mirror of
https://github.com/actions/runner.git
synced 2025-12-10 12:36:23 +00:00
temp tracing for client auth
This commit is contained in:
eric sciple
@@ -18,6 +18,7 @@ namespace GitHub.Services.Common
|
||||
|
||||
public override bool IsAuthenticationChallenge(IHttpResponse webResponse)
|
||||
{
|
||||
// System.Console.WriteLine($"FederatedCredential.IsAuthenticationChallenge");
|
||||
if (webResponse == null)
|
||||
{
|
||||
return false;
|
||||
|
||||
@@ -100,12 +100,14 @@ namespace GitHub.Services.Common
|
||||
{
|
||||
throw new InvalidOperationException($"The {nameof(TokenStorageUrl)} property must have a value if the {nameof(Storage)} property is set on this instance of {GetType().Name}.");
|
||||
}
|
||||
// System.Console.WriteLine($"IssuedTokenCredential.CreateTokenProvider: TokenStorageUrl: {TokenStorageUrl}");
|
||||
InitialToken = Storage.RetrieveToken(TokenStorageUrl, CredentialType);
|
||||
}
|
||||
|
||||
IssuedTokenProvider provider = OnCreateTokenProvider(serverUrl, response);
|
||||
if (provider != null)
|
||||
{
|
||||
// System.Console.WriteLine($"IssuedTokenCredential.CreateTokenProvider: provider: {provider}");
|
||||
provider.TokenStorageUrl = TokenStorageUrl;
|
||||
}
|
||||
|
||||
@@ -124,6 +126,7 @@ namespace GitHub.Services.Common
|
||||
|
||||
internal virtual string GetAuthenticationChallenge(IHttpResponse webResponse)
|
||||
{
|
||||
// System.Console.WriteLine($"IssuedTokenCredential.GetAuthenticationChallenge");
|
||||
IEnumerable<String> values;
|
||||
if (!webResponse.Headers.TryGetValues(Internal.HttpHeaders.WwwAuthenticate, out values))
|
||||
{
|
||||
|
||||
@@ -108,6 +108,7 @@ namespace GitHub.Services.Common
|
||||
TaskScheduler scheduler,
|
||||
IVssCredentialPrompt credentialPrompt)
|
||||
{
|
||||
// System.Console.WriteLine($"VssCredentials.ctor");
|
||||
this.PromptType = promptType;
|
||||
|
||||
if (promptType == CredentialPromptType.PromptIfNeeded && scheduler == null)
|
||||
@@ -150,6 +151,7 @@ namespace GitHub.Services.Common
|
||||
{
|
||||
get
|
||||
{
|
||||
// System.Console.WriteLine($"VssCredentials.get_PromptType");
|
||||
return m_promptType;
|
||||
}
|
||||
set
|
||||
@@ -170,6 +172,7 @@ namespace GitHub.Services.Common
|
||||
{
|
||||
get
|
||||
{
|
||||
// System.Console.WriteLine($"VssCredentials.get_Federated");
|
||||
return m_federatedCredential;
|
||||
}
|
||||
}
|
||||
@@ -184,6 +187,7 @@ namespace GitHub.Services.Common
|
||||
{
|
||||
get
|
||||
{
|
||||
// System.Console.WriteLine($"VssCredentials.get_Storage");
|
||||
return m_credentialStorage;
|
||||
}
|
||||
set
|
||||
@@ -203,6 +207,7 @@ namespace GitHub.Services.Common
|
||||
/// </summary>
|
||||
internal virtual bool TryGetValidAdalToken(IVssCredentialPrompt prompt)
|
||||
{
|
||||
// System.Console.WriteLine($"VssCredentials.TryGetValidAdalToken");
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -264,6 +269,7 @@ namespace GitHub.Services.Common
|
||||
Uri serverUrl,
|
||||
out IssuedTokenProvider provider)
|
||||
{
|
||||
// System.Console.WriteLine($"VssCredentials.TryGetTokenProvider");
|
||||
ArgumentUtility.CheckForNull(serverUrl, "serverUrl");
|
||||
|
||||
lock (m_thisLock)
|
||||
@@ -297,6 +303,7 @@ namespace GitHub.Services.Common
|
||||
/// <returns>True if this is an token authentication redirect, false otherwise</returns>
|
||||
internal bool IsAuthenticationChallenge(IHttpResponse webResponse)
|
||||
{
|
||||
// System.Console.WriteLine($"VssCredentials.IsAuthenticationChallenge");
|
||||
if (webResponse == null)
|
||||
{
|
||||
return false;
|
||||
@@ -316,6 +323,7 @@ namespace GitHub.Services.Common
|
||||
Uri serviceLocation,
|
||||
string identityProvider)
|
||||
{
|
||||
// System.Console.WriteLine($"VssCredentials.SignOut");
|
||||
