Fix handling of legacy remote configurations

Author: EhabY

src/remote/remote.ts

@@ -62,7 +62,7 @@ export class Remote {
 	private readonly loginCoordinator: LoginCoordinator;
 
 	public constructor(
-		private readonly serviceContainer: ServiceContainer,
+		serviceContainer: ServiceContainer,
 		private readonly commands: Commands,
 		private readonly extensionContext: vscode.ExtensionContext,
 	) {
@@ -93,8 +93,8 @@ export class Remote {
 
 		const workspaceName = `${parts.username}/${parts.workspace}`;
 
-		// Migrate "session_token" file to "session", if needed.
-		await this.migrateSessionToken(parts.safeHostname);
+		// Migrate existing legacy file-based auth to secrets storage.
+		await this.migrateToSecretsStorage(parts.safeHostname);
 
 		// Get the URL and token belonging to this host.
 		const auth = await this.secretsManager.getSessionAuth(parts.safeHostname);
@@ -412,10 +412,10 @@ export class Remote {
 			// the user for the platform.
 			let mungedPlatforms = false;
 			if (
-				!remotePlatforms[parts.host] ||
-				remotePlatforms[parts.host] !== agent.operating_system
+				!remotePlatforms[parts.sshHost] ||
+				remotePlatforms[parts.sshHost] !== agent.operating_system
 			) {
-				remotePlatforms[parts.host] = agent.operating_system;
+				remotePlatforms[parts.sshHost] = agent.operating_system;
 				settingsContent = jsonc.applyEdits(
 					settingsContent,
 					jsonc.modify(
@@ -476,7 +476,7 @@ export class Remote {
 				await this.updateSSHConfig(
 					workspaceClient,
 					parts.safeHostname,
-					parts.host,
+					parts.sshHost,
 					binaryPath,
 					logDir,
 					featureSet,
@@ -488,7 +488,7 @@ export class Remote {
 
 			// Monitor SSH process and display network status
 			const sshMonitor = SshProcessMonitor.start({
-				sshHost: parts.host,
+				sshHost: parts.sshHost,
 				networkInfoPath: this.pathResolver.getNetworkInfoPath(),
 				proxyLogDir: logDir || undefined,
 				logger: this.logger,
@@ -551,19 +551,51 @@ export class Remote {
 	}
 
 	/**
-	 * Migrate the session token file from "session_token" to "session", if needed.
+	 * Migrate legacy file-based auth to secrets storage.
 	 */
-	private async migrateSessionToken(safeHostname: string) {
+	private async migrateToSecretsStorage(safeHostname: string) {
+		await this.migrateSessionTokenFile(safeHostname);
+		await this.migrateSessionAuthFromFiles(safeHostname);
+	}
+
+	/**
+	 * Migrate the session token file from "session_token" to "session".
+	 */
+	private async migrateSessionTokenFile(safeHostname: string) {
 		const oldTokenPath =
 			this.pathResolver.getLegacySessionTokenPath(safeHostname);
 		const newTokenPath = this.pathResolver.getSessionTokenPath(safeHostname);
 		try {
 			await fs.rename(oldTokenPath, newTokenPath);
 		} catch (error) {
-			if ((error as NodeJS.ErrnoException)?.code === "ENOENT") {
-				return;
+			if ((error as NodeJS.ErrnoException)?.code !== "ENOENT") {
+				throw error;
 			}
-			throw error;
+		}
+	}
+
+	/**
+	 * Migrate URL and session token from files to the mutli-deployment secrets storage.
+	 */
+	private async migrateSessionAuthFromFiles(safeHostname: string) {
+		const existingAuth = await this.secretsManager.getSessionAuth(safeHostname);
+		if (existingAuth) {
+			return;
+		}
+
+		const urlPath = this.pathResolver.getUrlPath(safeHostname);
+		const tokenPath = this.pathResolver.getSessionTokenPath(safeHostname);
+		const [url, token] = await Promise.allSettled([
+			fs.readFile(urlPath, "utf8"),
+			fs.readFile(tokenPath, "utf8"),
+		]);
+
+		if (url.status === "fulfilled" && token.status === "fulfilled") {
+			this.logger.info("Migrating session auth from files for", safeHostname);
+			await this.secretsManager.setSessionAuth(safeHostname, {
+				url: url.value.trim(),
+				token: token.value.trim(),
+			});
 		}
 	}
 

src/util.ts

@@ -3,7 +3,7 @@ import url from "node:url";
 
 export interface AuthorityParts {
 	agent: string | undefined;
-	host: string;
+	sshHost: string;
 	safeHostname: string;
 	username: string;
 	workspace: string;
@@ -93,7 +93,7 @@ export function parseRemoteAuthority(authority: string): AuthorityParts | null {
 
 	return {
 		agent: agent,
-		host: authorityParts[1],
+		sshHost: authorityParts[1],
 		safeHostname: parts[0].replace(/^coder-vscode\.?/, ""),
 		username: parts[1],
 		workspace: workspace,

test/unit/util.test.ts

@@ -42,7 +42,7 @@ describe("parseRemoteAuthority", () => {
 			parseRemoteAuthority("vscode://ssh-remote+coder-vscode--foo--bar"),
 		).toStrictEqual({
 			agent: "",
-			host: "coder-vscode--foo--bar",
+			sshHost: "coder-vscode--foo--bar",
 			safeHostname: "",
 			username: "foo",
 			workspace: "bar",
@@ -51,7 +51,7 @@ describe("parseRemoteAuthority", () => {
 			parseRemoteAuthority("vscode://ssh-remote+coder-vscode--foo--bar--baz"),
 		).toStrictEqual({
 			agent: "baz",
-			host: "coder-vscode--foo--bar--baz",
+			sshHost: "coder-vscode--foo--bar--baz",
 			safeHostname: "",
 			username: "foo",
 			workspace: "bar",
@@ -62,7 +62,7 @@ describe("parseRemoteAuthority", () => {
 			),
 		).toStrictEqual({
 			agent: "",
-			host: "coder-vscode.dev.coder.com--foo--bar",
+			sshHost: "coder-vscode.dev.coder.com--foo--bar",
 			safeHostname: "dev.coder.com",
 			username: "foo",
 			workspace: "bar",
@@ -73,7 +73,7 @@ describe("parseRemoteAuthority", () => {
 			),
 		).toStrictEqual({
 			agent: "baz",
-			host: "coder-vscode.dev.coder.com--foo--bar--baz",
+			sshHost: "coder-vscode.dev.coder.com--foo--bar--baz",
 			safeHostname: "dev.coder.com",
 			username: "foo",
 			workspace: "bar",
@@ -84,7 +84,7 @@ describe("parseRemoteAuthority", () => {
 			),
 		).toStrictEqual({
 			agent: "baz",
-			host: "coder-vscode.dev.coder.com--foo--bar.baz",
+			sshHost: "coder-vscode.dev.coder.com--foo--bar.baz",
 			safeHostname: "dev.coder.com",
 			username: "foo",
 			workspace: "bar",