From 41121165b0f5da3efdce1794e674db98c0df4e9f Mon Sep 17 00:00:00 2001
From: Rachel Macfarlane <ramacfar@microsoft.com>
Date: Tue, 9 Feb 2021 14:12:42 -0800
Subject: [PATCH] Move isAccessAllowed to authentication service

---
 .../api/browser/mainThreadAuthentication.ts   | 20 +++++++++----------
 .../browser/authenticationService.ts          |  8 +++++++-
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/src/vs/workbench/api/browser/mainThreadAuthentication.ts b/src/vs/workbench/api/browser/mainThreadAuthentication.ts
index 4ed2572a8f7..09009ba5974 100644
--- a/src/vs/workbench/api/browser/mainThreadAuthentication.ts
+++ b/src/vs/workbench/api/browser/mainThreadAuthentication.ts
@@ -214,13 +214,6 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu
 	$logout(providerId: string, sessionId: string): Promise<void> {
 		return this.authenticationService.logout(providerId, sessionId);
 	}
-
-	private isAccessAllowed(providerId: string, accountName: string, extensionId: string): boolean {
-		const allowList = readAllowedExtensions(this.storageService, providerId, accountName);
-		const extensionData = allowList.find(extension => extension.id === extensionId);
-		return !!extensionData;
-	}
-
 	private async loginPrompt(providerName: string, extensionName: string): Promise<boolean> {
 		const { choice } = await this.dialogService.show(
 			Severity.Info,
@@ -257,10 +250,15 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu
 			if (existingSessionPreference) {
 				const matchingSession = potentialSessions.find(session => session.id === existingSessionPreference);
 				if (matchingSession) {
-					const allowed = await this.authenticationService.showGetSessionPrompt(providerId, matchingSession.account.label, extensionId, extensionName);
-					if (allowed) {
-						return matchingSession;
+					const allowed = this.authenticationService.isAccessAllowed(providerId, matchingSession.account.label, extensionId);
+					if (!allowed) {
+						const didAcceptPrompt = await this.authenticationService.showGetSessionPrompt(providerId, matchingSession.account.label, extensionId, extensionName);
+						if (!didAcceptPrompt) {
+							throw new Error('User did not consent to login.');
+						}
 					}
+
+					return matchingSession;
 				}
 			}
 		}
@@ -277,7 +275,7 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu
 		if (sessions.length) {
 			if (!this.authenticationService.supportsMultipleAccounts(providerId)) {
 				session = sessions[0];
-				const allowed = this.isAccessAllowed(providerId, session.account.label, extensionId);
+				const allowed = this.authenticationService.isAccessAllowed(providerId, session.account.label, extensionId);
 				if (!allowed) {
 					if (!silent) {
 						const didAcceptPrompt = await this.authenticationService.showGetSessionPrompt(providerId, session.account.label, extensionId, extensionName);
diff --git a/src/vs/workbench/services/authentication/browser/authenticationService.ts b/src/vs/workbench/services/authentication/browser/authenticationService.ts
index 7fcac70760b..9de1782af39 100644
--- a/src/vs/workbench/services/authentication/browser/authenticationService.ts
+++ b/src/vs/workbench/services/authentication/browser/authenticationService.ts
@@ -108,6 +108,7 @@ export interface IAuthenticationService {
 	getProviderIds(): string[];
 	registerAuthenticationProvider(id: string, provider: MainThreadAuthenticationProvider): void;
 	unregisterAuthenticationProvider(id: string): void;
+	isAccessAllowed(providerId: string, accountName: string, extensionId: string): boolean;
 	showGetSessionPrompt(providerId: string, accountName: string, extensionId: string, extensionName: string): Promise<boolean>;
 	selectSession(providerId: string, extensionId: string, extensionName: string, possibleSessions: AuthenticationSession[]): Promise<AuthenticationSession>;
 	requestSessionAccess(providerId: string, extensionId: string, extensionName: string, possibleSessions: AuthenticationSession[]): void;
@@ -426,7 +427,7 @@ export class AuthenticationService extends Disposable implements IAuthentication
 		}
 	}
 
-	async showGetSessionPrompt(providerId: string, accountName: string, extensionId: string, extensionName: string): Promise<boolean> {
+	isAccessAllowed(providerId: string, accountName: string, extensionId: string): boolean {
 		const allowList = readAllowedExtensions(this.storageService, providerId, accountName);
 		const extensionData = allowList.find(extension => extension.id === extensionId);
 		if (extensionData) {
@@ -442,6 +443,10 @@ export class AuthenticationService extends Disposable implements IAuthentication
 			return true;
 		}
 
+		return false;
+	}
+
+	async showGetSessionPrompt(providerId: string, accountName: string, extensionId: string, extensionName: string): Promise<boolean> {
 		const providerName = this.getLabel(providerId);
 		const { choice } = await this.dialogService.show(
 			Severity.Info,
@@ -454,6 +459,7 @@ export class AuthenticationService extends Disposable implements IAuthentication
 
 		const allow = choice === 0;
 		if (allow) {
+			const allowList = readAllowedExtensions(this.storageService, providerId, accountName);
 			allowList.push({ id: extensionId, name: extensionName });
 			this.storageService.store(`${providerId}-${accountName}`, JSON.stringify(allowList), StorageScope.GLOBAL, StorageTarget.USER);
 		}