actions/runner
1
0
Fork 0
mirror of https://github.com/actions/runner.git synced 2025-12-10 12:36:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

temp tracing for client auth

Browse Source
This commit is contained in:
eric sciple
2022-05-10 18:20:49 +00:00
committed by GitHub
parent e75d502ab1
commit 04ece46c6a
7 changed files with 37 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Sdk/Common/Common/Authentication/FederatedCredential.cs
View File

@@ -18,6 +18,7 @@ namespace GitHub.Services.Common
public override bool IsAuthenticationChallenge(IHttpResponse webResponse) public override bool IsAuthenticationChallenge(IHttpResponse webResponse)
{ {
// System.Console.WriteLine($"FederatedCredential.IsAuthenticationChallenge");
if (webResponse == null) if (webResponse == null)
{ {
return false; return false;

3
src/Sdk/Common/Common/Authentication/IssuedTokenCredential.cs
View File

@@ -100,12 +100,14 @@ namespace GitHub.Services.Common
{ {
throw new InvalidOperationException($"The {nameof(TokenStorageUrl)} property must have a value if the {nameof(Storage)} property is set on this instance of {GetType().Name}."); throw new InvalidOperationException($"The {nameof(TokenStorageUrl)} property must have a value if the {nameof(Storage)} property is set on this instance of {GetType().Name}.");
} }
// System.Console.WriteLine($"IssuedTokenCredential.CreateTokenProvider: TokenStorageUrl: {TokenStorageUrl}");
InitialToken = Storage.RetrieveToken(TokenStorageUrl, CredentialType); InitialToken = Storage.RetrieveToken(TokenStorageUrl, CredentialType);
} }
IssuedTokenProvider provider = OnCreateTokenProvider(serverUrl, response); IssuedTokenProvider provider = OnCreateTokenProvider(serverUrl, response);
if (provider != null) if (provider != null)
{ {
// System.Console.WriteLine($"IssuedTokenCredential.CreateTokenProvider: provider: {provider}");
provider.TokenStorageUrl = TokenStorageUrl; provider.TokenStorageUrl = TokenStorageUrl;
} }
@@ -124,6 +126,7 @@ namespace GitHub.Services.Common
internal virtual string GetAuthenticationChallenge(IHttpResponse webResponse) internal virtual string GetAuthenticationChallenge(IHttpResponse webResponse)
{ {
// System.Console.WriteLine($"IssuedTokenCredential.GetAuthenticationChallenge");
IEnumerable<String> values; IEnumerable<String> values;
if (!webResponse.Headers.TryGetValues(Internal.HttpHeaders.WwwAuthenticate, out values)) if (!webResponse.Headers.TryGetValues(Internal.HttpHeaders.WwwAuthenticate, out values))
{ {

