feat: add authentication setting (#487)

* feat: add authentication setting if 'use token authentication' is set to true, oauth2 authentication is disabled * fix: default to token for now * docs: update changelog
snyk · Jul 9, 2024 · f066c29 · f066c29
1 parent c5e705e
commit f066c29
Show file tree

Hide file tree

Showing 8 changed files with 52 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,7 +1,11 @@
 # Snyk Security Changelog
 
-### [2.13.1]
+## [2.13.2]
+- allow to select oauth2 authentication
+
+## [2.13.1]
 - Refactor the Suggestion Panel for OSS so it's more secure and will be supported in other IDEs
+- allow to select OAuth2 as authentication
 
 ## [2.13.0]
 - Fix `.suggestion` class to ensure it is scrollable and not overlapped by the `.suggestion-actions` fixed element. This change prevents the suggestion content from being hidden.

diff --git a/package.json b/package.json
@@ -107,6 +107,12 @@
             "scope": "window",
             "pattern": "^(|(https?://)api.*.(snyk|snykgov).io)$"
           },
+          "snyk.advanced.useTokenAuthentication": {
+            "type": "boolean",
+            "markdownDescription": "Use token authentication. It is recommended to keep this turned off, as the default OAuth2 authentication is more secure.",
+            "scope": "window",
+            "default": true
+          },
           "snyk.advanced.organization": {
             "type": "string",
             "markdownDescription": "Specifies an organization slug name to run tests for that organization. \n\nNote: The slug name can be extracted from the URL of your organization in the Snyk UI: `https://app.snyk.io/org/[orgslugname]`. If not specified, preferred organization as defined in your [web account settings](https://app.snyk.io/account) is used to run tests.",

diff --git a/src/snyk/common/configuration/configuration.ts b/src/snyk/common/configuration/configuration.ts
@@ -24,6 +24,7 @@ import {
   YES_BACKGROUND_OSS_NOTIFICATION_SETTING,
   YES_CRASH_REPORT_SETTING,
   YES_WELCOME_NOTIFICATION_SETTING,
+  ADVANCED_USE_TOKEN_AUTHENTICATION,
   DELTA_FINDINGS,
 } from '../constants/settings';
 import SecretStorageAdapter from '../vscode/secretStorage';
@@ -62,6 +63,10 @@ export interface IConfiguration {
 
   authHost: string;
 
+  useTokenAuthentication(): boolean;
+
+  setUseTokenAuthentication(useTokenAuth: boolean): void;
+
   getFeatureFlag(flagName: string): boolean;
 
   setFeatureFlag(flagName: string, value: boolean): void;
@@ -125,7 +130,6 @@ export interface IConfiguration {
 
 export class Configuration implements IConfiguration {
   // These attributes are used in tests
-  private readonly defaultSnykCodeBaseURL = 'https://deeproxy.snyk.io';
   private readonly defaultAuthHost = 'https://app.snyk.io';
   private readonly defaultApiEndpoint = 'https://api.snyk.io';
 
@@ -138,6 +142,23 @@ export class Configuration implements IConfiguration {
     return !strictSSL;
   }
 
+  useTokenAuthentication(): boolean {
+    const useTokenAuth = this.workspace.getConfiguration<boolean>(
+      CONFIGURATION_IDENTIFIER,
+      this.getConfigName(ADVANCED_USE_TOKEN_AUTHENTICATION),
+    );
+    return useTokenAuth ?? false;
+  }
+
+  async setUseTokenAuthentication(useTokenAuth: boolean): Promise<void> {
+    await this.workspace.updateConfiguration(
+      CONFIGURATION_IDENTIFIER,
+      this.getConfigName(ADVANCED_USE_TOKEN_AUTHENTICATION),
+      useTokenAuth,
+      true,
+    );
+  }
+
   static async getVersion(): Promise<string> {
     // eslint-disable-next-line @typescript-eslint/no-var-requires
     const { version } = await this.getPackageJsonConfig();

