Set authStatus to unavailable when unable to refresh token, #89200

Rachel Macfarlane · Rachel Macfarlane · commit 03d1c79f55b2 · 2020-02-07T10:55:38.000-08:00
diff --git a/extensions/vscode-account/src/AADHelper.ts b/extensions/vscode-account/src/AADHelper.ts
@@ -18,8 +18,9 @@ const clientId = 'aebc6443-996d-45c2-90f0-388ff96faa56';
 const tenant = 'organizations';
 
 interface IToken {
-	expiresIn: string; // How long access token is valid, in seconds
-	accessToken: string;
+	accessToken?: string; // When unable to refresh due to network problems, the access token becomes undefined
+
+	expiresIn?: string; // How long access token is valid, in seconds
 	refreshToken: string;
 
 	accountName: string;
@@ -41,6 +42,7 @@ interface IStoredSession {
 	id: string;
 	refreshToken: string;
 	scope: string; // Scopes are alphabetized and joined with a space
+	accountName: string;
 }
 
 function parseQuery(uri: vscode.Uri) {
@@ -93,7 +95,20 @@ export class AzureActiveDirectoryService {
 					try {
 						await this.refreshToken(session.refreshToken, session.scope);
 					} catch (e) {
-						this.handleTokenRefreshFailure(e, session.id, session.refreshToken, session.scope, false);
+						if (e.message === REFRESH_NETWORK_FAILURE) {
+							const didSucceedOnRetry = await this.handleRefreshNetworkError(session.id, session.refreshToken, session.scope);
+							if (!didSucceedOnRetry) {
+								this._tokens.push({
+									accessToken: undefined,
+									refreshToken: session.refreshToken,
+									accountName: session.accountName,
+									scope: session.scope,
+									sessionId: session.id
+								});
+							}
+						} else {
+							await this.logout(session.id);
+						}
 					}
 				});
 
@@ -115,7 +130,8 @@ export class AzureActiveDirectoryService {
 			return {
 				id: token.sessionId,
 				refreshToken: token.refreshToken,
-				scope: token.scope
+				scope: token.scope,
+				accountName: token.accountName
 			};
 		});
 
@@ -136,7 +152,11 @@ export class AzureActiveDirectoryService {
 								await this.refreshToken(session.refreshToken, session.scope);
 								didChange = true;
 							} catch (e) {
-								this.handleTokenRefreshFailure(e, session.id, session.refreshToken, session.scope, false);
+								if (e.message === REFRESH_NETWORK_FAILURE) {
+									// Ignore, will automatically retry on next poll.
+								} else {
+									await this.logout(session.id);
+								}
 							}
 						}
 					});
@@ -175,7 +195,7 @@ export class AzureActiveDirectoryService {
 	private convertToSession(token: IToken): vscode.AuthenticationSession {
 		return {
 			id: token.sessionId,
-			accessToken: () => Promise.resolve(token.accessToken),
+			accessToken: () => !token.accessToken ? Promise.reject('Unavailable due to network problems') : Promise.resolve(token.accessToken),
 			accountName: token.accountName,
 			scopes: token.scope.split(' ')
 		};
@@ -339,14 +359,21 @@ export class AzureActiveDirectoryService {
 
 		this.clearSessionTimeout(token.sessionId);
 
-		this._refreshTimeouts.set(token.sessionId, setTimeout(async () => {
-			try {
-				await this.refreshToken(token.refreshToken, scope);
-				onDidChangeSessions.fire();
-			} catch (e) {
-				this.handleTokenRefreshFailure(e, token.sessionId, token.refreshToken, scope, true);
-			}
-		}, 1000 * (parseInt(token.expiresIn) - 30)));
+		if (token.expiresIn) {
+			this._refreshTimeouts.set(token.sessionId, setTimeout(async () => {
+				try {
+					await this.refreshToken(token.refreshToken, scope);
+					onDidChangeSessions.fire();
+				} catch (e) {
+					if (e.message === REFRESH_NETWORK_FAILURE) {
+						await this.handleRefreshNetworkError(token.sessionId, token.refreshToken, scope);
+					} else {
+						await this.logout(token.sessionId);
+						onDidChangeSessions.fire();
+					}
+				}
+			}, 1000 * (parseInt(token.expiresIn) - 30)));
+		}
 
 		this.storeTokenData();
 	}
@@ -480,40 +507,35 @@ export class AzureActiveDirectoryService {
 		this.clearSessionTimeout(sessionId);
 	}
 