10
src/Sdk/Common/Common/Authentication/VssCredentials.cs
View File

@@ -108,6 +108,7 @@ namespace GitHub.Services.Common
TaskScheduler scheduler, TaskScheduler scheduler,
IVssCredentialPrompt credentialPrompt) IVssCredentialPrompt credentialPrompt)
{ {
// System.Console.WriteLine($"VssCredentials.ctor");
this.PromptType = promptType; this.PromptType = promptType;
if (promptType == CredentialPromptType.PromptIfNeeded && scheduler == null) if (promptType == CredentialPromptType.PromptIfNeeded && scheduler == null)
@@ -150,6 +151,7 @@ namespace GitHub.Services.Common
{ {
get get
{ {
// System.Console.WriteLine($"VssCredentials.get_PromptType");
return m_promptType; return m_promptType;
} }
set set
@@ -170,6 +172,7 @@ namespace GitHub.Services.Common
{ {
get get
{ {
// System.Console.WriteLine($"VssCredentials.get_Federated");
return m_federatedCredential; return m_federatedCredential;
} }
} }
@@ -184,6 +187,7 @@ namespace GitHub.Services.Common
{ {
get get
{ {
// System.Console.WriteLine($"VssCredentials.get_Storage");
return m_credentialStorage; return m_credentialStorage;
} }
set set
@@ -203,6 +207,7 @@ namespace GitHub.Services.Common
/// </summary> /// </summary>
internal virtual bool TryGetValidAdalToken(IVssCredentialPrompt prompt) internal virtual bool TryGetValidAdalToken(IVssCredentialPrompt prompt)
{ {
// System.Console.WriteLine($"VssCredentials.TryGetValidAdalToken");
return false; return false;
} }
@@ -264,6 +269,7 @@ namespace GitHub.Services.Common
Uri serverUrl, Uri serverUrl,
out IssuedTokenProvider provider) out IssuedTokenProvider provider)
{ {
// System.Console.WriteLine($"VssCredentials.TryGetTokenProvider");
ArgumentUtility.CheckForNull(serverUrl, "serverUrl"); ArgumentUtility.CheckForNull(serverUrl, "serverUrl");
lock (m_thisLock) lock (m_thisLock)
@@ -297,6 +303,7 @@ namespace GitHub.Services.Common
/// <returns>True if this is an token authentication redirect, false otherwise</returns> /// <returns>True if this is an token authentication redirect, false otherwise</returns>
internal bool IsAuthenticationChallenge(IHttpResponse webResponse) internal bool IsAuthenticationChallenge(IHttpResponse webResponse)
{ {
// System.Console.WriteLine($"VssCredentials.IsAuthenticationChallenge");
if (webResponse == null) if (webResponse == null)
{ {
return false; return false;
@@ -316,6 +323,7 @@ namespace GitHub.Services.Common
Uri serviceLocation, Uri serviceLocation,
string identityProvider) string identityProvider)
{ {
// System.Console.WriteLine($"VssCredentials.SignOut");
// Remove the token in the storage and the current token provider. Note that we don't // Remove the token in the storage and the current token provider. Note that we don't
// call InvalidateToken here because we want to remove the whole token not just its value // call InvalidateToken here because we want to remove the whole token not just its value
if ((m_currentProvider != null) && (m_currentProvider.CurrentToken != null)) if ((m_currentProvider != null) && (m_currentProvider.CurrentToken != null))
@@ -352,6 +360,7 @@ namespace GitHub.Services.Common
string token, string token,
IDictionary<string, string> attributes) IDictionary<string, string> attributes)
{ {
// System.Console.WriteLine($"VssCredentials.WriteAuthorizationToken");
int i = 0; int i = 0;
for (int j = 0; j < token.Length; i++, j += 128) for (int j = 0; j < token.Length; i++, j += 128)
{ {
@@ -363,6 +372,7 @@ namespace GitHub.Services.Common
protected static string ReadAuthorizationToken(IDictionary<string, string> attributes) protected static string ReadAuthorizationToken(IDictionary<string, string> attributes)
{ {
// System.Console.WriteLine($"VssCredentials.ReadAuthorizationToken");
string authTokenCountValue; string authTokenCountValue;
if (attributes.TryGetValue("AuthTokenSegmentCount", out authTokenCountValue)) if (attributes.TryGetValue("AuthTokenSegmentCount", out authTokenCountValue))
{ {

2
src/Sdk/Common/Common/VssHttpMessageHandler.cs
View File

@@ -230,6 +230,7 @@ namespace GitHub.Services.Common
traceInfo?.TraceResponseContentTime(); traceInfo?.TraceResponseContentTime();
// System.Console.WriteLine($"VssHttpMessageHandler.SendAsync: Creating response wrapper");
responseWrapper = new HttpResponseMessageWrapper(response); responseWrapper = new HttpResponseMessageWrapper(response);
if (!this.Credentials.IsAuthenticationChallenge(responseWrapper)) if (!this.Credentials.IsAuthenticationChallenge(responseWrapper))
@@ -295,6 +296,7 @@ namespace GitHub.Services.Common
} }
// Now invoke the provider and await the result // Now invoke the provider and await the result
// System.Console.WriteLine($"VssHttpMessageHandler.SendAsync: Calling GetTokenAsync");
token = await provider.GetTokenAsync(token, tokenSource.Token).ConfigureAwait(false); token = await provider.GetTokenAsync(token, tokenSource.Token).ConfigureAwait(false);
// I always see 0 here, but the method above could take more time so keep for now // I always see 0 here, but the method above could take more time so keep for now

