[server] WorkspaceService.getIDECredentials

Author: geropl

components/server/src/workspace/gitpod-server-impl.ts

@@ -897,15 +897,8 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
 
         const workspace = await this.workspaceService.getWorkspace(user.id, workspaceId);
         await this.guardAccess({ kind: "workspace", subject: workspace }, "get");
-        if (workspace.config.ideCredentials) {
-            return workspace.config.ideCredentials;
-        }
-        return this.workspaceDb.trace(ctx).transaction(async (db) => {
-            const ws = await this.workspaceService.getWorkspace(user.id, workspaceId);
-            ws.config.ideCredentials = crypto.randomBytes(32).toString("base64");
-            await db.store(ws);
-            return ws.config.ideCredentials;
-        });
+
+        return await this.workspaceService.getIDECredentials(user.id, workspaceId);
     }
 
     public async startWorkspace(

components/server/src/workspace/workspace-service.spec.db.ts

@@ -115,6 +115,20 @@ describe("WorkspaceService", async () => {
         );
     });
 
+    it("should getIDECredentials", async () => {
+        const svc = container.get(WorkspaceService);
+        const ws = await createTestWorkspace(svc, org, owner, project);
+
+        const ideCredentials = await svc.getIDECredentials(owner.id, ws.id);
+        expect(ideCredentials, "IDE credentials should be present").to.not.be.undefined;
+
+        await expectError(
+            ErrorCodes.NOT_FOUND,
+            () => svc.getWorkspace(stranger.id, ws.id),
+            "NOT_FOUND if stranger asks for the IDE credentials",
+        );
+    });
+
     it("should stopWorkspace", async () => {
         const svc = container.get(WorkspaceService);
         const ws = await createTestWorkspace(svc, org, owner, project);

components/server/src/workspace/workspace-service.ts

@@ -14,6 +14,7 @@ import { WorkspaceFactory } from "./workspace-factory";
 import { StopWorkspacePolicy } from "@gitpod/ws-manager/lib";
 import { WorkspaceStarter } from "./workspace-starter";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
+import * as crypto from "crypto";
 
 @injectable()
 export class WorkspaceService {
@@ -78,6 +79,21 @@ export class WorkspaceService {
         return ownerToken;
     }
 
+    async getIDECredentials(userId: string, workspaceId: string): Promise<string> {
+        await this.auth.checkPermissionOnWorkspace(userId, "access", workspaceId);
+
+        const workspace = await this.doGetWorkspace(workspaceId);
+        if (workspace.config.ideCredentials) {
+            return workspace.config.ideCredentials;
+        }
+        return this.db.transaction(async (db) => {
+            const ws = await this.doGetWorkspace(workspaceId, db);
+            ws.config.ideCredentials = crypto.randomBytes(32).toString("base64");
+            await db.store(ws);
+            return ws.config.ideCredentials;
+        });
+    }
+
     async stopWorkspace(
         userId: string,
         workspaceId: string,
@@ -150,8 +166,8 @@ export class WorkspaceService {
         log.info(`Purged Workspace ${workspaceId} and all WorkspaceInstances for this workspace`, { workspaceId });
     }
 
-    private async doGetWorkspace(workspaceId: string): Promise<Workspace> {
-        const workspace = await this.db.findById(workspaceId);
+    private async doGetWorkspace(workspaceId: string, workspaceDB?: WorkspaceDB): Promise<Workspace> {
+        const workspace = await (workspaceDB || this.db).findById(workspaceId);
         if (!workspace || !!workspace.softDeleted || workspace.deleted) {
             throw new ApplicationError(ErrorCodes.NOT_FOUND, "Workspace not found.");
         }