cody vs code: check whether user has verified email

[mrnugget]

This fixes #51992 and is a follow-up to #51706 to show a nicer message in VS Code in case user hasn't confirmed their email yet.

It changes how we fetch the authentication status:

• if we're connected to dotcom, we check whether the user has a verified email
• if we're not connected to dotcom, we skip that

If the user requires and doesn't have a verified email, we show a different error on the Login page.

There rest of the changes are essentially there to handle config changes, handle errors that happen at runtime, and login/logout.

This needs a thorough review

Test plan

• See Loom: https://www.loom.com/share/f95a19cd9fd0419798fc888b49245ca0
• Manual testing

[sourcegraph-buildkite]

Bundle size report 📦

Initial size	Total size	Async size	Modules
0.00% (0.00 kb)	0.00% (+0.34 kb)	0.00% (+0.34 kb)	0.00% (0)

Look at the Statoscope report for a full comparison between the commits ae937b3 and f7a0bd0 or learn more.

Open explanation

• Initial size is the size of the initial bundle (the one that is loaded when you open the page)
• Total size is the size of the initial bundle + all the async loaded chunks
• Async size is the size of all the async loaded chunks
• Modules is the number of modules in the initial bundle

[mrnugget]

@abeatrix I pulled in some of the changes in your PR, but not all of them (because my rebase -- which I did too early -- made it hard to see the changes).

@abeatrix @philipp-spiess @novoselrok can you take a look whether the introspection query here makes sense? I essentially want to check whether I can query the field and if so, I query it. Otherwise I ignore it.

I also changed a lot of the checks in other places to make sure that isLoggedIn() only returns true if the user is logged in and has a verified email if that is required.

(I haven't marked as ready for review, because it's still very rough and I need to test it, but wanted to get early eyes on the approach)

[philipp-spiess]

@abeatrix @philipp-spiess @novoselrok can you take a look whether the introspection query here makes sense? I essentially want to check whether I can query the field and if so, I query it. Otherwise I ignore it.

I've seen introspection for other parts of the product already but if this only affects dotcom which we fully control, can't we just roll out the server changes first? 🤔 I’m a bit confused why we need to introspect at all

[abeatrix]

right now this log user in as long as the user has entered a token, even if the token in not valid

[mrnugget]

I've seen introspection for other parts of the product already but if this only affects dotcom which we fully control, can't we just roll out the server changes first? 🤔 I’m a bit confused why we need to introspect at all

You mean, detect whether the user connects to sourcegraph.com on the client and then check? I assumed that was too brittle so added the check on the server-side and also because, well, we might remove that check on dotcom in the future (i can see someone saying "we noticed that our DAUs drop when we require verified emails, so let's stop this") But yeah, looks like that might be easier...

(Why we need introspect: I want to query site.requiresVerifiedEmailForCody, but if that field doesn't exist - which is the case for every <5.1 version of SG - it would error. So we need to check whether we can check the field...)

---

General update: @abeatrix I ported a lot of your changes, and the check works when logging in (it shows error message). But right now it's broken when a request fails after the user is already logged in. I think it might have to do with serialization of AuthStatus.

I'll take another look tomorrow, but I'm not sure I'll get it done before the sprint planning. If someone has capacity and wants to hop on this branch, be my guest.

[mrnugget]

Update after pairing session with @eseliger and @philipp-spiess on this: it works as it should now and we made the code simpler than what I had before.

But the state machine in App.tsx still needs a fix. As of now, when Cody is starting we show the login page, even if we're currently logging the user in and we have valid credentials. That's because we removed the view === 'login' thing and authStatus can be undefined.

That needs to be fixed.

[mrnugget]

@sourcegraph/cody can you review? This needs a thorough review. I'll do more manual testing (and Philip is working on adding integration test) but I really want us all to understand this code.

[sourcegraph-bot]

📖 Storybook live preview

[mrnugget]

I added a Loom to the PR description that shows how I tested this and what the cases are: https://www.loom.com/share/f95a19cd9fd0419798fc888b49245ca0

[philipp-spiess]

This looks good to me now! I think requiring a view to be set for any case other than the initial loading is a good idea.

[marekweb]

Since we now have the ability to connect the Cody extension to App as a server endpoint as well, I'm going to add an isApp check in addition to the isDotCom check introduced here. So that we can make the email-verified check work similarly for App (since App also uses a dotcom user). If there's no objection to that approach I'll follow up shortly with a PR with that.

[mrnugget]

Since we now have the ability to connect the Cody extension to App as a server endpoint as well, I'm going to add an isApp check in addition to the isDotCom check introduced here. So that we can make the email-verified check work similarly for App (since App also uses a dotcom user). If there's no objection to that approach I'll follow up shortly with a PR with that.

Do you need that? Wouldn't Cody-through-App go up to dotcom anyway?

Anyway, yeah, if it makes sense, open a PR