     *
+     * @param id Session id
+     * @param date Session timestamp
+     */
+    async setSsoSessionCreationDate(id: string, date: Date) {
+        try {
+            const all = this.tryGet('#sessionCreationDates', Object, {})
+            // TODO: race condition...
+            await this.update('#sessionCreationDates', {
+                ...all,
+                [id]: date.getTime(),
+            })
+        } catch (err) {
+            getLogger().error('auth: failed to set session creation date: %O', err)
+        }
+    }
+
+    /**
+     * Gets SSO session creation timestamp for the given session `id`.
+     *
+     * @param id Session id
+     */
+    getSsoSessionCreationDate(id: string): number | undefined {
+        const all = this.tryGet<Record<string, number>>(
+            '#sessionCreationDates',
+            v => {
+                if (v !== undefined && typeof v !== 'object') {
+                    throw new Error()
+                }
+                const item = (v as any)?.[id]
+                // Requested item must be a number.
+                if (item !== undefined && typeof item !== 'number') {
+                    throw new Error()
+                }
+                return v
+            },
+            undefined
+        )
+        return all?.[id]
     }
 }
diff --git a/packages/core/src/test/shared/globalState.test.ts b/packages/core/src/test/shared/globalState.test.ts
@@ -98,6 +98,9 @@ describe('GlobalState', function () {
     })
 
     describe('redshift state', function () {
+        const testArn1 = 'arn:foo/bar/baz/1'
+        const testArn2 = 'arn:foo/bar/baz/2'
+
         const fakeCxn1: redshift.ConnectionParams = {
             connectionType: redshift.ConnectionType.SecretsManager,
             database: 'fake-db',
@@ -119,8 +122,6 @@ describe('GlobalState', function () {
         }
 
         it('get/set connection state and special DELETE_CONNECTION value', async () => {
-            const testArn1 = 'arn:foo/bar/baz/1'
-            const testArn2 = 'arn:foo/bar/baz/2'
             await globalState.saveRedshiftConnection(testArn1, 'DELETE_CONNECTION')
             await globalState.saveRedshiftConnection(testArn2, undefined)
             assert.deepStrictEqual(globalState.getRedshiftConnection(testArn1), 'DELETE_CONNECTION')
@@ -131,9 +132,7 @@ describe('GlobalState', function () {
             assert.deepStrictEqual(globalState.getRedshiftConnection(testArn2), fakeCxn2)
         })
 
-        it('validates state', async () => {
-            const testArn1 = 'arn:foo/bar/baz/1'
-            const testArn2 = 'arn:foo/bar/baz/2'
+        it('validation', async () => {
             await globalState.saveRedshiftConnection(testArn1, 'foo' as any)
             await globalState.saveRedshiftConnection(testArn2, 99 as any)
 
@@ -146,14 +145,48 @@ describe('GlobalState', function () {
             // Bad state is logged and returns undefined.
             assert.deepStrictEqual(globalState.getRedshiftConnection(testArn1), undefined)
             assert.deepStrictEqual(globalState.getRedshiftConnection(testArn2), undefined)
+
             await globalState.saveRedshiftConnection(testArn2, fakeCxn2)
             assert.deepStrictEqual(globalState.getRedshiftConnection(testArn2), fakeCxn2)
-
             // Stored state is now "partially bad".
             assert.deepStrictEqual(globalState.get('aws.redshift.connections'), {
                 [testArn1]: 'foo',
                 [testArn2]: fakeCxn2,
             })
         })
     })
+
+    describe('SSO sessions', function () {
+        const session1 = 'session-1'
+        const session2 = 'session-2'
+        const time1 = new Date(Date.now() - 42 * 1000) // in the past.
+        const time2 = new Date()
+
+        it('get/set', async () => {
+            await globalState.setSsoSessionCreationDate(session1, time1)
+            await globalState.setSsoSessionCreationDate(session2, time2)
+            assert.deepStrictEqual(globalState.getSsoSessionCreationDate(session1), time1.getTime())
+            assert.deepStrictEqual(globalState.getSsoSessionCreationDate(session2), time2.getTime())
+        })
+
+        it('validation', async () => {
+            // Set bad state.
+            await globalState.update('#sessionCreationDates', {
+                [session1]: 'foo',
+                [session2]: {},
+            })
+
+            // Bad state is logged and returns undefined.
+            assert.deepStrictEqual(globalState.getSsoSessionCreationDate(session1), undefined)
+            assert.deepStrictEqual(globalState.getSsoSessionCreationDate(session2), undefined)
+
+            await globalState.setSsoSessionCreationDate(session2, time2)
+            assert.deepStrictEqual(globalState.getSsoSessionCreationDate(session2), time2.getTime())
+            // Stored state is now "partially bad".
+            assert.deepStrictEqual(globalState.get('#sessionCreationDates'), {
+                [session1]: 'foo',
+                [session2]: time2.getTime(),
+            })
+        })
+    })
 })
