Skip to content

feat(atlas-service): securely persist and restore atlas login state through keychain #4718

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Aug 14, 2023
Merged

feat(atlas-service): securely persist and restore atlas login state through keychain #4718

merged 7 commits into from
Aug 14, 2023

Conversation

gribnoysup
Copy link
Collaborator

@gribnoysup gribnoysup commented Aug 10, 2023
edited
Loading

This patch adds some logic to atlas-service package that persists and restores serialized auth state of oidc-plugin using system keychain. This means that if you are signed in and close Compass, you don't need to sign in again after re-opening it.

Opening as draft to keep track of progress, as I need to switch to another task. The feature already works and existing tests were adjusted, but I still need to add some new tests for the added functionality Added some tests, so this is fully ready for review now

@github-actions github-actions bot added the feat label Aug 10, 2023
@gribnoysup gribnoysup force-pushed the compass-7095-persist-atlas-login-auth-state branch from d8f9d58 to dd9f882 Compare August 10, 2023 16:01
addaleax
addaleax approved these changes Aug 10, 2023
View reviewed changes
Copy link
Collaborator

@addaleax addaleax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good so far, only one minor suggestion (can also try that out manually sometime myself)

packages/atlas-service/src/main.ts Outdated
mongoLogId(1_001_000_210),
'AtlasService',
'Atlas service initialized'
this.initPromise = (async () => {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you do

Suggested change
this.initPromise = (async () => {
return this.initPromise ??= (async () => {

or would the linter complain about that?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, yes, that's way better! I don't think it will complain, I just always forget about null-ish operators!

@gribnoysup gribnoysup added the feature flagged PRs labeled with this label will not be included in the release notes of the next release label Aug 11, 2023
@gribnoysup gribnoysup force-pushed the compass-7095-persist-atlas-login-auth-state branch from 587de8d to 2e9f3b9 Compare August 11, 2023 17:10
@gribnoysup gribnoysup marked this pull request as ready for review August 14, 2023 08:59
@gribnoysup
Copy link
Collaborator Author

@addaleax do you mind giving it another look when you have a moment? I stumbled on some issues with how I was handling the events before when manually testing and so had to update the way refresh works quite a bit

gribnoysup
gribnoysup commented Aug 14, 2023
View reviewed changes
packages/atlas-service/src/main.ts
Comment on lines +382 to +386
// We are not using `refresh-succeeded` / `refresh-failed` events
// here because those happen BEFORE `allowedFlows` method is called
// (see oidc-plugin flow diagram) meaning that we need to wait until
// the whole request token flow went through to make sure that sign
// in flow is not allowed while we are refreshing the token
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's the main change from the previous implementation: to make sure we don't return any allowedFlows before they are read and can be used on refresh failing we are listening to auth-* events here now instead of refresh-*, even though we are waiting specifically for refresh to finish

addaleax
addaleax approved these changes Aug 14, 2023
View reviewed changes
@gribnoysup @addaleax
chore(atlas-service): don't use Promise inside async functions
d5eafcf 
Co-authored-by: Anna Henningsen <anna.henningsen@mongodb.com>
@gribnoysup gribnoysup merged commit d2a0f6b into main Aug 14, 2023
@gribnoysup gribnoysup deleted the compass-7095-persist-atlas-login-auth-state branch August 14, 2023 11:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@addaleax addaleax addaleax approved these changes

Assignees

No one assigned

Labels

feat feature flagged PRs labeled with this label will not be included in the release notes of the next release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gribnoysup @addaleax