// Remove the token in the storage and the current token provider. Note that we don't
|
||||
// call InvalidateToken here because we want to remove the whole token not just its value
|
||||
if ((m_currentProvider != null) && (m_currentProvider.CurrentToken != null))
|
||||
@@ -352,6 +360,7 @@ namespace GitHub.Services.Common
|
||||
string token,
|
||||
IDictionary<string, string> attributes)
|
||||
{
|
||||
// System.Console.WriteLine($"VssCredentials.WriteAuthorizationToken");
|
||||
int i = 0;
|
||||
for (int j = 0; j < token.Length; i++, j += 128)
|
||||
{
|
||||
@@ -363,6 +372,7 @@ namespace GitHub.Services.Common
|
||||
|
||||
protected static string ReadAuthorizationToken(IDictionary<string, string> attributes)
|
||||
{
|
||||
// System.Console.WriteLine($"VssCredentials.ReadAuthorizationToken");
|
||||
string authTokenCountValue;
|
||||
if (attributes.TryGetValue("AuthTokenSegmentCount", out authTokenCountValue))
|
||||
{
|
||||
|
||||
@@ -230,6 +230,7 @@ namespace GitHub.Services.Common
|
||||
|
||||
traceInfo?.TraceResponseContentTime();
|
||||
|
||||
// System.Console.WriteLine($"VssHttpMessageHandler.SendAsync: Creating response wrapper");
|
||||
responseWrapper = new HttpResponseMessageWrapper(response);
|
||||
|
||||
if (!this.Credentials.IsAuthenticationChallenge(responseWrapper))
|
||||
@@ -295,6 +296,7 @@ namespace GitHub.Services.Common
|
||||
}
|
||||
|
||||
// Now invoke the provider and await the result
|
||||
// System.Console.WriteLine($"VssHttpMessageHandler.SendAsync: Calling GetTokenAsync");
|
||||
token = await provider.GetTokenAsync(token, tokenSource.Token).ConfigureAwait(false);
|
||||
|
||||
// I always see 0 here, but the method above could take more time so keep for now
|
||||
|
||||
@@ -60,7 +60,7 @@ namespace GitHub.Services.OAuth
|
||||
Uri serverUrl,
|
||||
IHttpResponse response)
|
||||
{
|
||||
// System.Console.WriteLine("VssOAuthAccessTokenCredential.OnCreateTokenProvider");
|
||||
// System.Console.WriteLine($"VssOAuthAccessTokenCredential.OnCreateTokenProvider");
|
||||
return new VssOAuthAccessTokenProvider(this, serverUrl, null);
|
||||
}
|
||||
|
||||
@@ -72,6 +72,7 @@ namespace GitHub.Services.OAuth
|
||||
Uri signInUrl)
|
||||
: base(credential, serverUrl, signInUrl)
|
||||
{
|
||||
// System.Console.WriteLine($"VssOAuthAccessTokenProvider.ctor");
|
||||
}
|
||||
|
||||
public override Boolean GetTokenIsInteractive
|
||||
|
||||
@@ -103,17 +103,23 @@ namespace GitHub.Services.OAuth
|
||||
/// <returns>True if the web response indicates an authorization challenge; otherwise, false</returns>
|
||||
public override Boolean IsAuthenticationChallenge(IHttpResponse webResponse)
|
||||
{
|
||||
// System.Console.WriteLine($"VssOAuthCredential.IsAuthenticationChallenge");
|
||||
if (webResponse == null)
|
||||
{
|
||||
// System.Console.WriteLine($"VssOAuthCredential.IsAuthenticationChallenge: webResponse is null");
|
||||
return false;
|
||||
}
|
||||
|
||||
if (webResponse.StatusCode == HttpStatusCode.Found ||
|
||||
webResponse.StatusCode == HttpStatusCode.Unauthorized)
|
||||
{
|
||||
return webResponse.Headers.GetValues(Common.Internal.HttpHeaders.WwwAuthenticate).Any(x => x.IndexOf("Bearer", StringComparison.OrdinalIgnoreCase) >= 0);
|
||||
// System.Console.WriteLine($"VssOAuthCredential.IsAuthenticationChallenge: found or unauthorized");
|
||||
var result = webResponse.Headers.GetValues(Common.Internal.HttpHeaders.WwwAuthenticate).Any(x => x.IndexOf("Bearer", StringComparison.OrdinalIgnoreCase) >= 0);
|
||||
// System.Console.WriteLine($"VssOAuthCredential.IsAuthenticationChallenge: {result}");
|
||||
return result;
|
||||
}
|
||||
|
||||
// System.Console.WriteLine($"VssOAuthCredential.IsAuthenticationChallenge: false");
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -121,7 +127,7 @@ namespace GitHub.Services.OAuth