diff --git a/src/snyk/common/constants/settings.ts b/src/snyk/common/constants/settings.ts
@@ -20,6 +20,7 @@ export const ADVANCED_ORGANIZATION = `${CONFIGURATION_IDENTIFIER}.advanced.organ
 export const ADVANCED_AUTOMATIC_DEPENDENCY_MANAGEMENT = `${CONFIGURATION_IDENTIFIER}.advanced.automaticDependencyManagement`;
 export const ADVANCED_CLI_PATH = `${CONFIGURATION_IDENTIFIER}.advanced.cliPath`;
 export const ADVANCED_CUSTOM_LS_PATH = `${CONFIGURATION_IDENTIFIER}.advanced.languageServerPath`;
+export const ADVANCED_USE_TOKEN_AUTHENTICATION = `${CONFIGURATION_IDENTIFIER}.advanced.useTokenAuthentication`;
 
 export const ISSUE_VIEW_OPTIONS_SETTING = `${CONFIGURATION_IDENTIFIER}.issueViewOptions`;
 export const SEVERITY_FILTER_SETTING = `${CONFIGURATION_IDENTIFIER}.severity`;

diff --git a/src/snyk/common/languageServer/settings.ts b/src/snyk/common/languageServer/settings.ts
@@ -20,6 +20,7 @@ export type ServerSettings = {
   // Authentication and parameters
   token?: string;
   automaticAuthentication?: string;
+  authenticationMethod?: string;
   additionalParams?: string;
   manageBinariesAutomatically?: string;
 
@@ -57,6 +58,11 @@ export class LanguageServerSettings {
       ? true
       : featuresConfiguration.codeQualityEnabled;
 
+    let authenticationMethod = 'oauth';
+    if (configuration.useTokenAuthentication()) {
+      authenticationMethod = 'token';
+    }
+
     return {
       activateSnykCodeSecurity: `${codeSecurityEnabled}`,
       activateSnykCodeQuality: `${codeQualityEnabled}`,
@@ -80,6 +86,7 @@ export class LanguageServerSettings {
       integrationVersion: await Configuration.getVersion(),
       deviceId: user.anonymousId,
       requiredProtocolVersion: `${PROTOCOL_VERSION}`,
+      authenticationMethod: authenticationMethod,
     };
   }
 }
diff --git a/src/test/unit/common/languageServer/languageServer.test.ts b/src/test/unit/common/languageServer/languageServer.test.ts
@@ -36,6 +36,10 @@ suite('Language Server', () => {
 
   setup(() => {
     configurationMock = {
+      useTokenAuthentication(): boolean {
+        return false;
+      },
+
       getInsecure(): boolean {
         return true;
       },
@@ -223,6 +227,7 @@ suite('Language Server', () => {
         insecure: 'true',
         requiredProtocolVersion: '12',
         scanningMode: 'auto',
+        authenticationMethod: 'oauth',
       };
 
       deepStrictEqual(await languageServer.getInitializationOptions(), expectedInitializationOptions);

diff --git a/src/test/unit/common/languageServer/middleware.test.ts b/src/test/unit/common/languageServer/middleware.test.ts
@@ -21,6 +21,9 @@ suite('Language Server: Middleware', () => {
   setup(() => {
     user = { anonymousId: 'anonymous-id' } as User;
     configuration = {
+      useTokenAuthentication(): boolean {
+        return false;
+      },
       shouldReportErrors: false,
       snykApiEndpoint: 'https://dev.snyk.io/api',
       getAdditionalCliParameters: () => '',

diff --git a/src/test/unit/common/languageServer/settings.test.ts b/src/test/unit/common/languageServer/settings.test.ts
@@ -13,6 +13,9 @@ suite('LanguageServerSettings', () => {
         organization: 'my-org',
         // eslint-disable-next-line @typescript-eslint/require-await
         getToken: async () => 'snyk-token',
+        useTokenAuthentication(): boolean {
+          return false;
+        },
         getFeaturesConfiguration: () => ({}), // iacEnabled, codeSecurityEnabled, codeQualityEnabled are undefined
         getCliPath: () => '/path/to/cli',
         getAdditionalCliParameters: () => '--all-projects -d',