Skip to content

Commit

Permalink
fix(auth): malformed SSO cache didn't prompt reauth
Browse files Browse the repository at this point in the history
Problem:

When we loaded sso cache from disk, we would only invalidate (leading to a reauth prompt)
if the cache file was missing.

But if the cache file was present, though its content was malformed, we would incorrectly
treat it as recoverable by throwing instead of returning undefined.

Solution:

If we detect a SyntaxError treat it as non-recoverable, meaning it will trigger a reauth.
Also added some code to validate the content of the SSO cache we loaded from disk to ensure
it is what we expected.

Signed-off-by: nkomonen-amazon <[email protected]>
  • Loading branch information
nkomonen-amazon committed Dec 9, 2024
1 parent 226dd6f commit 2a4f7ba
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 1 deletion.
9 changes: 8 additions & 1 deletion packages/core/src/auth/sso/cache.ts
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,12 @@ import { getLogger } from '../../shared/logger/logger'
import fs from '../../shared/fs/fs'
import { createDiskCache, KeyedCache, mapCache } from '../../shared/utilities/cacheUtils'
import { stripUndefined } from '../../shared/utilities/collectionUtils'
import { hasProps, selectFrom } from '../../shared/utilities/tsUtils'
import { getMissingProps, hasProps, selectFrom } from '../../shared/utilities/tsUtils'
import { SsoToken, ClientRegistration } from './model'
import { DevSettings } from '../../shared/settings'
import { onceChanged } from '../../shared/utilities/functionUtils'
import globals from '../../shared/extensionGlobals'
import { ToolkitError } from '../../shared'

interface RegistrationKey {
readonly startUrl: string
Expand Down Expand Up @@ -92,6 +93,12 @@ export function getTokenCache(directory = getCacheDir()): KeyedCache<SsoAccess>

stripUndefined(token)

// Validate data is not missing.
const missingProps = getMissingProps(token, 'accessToken', 'refreshToken')
if (missingProps.length > 0) {
throw new ToolkitError(`SSO cache data unexpectedly missing props: ${JSON.stringify(missingProps)}`)
}

return {
token,
registration,
Expand Down
13 changes: 13 additions & 0 deletions packages/core/src/shared/utilities/cacheUtils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -116,10 +116,23 @@ export function createDiskCache<V, K>(
log('loaded', key)
return result
} catch (error) {
// Non-recoverable errors mean there is no usable data.
// Recoverable errors mean we can possibly use the data for something like
// an SSO token refresh, or to just retry.
// Returning undefined implies non-recoverable.

// -- Non-recoverable Errors --
if (isFileNotFoundError(error)) {
log('read failed (file not found)', key)
return
}
if (error instanceof SyntaxError) {
// file content was malformed or empty
log(`read failed (invalid JSON)`, key)
return
}

// -- Recoverable Errors --
log(`read failed ${error}`, key)
throw createDiskCacheError(error, 'LOAD', target, key)
}
Expand Down

0 comments on commit 2a4f7ba

Please sign in to comment.