-	private async handleTokenRefreshFailure(e: Error, sessionId: string, refreshToken: string, scope: string, sendChangeEvent: boolean): Promise<void> {
-		if (e.message === REFRESH_NETWORK_FAILURE) {
-			this.handleRefreshNetworkError(sessionId, refreshToken, scope);
-		} else {
-			await this.logout(sessionId);
-			if (sendChangeEvent) {
-				onDidChangeSessions.fire();
+	private handleRefreshNetworkError(sessionId: string, refreshToken: string, scope: string, attempts: number = 1): Promise<boolean> {
+		return new Promise((resolve, _) => {
+			if (attempts === 3) {
+				Logger.error('Token refresh failed after 3 attempts');
+				return resolve(false);
 			}
-		}
-	}
 
-	private handleRefreshNetworkError(sessionId: string, refreshToken: string, scope: string, attempts: number = 1) {
-		if (attempts === 5) {
-			Logger.error('Token refresh failed after 5 attempts');
-			return;
-		}
+			if (attempts === 1) {
+				const token = this._tokens.find(token => token.sessionId === sessionId);
+				if (token) {
+					token.accessToken = undefined;
+				}
 
-		if (attempts === 1) {
-			this.removeInMemorySessionData(sessionId);
-			onDidChangeSessions.fire();
-		}
+				onDidChangeSessions.fire();
+			}
 
-		const delayBeforeRetry = 5 * attempts * attempts;
+			const delayBeforeRetry = 5 * attempts * attempts;
 
-		this.clearSessionTimeout(sessionId);
+			this.clearSessionTimeout(sessionId);
 
-		this._refreshTimeouts.set(sessionId, setTimeout(async () => {
-			try {
-				await this.refreshToken(refreshToken, scope);
-				onDidChangeSessions.fire();
-			} catch (e) {
-				await this.handleRefreshNetworkError(sessionId, refreshToken, scope, attempts + 1);
-			}
-		}, 1000 * delayBeforeRetry));
+			this._refreshTimeouts.set(sessionId, setTimeout(async () => {
+				try {
+					await this.refreshToken(refreshToken, scope);
+					return resolve(true);
+				} catch (e) {
+					return resolve(await this.handleRefreshNetworkError(sessionId, refreshToken, scope, attempts + 1));
+				}
+			}, 1000 * delayBeforeRetry));
+		});
 	}
 
 	public async logout(sessionId: string) {
diff --git a/src/vs/workbench/contrib/userDataSync/browser/userDataSync.ts b/src/vs/workbench/contrib/userDataSync/browser/userDataSync.ts
@@ -48,7 +48,8 @@ import { ITelemetryService } from 'vs/platform/telemetry/common/telemetry';
 const enum AuthStatus {
 	Initializing = 'Initializing',
 	SignedIn = 'SignedIn',
-	SignedOut = 'SignedOut'
+	SignedOut = 'SignedOut',
+	Unavailable = 'Unavailable'
 }
 const CONTEXT_AUTH_TOKEN_STATE = new RawContextKey<string>('authTokenStatus', AuthStatus.Initializing);
 
@@ -176,9 +177,14 @@ export class UserDataSyncWorkbenchContribution extends Disposable implements IWo
 		this._activeAccount = account;
 
 		if (account) {
-			const token = await account.accessToken();
-			this.userDataAuthTokenService.setToken(token);
-			this.authenticationState.set(AuthStatus.SignedIn);
+			try {
+				const token = await account.accessToken();
+				this.userDataAuthTokenService.setToken(token);
+				this.authenticationState.set(AuthStatus.SignedIn);
+			} catch (e) {
+				this.userDataAuthTokenService.setToken(undefined);
+				this.authenticationState.set(AuthStatus.Unavailable);
+			}
 		} else {
 			this.userDataAuthTokenService.setToken(undefined);
 			this.authenticationState.set(AuthStatus.SignedOut);
