feat: detect revoked token and offer re-authentication
Description
The main goal of this MR is to detect when the token has been revoked or expired and offer the user to re-authenticate.
Originally, I planned to react to every 401 and 400 errors caused by an invalid token, but that would require a larger re-design of the extension. I settled for detecting an expired token on extension startup, which should catch most cases.
This MR introduces Validate GitLab Accounts
command that will check if any of the accounts has expired token. This command is also automatically run during extension startup.
Related Issues
Resolves #1157 (closed)
How has this been tested?
The errors are described in #1157 (comment 1720320171), but this MR only handles the errors on startup.
Setup (before each scenario)
- Remove your extension accounts
- Authenticate with OAuth (command
GitLab: Authetnicate to GitLab.com
) - Go to https://gitlab.com/-/user_settings/applications and revoke the
GitLab Workflow VS Code Extension
app
Scenario 1: Revoked token - re-authenticate
- Start the extension in development mode
- See this error message
- Click on Re-Authenticate
- Follow the OAuth flow and see that you are successfully authenticated
Scenario 2: Revoked token - Ignore
- Start the extension in development mode
- See this error message
- Click ignore
- Run the
Validate GitLab Accounts
command and see that the error gets ignored
Scenario 3: Revoked refresh token - re-authenticate
- Wait for 2h so that the OAuth token expires and the extension tries to use refresh token
- Start the extension in development mode
- See this error message
- Click on Re-Authenticate
- Follow the OAuth flow and see that you are successfully authenticated
Scenario 4: Revoked PAT (without the setup)
- Remove accounts in the extension
- Add a PAT account
GitLab: Add Account to VS Code
- Revoke the token and close the VS Code window
- Start the extension in development mode
- See this error message
- Click on Delete Account (PAT can't be re-authenticated)
- See there is no GitLab account (Run
Validate GitLab Accounts
command and see that there are none)
Types of changes
-
Bug fix (non-breaking change which fixes an issue) -
New feature (non-breaking change which adds functionality) -
Breaking change (fix or feature that would cause existing functionality to change) -
Documentation -
Chore (Related to CI or Packaging to platforms) -
Test gap
Edited by Tomas Vik (OOO back on 2024-10-31)