3
src/Sdk/WebApi/WebApi/OAuth/VssOAuthAccessTokenCredential.cs
View File

@@ -60,7 +60,7 @@ namespace GitHub.Services.OAuth
Uri serverUrl, Uri serverUrl,
IHttpResponse response) IHttpResponse response)
{ {
// System.Console.WriteLine("VssOAuthAccessTokenCredential.OnCreateTokenProvider"); // System.Console.WriteLine($"VssOAuthAccessTokenCredential.OnCreateTokenProvider");
return new VssOAuthAccessTokenProvider(this, serverUrl, null); return new VssOAuthAccessTokenProvider(this, serverUrl, null);
} }
@@ -72,6 +72,7 @@ namespace GitHub.Services.OAuth
Uri signInUrl) Uri signInUrl)
: base(credential, serverUrl, signInUrl) : base(credential, serverUrl, signInUrl)
{ {
// System.Console.WriteLine($"VssOAuthAccessTokenProvider.ctor");
} }
public override Boolean GetTokenIsInteractive public override Boolean GetTokenIsInteractive

10
src/Sdk/WebApi/WebApi/OAuth/VssOAuthCredential.cs
View File

@@ -103,17 +103,23 @@ namespace GitHub.Services.OAuth
/// <returns>True if the web response indicates an authorization challenge; otherwise, false</returns> /// <returns>True if the web response indicates an authorization challenge; otherwise, false</returns>
public override Boolean IsAuthenticationChallenge(IHttpResponse webResponse) public override Boolean IsAuthenticationChallenge(IHttpResponse webResponse)
{ {
// System.Console.WriteLine($"VssOAuthCredential.IsAuthenticationChallenge");
if (webResponse == null) if (webResponse == null)
{ {
// System.Console.WriteLine($"VssOAuthCredential.IsAuthenticationChallenge: webResponse is null");
return false; return false;
} }
if (webResponse.StatusCode == HttpStatusCode.Found || if (webResponse.StatusCode == HttpStatusCode.Found ||
webResponse.StatusCode == HttpStatusCode.Unauthorized) webResponse.StatusCode == HttpStatusCode.Unauthorized)
{ {
return webResponse.Headers.GetValues(Common.Internal.HttpHeaders.WwwAuthenticate).Any(x => x.IndexOf("Bearer", StringComparison.OrdinalIgnoreCase) >= 0); // System.Console.WriteLine($"VssOAuthCredential.IsAuthenticationChallenge: found or unauthorized");
var result = webResponse.Headers.GetValues(Common.Internal.HttpHeaders.WwwAuthenticate).Any(x => x.IndexOf("Bearer", StringComparison.OrdinalIgnoreCase) >= 0);
// System.Console.WriteLine($"VssOAuthCredential.IsAuthenticationChallenge: {result}");
return result;
} }
// System.Console.WriteLine($"VssOAuthCredential.IsAuthenticationChallenge: false");
return false; return false;
} }
@@ -121,7 +127,7 @@ namespace GitHub.Services.OAuth
Uri serverUrl, Uri serverUrl,
IHttpResponse response) IHttpResponse response)
{ {
// System.Console.WriteLine("VssOAuthCredential.OnCreateTokenProvider"); // System.Console.WriteLine($"VssOAuthCredential.OnCreateTokenProvider");
return new VssOAuthTokenProvider(this, serverUrl); return new VssOAuthTokenProvider(this, serverUrl);
} }