|
||||
Uri serverUrl,
|
||||
IHttpResponse response)
|
||||
{
|
||||
// System.Console.WriteLine("VssOAuthCredential.OnCreateTokenProvider");
|
||||
// System.Console.WriteLine($"VssOAuthCredential.OnCreateTokenProvider");
|
||||
return new VssOAuthTokenProvider(this, serverUrl);
|
||||
}
|
||||
|
||||
|
||||
@@ -47,6 +47,7 @@ namespace GitHub.Services.OAuth
|
||||
VssOAuthTokenParameters tokenParameters)
|
||||
: base(credential, serverUrl, authorizationUrl)
|
||||
{
|
||||
// System.Console.WriteLine($"VssOAuthTokenProvider.ctor");
|
||||
m_grant = grant;
|
||||
m_tokenParameters = tokenParameters;
|
||||
m_clientCredential = clientCrential;
|
||||
@@ -59,6 +60,7 @@ namespace GitHub.Services.OAuth
|
||||
{
|
||||
get
|
||||
{
|
||||
// System.Console.WriteLine($"VssOAuthTokenProvider.get_Grant");
|
||||
return m_grant;
|
||||
}
|
||||
}
|
||||
@@ -70,6 +72,7 @@ namespace GitHub.Services.OAuth
|
||||
{
|
||||
get
|
||||
{
|
||||
// System.Console.WriteLine($"VssOAuthTokenProvider.get_ClientCredential");
|
||||
return m_clientCredential;
|
||||
}
|
||||
}
|
||||
@@ -81,6 +84,7 @@ namespace GitHub.Services.OAuth
|
||||
{
|
||||
get
|
||||
{
|
||||
// System.Console.WriteLine($"VssOAuthTokenProvider.get_TokenParameters");
|
||||
return m_tokenParameters;
|
||||
}
|
||||
}
|
||||
@@ -92,6 +96,7 @@ namespace GitHub.Services.OAuth
|
||||
{
|
||||
get
|
||||
{
|
||||
// System.Console.WriteLine($"VssOAuthTokenProvider.get_GetTokenIsInteractive");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@@ -100,6 +105,7 @@ namespace GitHub.Services.OAuth
|
||||
{
|
||||
get
|
||||
{
|
||||
// System.Console.WriteLine($"VssOAuthTokenProvider.get_AuthenticationParameter");
|
||||
if (this.ClientCredential == null)
|
||||
{
|
||||
return null;
|
||||
@@ -115,12 +121,14 @@ namespace GitHub.Services.OAuth
|
||||
{
|
||||
get
|
||||
{
|
||||
// System.Console.WriteLine($"VssOAuthTokenProvider.get_AuthenticationScheme");
|
||||
return "Bearer";
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<string> ValidateCredentialAsync(CancellationToken cancellationToken)
|
||||
{
|
||||
// System.Console.WriteLine($"VssOAuthTokenProvider.ValidateCredentialAsync: Calling VssOAuthTokenHttpClient.GetTokenAsync");
|
||||
var tokenHttpClient = new VssOAuthTokenHttpClient(this.SignInUrl);
|
||||
var tokenResponse = await tokenHttpClient.GetTokenAsync(this.Grant, this.ClientCredential, this.TokenParameters, cancellationToken);
|
||||
|
||||
@@ -139,6 +147,7 @@ namespace GitHub.Services.OAuth
|
||||
IssuedToken failedToken,
|
||||
CancellationToken cancellationToken)
|
||||
{
|
||||
// System.Console.WriteLine($"VssOAuthTokenProvider.OnGetTokenAsync");
|
||||
if (this.SignInUrl == null ||
|
||||
this.Grant == null ||
|
||||
this.ClientCredential == null)
|
||||
@@ -151,6 +160,7 @@ namespace GitHub.Services.OAuth
|
||||
try
|
||||
{
|
||||
var tokenHttpClient = new VssOAuthTokenHttpClient(this.SignInUrl);
|
||||
// System.Console.WriteLine($"VssOAuthTokenProvider.OnGetTokenAsync: Calling VssOAuthTokenHttpClient.GetTokenAsync; sign-in url {this.SignInUrl.AbsoluteUri}");
|
||||
var tokenResponse = await tokenHttpClient.GetTokenAsync(this.Grant, this.ClientCredential, this.TokenParameters, cancellationToken).ConfigureAwait(false);
|
||||
if (!String.IsNullOrEmpty(tokenResponse.AccessToken))
|
||||
{
|
||||
@@ -197,6 +207,7 @@ namespace GitHub.Services.OAuth
|
||||
|
||||
protected virtual IssuedToken CreateIssuedToken(VssOAuthTokenResponse tokenResponse)
|
||||
{
|
||||
// System.Console.WriteLine($"VssOAuthTokenProvider.CreateIssuedToken");
|
||||
if (tokenResponse.ExpiresIn > 0)
|
||||
{
|
||||
return new VssOAuthAccessToken(tokenResponse.AccessToken, DateTime.UtcNow.AddSeconds(tokenResponse.ExpiresIn));
|
||||
|
||||
Reference in New Issue
Block a user