Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(auth): malformed SSO cache didn't prompt reauth #6164

Merged
merged 4 commits into from
Dec 11, 2024
Merged

fix(auth): malformed SSO cache didn't prompt reauth #6164

merged 4 commits into from
Dec 11, 2024

Conversation

nkomonen-amazon
Copy link
Contributor

@nkomonen-amazon nkomonen-amazon commented Dec 5, 2024
edited
Loading

Problem:

When we loaded sso cache from disk, we would only invalidate (leading to a reauth prompt) if the cache file was missing.

But if the cache file was present, though its content was malformed, we would incorrectly treat it as recoverable by throwing instead of returning undefined. Users would get stuck in a state where all future api calls would fail, and they'd never get a prompt to reauth to fix their SSO session.

Solution:

If we detect a SyntaxError treat it as non-recoverable, meaning it will trigger a reauth.

Also added some code to validate the content of the SSO cache we loaded from disk to ensure it is what we expected.

Fixes #6140

  • Treat all work as PUBLIC. Private feature/x branches will not be squash-merged at release time.
  • Your code changes must meet the guidelines in CONTRIBUTING.md.

License: I confirm that my contribution is made under the terms of the Apache 2.0 license.

@nkomonen-amazon nkomonen-amazon requested a review from a team as a code owner December 5, 2024 22:42
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 5, 2024

  • This pull request modifies code in src/* but no tests were added/updated.
    • Confirm whether tests should be added or ensure the PR description explains why tests are not required.
  • This pull request implements a feat or fix, so it must include a changelog entry (unless the fix is for an unreleased feature). Review the changelog guidelines.
    • Note: beta or "experiment" features that have active users should announce fixes in the changelog.
    • If this is not a feature or fix, use an appropriate type from the title guidelines. For example, telemetry-only changes should use the telemetry type.

@justinmk3 justinmk3 changed the base branch from feature/postreinvent to master December 7, 2024 00:05
@justinmk3 justinmk3 requested review from a team as code owners December 7, 2024 00:05
@nkomonen-amazon
fix(auth): malformed SSO cache didn't prompt reauth
2a4f7ba 
Problem:

When we loaded sso cache from disk, we would only invalidate (leading to a reauth prompt)
if the cache file was missing.

But if the cache file was present, though its content was malformed, we would incorrectly
treat it as recoverable by throwing instead of returning undefined.

Solution:

If we detect a SyntaxError treat it as non-recoverable, meaning it will trigger a reauth.
Also added some code to validate the content of the SSO cache we loaded from disk to ensure
it is what we expected.

Signed-off-by: nkomonen-amazon <[email protected]>
@nkomonen-amazon
add changelog items
539b72f 
Signed-off-by: nkomonen-amazon <[email protected]>
@nkomonen-amazon
fix failing tests
b1ada55 
just added in a missing value in the test data that was causing
validation to fail

Signed-off-by: nkomonen-amazon <[email protected]>
@nkomonen-amazon
fix circular dependency
113ea8f 
This is due to the implicit import of the `index.ts` file in a subfolder, if
the specific module is not defined.

This updates some paths to point to a specific module so that the index.ts is not used.
This stops circular dependency issues

Signed-off-by: nkomonen-amazon <[email protected]>
@nkomonen-amazon nkomonen-amazon merged commit 2af8b45 into aws:master Dec 11, 2024
25 of 27 checks passed
@nkomonen-amazon nkomonen-amazon deleted the feature/postreinvent branch December 11, 2024 18:57
karanA-aws pushed a commit to karanA-aws/aws-toolkit-vscode that referenced this pull request Jan 17, 2025
@nkomonen-amazon @karanA-aws
fix(auth): malformed SSO cache didn't prompt reauth (aws#6164)
138f47d 
## Problem:

When we loaded sso cache from disk, we would only invalidate (leading to
a reauth prompt) if the cache file was missing.

But if the cache file was present, though its content was malformed, we
would incorrectly treat it as recoverable by throwing instead of
returning undefined. Users would get stuck in a state where all future
api calls would fail, and they'd never get a prompt to reauth to fix
their SSO session.

## Solution:

If we detect a SyntaxError treat it as non-recoverable, meaning it will
trigger a reauth.

Also added some code to validate the content of the SSO cache we loaded
from disk to ensure it is what we expected.

Fixes aws#6140

---

- Treat all work as PUBLIC. Private `feature/x` branches will not be
squash-merged at release time.
- Your code changes must meet the guidelines in
[CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines).

License: I confirm that my contribution is made under the terms of the
Apache 2.0 license.

---------

Signed-off-by: nkomonen-amazon <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justinmk3 justinmk3 justinmk3 approved these changes

@jpinkney-aws jpinkney-aws jpinkney-aws approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

error while loading view: aws.AmazonQChatView (DiskCacheError)
3 participants
@nkomonen-amazon @justinmk3 @jpinkney-aws