[server] WorkspaceService.getOwnerToken + .getIDECredentials

Author: geropl

components/server/src/test/expect-utils.ts

@@ -11,11 +11,12 @@ export async function expectError(errorCode: ErrorCode, code: Promise<any> | (()
     const msg = "expected error: " + errorCode + (message ? " - " + message : "");
     try {
         await (code instanceof Function ? code() : code);
-        expect.fail(msg);
+        expect.fail(msg + " - succeeded");
     } catch (err) {
         if (!ApplicationError.hasErrorCode(err)) {
             throw err;
         }
-        expect(err && ApplicationError.hasErrorCode(err) && err.code, msg).to.equal(errorCode);
+        const actual = err && ApplicationError.hasErrorCode(err) && err.code;
+        expect(actual, msg + " - got: " + actual).to.equal(errorCode);
     }
 }

components/server/src/workspace/gitpod-server-impl.ts

@@ -884,7 +884,7 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
         traceAPIParams(ctx, { workspaceId });
         traceWI(ctx, { workspaceId });
 
-        await this.checkAndBlockUser("getOwnerToken");
+        const user = await this.checkAndBlockUser("getOwnerToken");
 
         const workspace = await this.workspaceDb.trace(ctx).findById(workspaceId);
         if (!workspace) {
@@ -895,11 +895,7 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
         const latestInstance = await this.workspaceDb.trace(ctx).findCurrentInstance(workspaceId);
         await this.guardAccess({ kind: "workspaceInstance", subject: latestInstance, workspace }, "get");
 
-        const ownerToken = latestInstance?.status.ownerToken;
-        if (!ownerToken) {
-            throw new Error("owner token not found");
-        }
-        return ownerToken;
+        return await this.workspaceService.getOwnerToken(user.id, workspaceId);
     }
 
     public async getIDECredentials(ctx: TraceContext, workspaceId: string): Promise<string> {
@@ -910,15 +906,8 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
 
         const workspace = await this.workspaceService.getWorkspace(user.id, workspaceId);
         await this.guardAccess({ kind: "workspace", subject: workspace }, "get");
-        if (workspace.config.ideCredentials) {
-            return workspace.config.ideCredentials;
-        }
-        return this.workspaceDb.trace(ctx).transaction(async (db) => {
-            const ws = await this.workspaceService.getWorkspace(user.id, workspaceId);
-            ws.config.ideCredentials = crypto.randomBytes(32).toString("base64");
-            await db.store(ws);
-            return ws.config.ideCredentials;
-        });
+
+        return await this.workspaceService.getIDECredentials(user.id, workspaceId);
     }
 
     public async startWorkspace(

components/server/src/workspace/workspace-service.spec.db.ts

@@ -98,6 +98,37 @@ describe("WorkspaceService", async () => {
         await expectError(ErrorCodes.NOT_FOUND, () => svc.getWorkspace(stranger.id, ws.id));
     });
 
+    it("should getOwnerToken", async () => {
+        const svc = container.get(WorkspaceService);
+        const ws = await createTestWorkspace(svc, org, owner, project);
+
+        await expectError(
+            ErrorCodes.NOT_FOUND,
+            () => svc.getOwnerToken(owner.id, ws.id),
+            "NOT_FOUND for non-running workspace",
+        );
+
+        await expectError(
+            ErrorCodes.NOT_FOUND,
+            () => svc.getOwnerToken(stranger.id, ws.id),
+            "NOT_FOUND if stranger asks for the owner token",
+        );
+    });
+
+    it("should getIDECredentials", async () => {
+        const svc = container.get(WorkspaceService);
+        const ws = await createTestWorkspace(svc, org, owner, project);
+
+        const ideCredentials = await svc.getIDECredentials(owner.id, ws.id);
+        expect(ideCredentials, "IDE credentials should be present").to.not.be.undefined;
+
+        await expectError(
+            ErrorCodes.NOT_FOUND,
+            () => svc.getIDECredentials(stranger.id, ws.id),
+            "NOT_FOUND if stranger asks for the IDE credentials",
+        );
+    });
+
     it("should stopWorkspace", async () => {
         const svc = container.get(WorkspaceService);
         const ws = await createTestWorkspace(svc, org, owner, project);

components/server/src/workspace/workspace-service.ts

@@ -14,6 +14,7 @@ import { WorkspaceFactory } from "./workspace-factory";
 import { StopWorkspacePolicy } from "@gitpod/ws-manager/lib";
 import { WorkspaceStarter } from "./workspace-starter";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
+import * as crypto from "crypto";
 
 @injectable()
 export class WorkspaceService {
@@ -59,9 +60,14 @@ export class WorkspaceService {
     }
 
     async getWorkspace(userId: string, workspaceId: string): Promise<Workspace> {
+        return this.doGetWorkspace(userId, workspaceId);
+    }
+
+    // Internal method for allowing for additional DBs to be passed in
+    private async doGetWorkspace(userId: string, workspaceId: string, db: WorkspaceDB = this.db): Promise<Workspace> {
         await this.auth.checkPermissionOnWorkspace(userId, "access", workspaceId);
 
-        const workspace = await this.db.findById(workspaceId);
+        const workspace = await db.findById(workspaceId);
         // TODO(gpl) We might want to add || !!workspace.softDeleted here in the future, but we were unsure how that would affect existing clients
         // In order to reduce risk, we leave it for a future changeset.
         if (!workspace || workspace.deleted) {
@@ -70,6 +76,39 @@ export class WorkspaceService {
         return workspace;
     }
 
+    async getOwnerToken(userId: string, workspaceId: string): Promise<string> {
+        await this.auth.checkPermissionOnWorkspace(userId, "access", workspaceId);
+
+        // Check: is deleted?
+        await this.getWorkspace(userId, workspaceId);
+
+        const latestInstance = await this.db.findCurrentInstance(workspaceId);
+        const ownerToken = latestInstance?.status.ownerToken;
+        if (!ownerToken) {
+            throw new ApplicationError(ErrorCodes.NOT_FOUND, "owner token not found");
+        }
+        return ownerToken;
+    }
+
+    async getIDECredentials(userId: string, workspaceId: string): Promise<string> {
+        await this.auth.checkPermissionOnWorkspace(userId, "access", workspaceId);
+
+        const ws = await this.getWorkspace(userId, workspaceId);
+        if (ws.config.ideCredentials) {
+            return ws.config.ideCredentials;
+        }
+
+        return this.db.transaction(async (db) => {
+            const ws = await this.doGetWorkspace(userId, workspaceId, db);
+            if (ws.config.ideCredentials) {
+                return ws.config.ideCredentials;
+            }
+            ws.config.ideCredentials = crypto.randomBytes(32).toString("base64");
+            await db.store(ws);
+            return ws.config.ideCredentials;
+        });
+    }
+
     async stopWorkspace(
         userId: string,
         workspaceId: string,