11
src/Sdk/WebApi/WebApi/OAuth/VssOAuthTokenProvider.cs
View File

@@ -47,6 +47,7 @@ namespace GitHub.Services.OAuth
VssOAuthTokenParameters tokenParameters) VssOAuthTokenParameters tokenParameters)
: base(credential, serverUrl, authorizationUrl) : base(credential, serverUrl, authorizationUrl)
{ {
// System.Console.WriteLine($"VssOAuthTokenProvider.ctor");
m_grant = grant; m_grant = grant;
m_tokenParameters = tokenParameters; m_tokenParameters = tokenParameters;
m_clientCredential = clientCrential; m_clientCredential = clientCrential;
@@ -59,6 +60,7 @@ namespace GitHub.Services.OAuth
{ {
get get
{ {
// System.Console.WriteLine($"VssOAuthTokenProvider.get_Grant");
return m_grant; return m_grant;
} }
} }
@@ -70,6 +72,7 @@ namespace GitHub.Services.OAuth
{ {
get get
{ {
// System.Console.WriteLine($"VssOAuthTokenProvider.get_ClientCredential");
return m_clientCredential; return m_clientCredential;
} }
} }
@@ -81,6 +84,7 @@ namespace GitHub.Services.OAuth
{ {
get get
{ {
// System.Console.WriteLine($"VssOAuthTokenProvider.get_TokenParameters");
return m_tokenParameters; return m_tokenParameters;
} }
} }
@@ -92,6 +96,7 @@ namespace GitHub.Services.OAuth
{ {
get get
{ {
// System.Console.WriteLine($"VssOAuthTokenProvider.get_GetTokenIsInteractive");
return false; return false;
} }
} }
@@ -100,6 +105,7 @@ namespace GitHub.Services.OAuth
{ {
get get
{ {
// System.Console.WriteLine($"VssOAuthTokenProvider.get_AuthenticationParameter");
if (this.ClientCredential == null) if (this.ClientCredential == null)
{ {
return null; return null;
@@ -115,12 +121,14 @@ namespace GitHub.Services.OAuth
{ {
get get
{ {
// System.Console.WriteLine($"VssOAuthTokenProvider.get_AuthenticationScheme");
return "Bearer"; return "Bearer";
} }
} }
public async Task<string> ValidateCredentialAsync(CancellationToken cancellationToken) public async Task<string> ValidateCredentialAsync(CancellationToken cancellationToken)
{ {
// System.Console.WriteLine($"VssOAuthTokenProvider.ValidateCredentialAsync: Calling VssOAuthTokenHttpClient.GetTokenAsync");
var tokenHttpClient = new VssOAuthTokenHttpClient(this.SignInUrl); var tokenHttpClient = new VssOAuthTokenHttpClient(this.SignInUrl);
var tokenResponse = await tokenHttpClient.GetTokenAsync(this.Grant, this.ClientCredential, this.TokenParameters, cancellationToken); var tokenResponse = await tokenHttpClient.GetTokenAsync(this.Grant, this.ClientCredential, this.TokenParameters, cancellationToken);
@@ -139,6 +147,7 @@ namespace GitHub.Services.OAuth
IssuedToken failedToken, IssuedToken failedToken,
CancellationToken cancellationToken) CancellationToken cancellationToken)
{ {
// System.Console.WriteLine($"VssOAuthTokenProvider.OnGetTokenAsync");
if (this.SignInUrl == null || if (this.SignInUrl == null ||
this.Grant == null || this.Grant == null ||
this.ClientCredential == null) this.ClientCredential == null)
@@ -151,6 +160,7 @@ namespace GitHub.Services.OAuth
try try
{ {
var tokenHttpClient = new VssOAuthTokenHttpClient(this.SignInUrl); var tokenHttpClient = new VssOAuthTokenHttpClient(this.SignInUrl);
// System.Console.WriteLine($"VssOAuthTokenProvider.OnGetTokenAsync: Calling VssOAuthTokenHttpClient.GetTokenAsync; sign-in url {this.SignInUrl.AbsoluteUri}");
var tokenResponse = await tokenHttpClient.GetTokenAsync(this.Grant, this.ClientCredential, this.TokenParameters, cancellationToken).ConfigureAwait(false); var tokenResponse = await tokenHttpClient.GetTokenAsync(this.Grant, this.ClientCredential, this.TokenParameters, cancellationToken).ConfigureAwait(false);
if (!String.IsNullOrEmpty(tokenResponse.AccessToken)) if (!String.IsNullOrEmpty(tokenResponse.AccessToken))
{ {
@@ -197,6 +207,7 @@ namespace GitHub.Services.OAuth
protected virtual IssuedToken CreateIssuedToken(VssOAuthTokenResponse tokenResponse) protected virtual IssuedToken CreateIssuedToken(VssOAuthTokenResponse tokenResponse)
{ {
// System.Console.WriteLine($"VssOAuthTokenProvider.CreateIssuedToken");
if (tokenResponse.ExpiresIn > 0) if (tokenResponse.ExpiresIn > 0)
{ {
return new VssOAuthAccessToken(tokenResponse.AccessToken, DateTime.UtcNow.AddSeconds(tokenResponse.ExpiresIn)); return new VssOAuthAccessToken(tokenResponse.AccessToken, DateTime.UtcNow.AddSeconds(tokenResponse.ExpiresIn));