styra-link: correct password flow #81
Conversation
1. fix poor error reporting upon bad password. ``` ERROR: CLI installation failed Error: Password: Sorry, try again. Password: sudo: no password was provided sudo: 1 incorrect password attempt ``` 2. allow password retries without re-downloading full binary Add loop for retry but only fetch the binary on the first pass 3. cancel out of password entry closes progress bar Move `collectInputs` out of `await IDE.withProgress`.
msorens
force-pushed
the
msorens/correct-pwd-flow
branch
from
56dc114
to
f0674d4
Compare
Duh; do not need to include the binary download in the loop at all.
| // eslint-disable-next-line no-constant-condition | ||
| while (true) { |
There was a problem hiding this comment.
Surprised it is not smart enough to recognize the loop does have exits.
| if ((err as Error).message.includes('Sorry, try again')) { | ||
| info('invalid password; try again...'); |
There was a problem hiding this comment.
Add in a specific check for a password failure and, if found:
(a) print a clean, short message instead of the cryptic, verbose one (see image above), and
(b) do not return from the function yet, so it loops.
| const state = await this.collectInputs(); | ||
| // see https://stackoverflow.com/q/39785436/115690 for ideas on running sudo | ||
| const args = ['-c', `echo ${state.pwd} | sudo -S bash -c 'mv ${tempFileLocation} ${this.ExeFile}'`]; | ||
| // vital to run in quiet mode so password does not display | ||
| await new CommandRunner().runShellCmd('sh', args, {progressTitle: '', quiet: true}); |
There was a problem hiding this comment.
By moving collectInputs outside of the IDE.withProgress block, the user can now abort the operation cleanly (by pressing Escape in the text input box prompting for the password). Inside the IDE.withProgress block, a progress bar appears until finished, and that progress bar did not clean up when aborting with Escape.
| if (await StyraInstall.styraCmdExists()) { | ||
| if (await this.styraCmdExists()) { |
There was a problem hiding this comment.
Had a mix of class name vs. this. Making them all consistent.
| info('Installing Styra CLI. This may take a few minutes...'); | ||
| try { | ||
| await this.installStyra(); |
There was a problem hiding this comment.
Separating installStyra into downloadBinary and installOnPath.
| shouldResume | ||
| shouldResume // TODO: override and delete temp file |
There was a problem hiding this comment.
for later; low priority
| function setPrivateMock(functionName: string, mock: jest.Mock) { | ||
| (StyraInstall as any)[functionName] = mock; | ||
| } | ||
|
|
||
| beforeEach(() => { | ||
| // eslint-disable-next-line dot-notation | ||
| StyraInstall['installStyra'] = jest.fn().mockResolvedValue(''); | ||
| setPrivateMock('downloadBinary', jest.fn().mockResolvedValue('')); |
There was a problem hiding this comment.
Introduced setPrivateMock to get rid of the smattering of eslint disablements.
| } else { | ||
| const state = await this.collectInputs(); | ||
| // see https://stackoverflow.com/q/39785436/115690 for ideas on running sudo | ||
| const args = ['-c', `echo ${state.pwd} | sudo -S bash -c 'mv ${tempFileLocation} ${this.ExeFile}'`]; |
There was a problem hiding this comment.
[nit] I know this is copied code, but I still don't quite like this. I'm always getting nervous when any tool asks me to input my password. Be that as it may, I suppose we're not here to discuss this. Anyway...
This particular method seems icky, too -- multi-user machines are no longer the norm, but any other process on the machine could read the user's password from ps output if they're eager to. Can we not just open a shell with the sudo call? if the user inputs their password there it'll always be safe.
There was a problem hiding this comment.
I certainly agree with your point but I am not sure there is a way to give a user a shell prompt from within a VSCode command. I like the idea though, so will put it on my backlog but merge as is for now. Thanks!
There was a problem hiding this comment.
The only winning move is not to play -- we can install the binary anywhere, and use it from anywhere. So we can use a location where an unprivileged user can write to. .styra/bin/ or something. We'll add a note saying that they need to add that to their PATH to have it be available on the command line. If they only interact with the link tool using the VSCode plugin, there's no need for updating the $PATH even.
What code changed, and why?
Several issues revolving around the password entry flow when installing the Styra CLI from the plugin.
DAS-770, DAS-771, DAS-772.
Definition of done
OLD:
NEW:
fix poor error reporting upon bad password.
allow password retries without re-downloading full binary: Add loop for retry but move the binary fetch outside the loop
cancel out of password entry closes progress bar.
How to test
You can install either from source code or from GitHub.
Install from source
npm install.Install from GitHub
vscode-styra-2.0.1-next.4.vsix.code --install-extension vscode-styra-2.0.1-next.4.vsixExercise the Code
Related Resources