feat: Private Key Auth

[bmingles]

• DHE server context right-click context menu actions

  • Generate DHE keypair - will generate keypair, upload to server, and store in secret storage locally
  • Connect to server as another user (only visible if server is disconnected

• Login via keypair - If a keypair has been generated, clicking on a DHE server node will allow picking username / pwd or key login

• Discard connection action - shows up as trashcan on connected server node. Will discard DHE connection + any worker connections

• Secret storage

  • Store generated keypair
  • Remember last login user / operateas for the server
  • Deephaven: Clear Secrets - command palette option to remove private keys + remembering user / operateas user info

Note: there are some debugging tools for visualizing the secret storage. In command palette:
> Developer: Toggle Developer Tools
> Developer: Log Storage Database Contents

[github-actions]

End-to-end Test Summary

Tests 📝	Passed ✅	Failed ❌	Skipped ⏭️	Pending ⏳	Other ❓	Flaky 🍂	Duration ⏱️
6	6	0	0	0	0	0	04:49:50

A ctrf plugin

Detailed Test Results

Name	Status	ms	Flaky 🍂
should default to the correct settings	passed ✅	1932
should return custom settings: Empty configs	passed ✅	265
should return custom settings: Populated configs	passed ✅	109
should be able to load VSCode	passed ✅	1127
should only be visible when a supported file type is active: test.groovy	passed ✅	2599
should only be visible when a supported file type is active: test.py	passed ✅	1000

A ctrf plugin

Failed Test Summary

No failed tests ✨

Flaky Test Summary

No flaky tests detected. ✨

[bmingles]

The code should be ready for review. I do plan to update the DH npm package versions to non-alpha ones once https://github.com/deephaven-ent/iris/pull/2386 has merged and npm packages have been published, but there shouldn't be any api changes from that.

[mofojed]

One thing that's weird about this is that if we're already authenticated, it requests our username/password again. We should at least fill in the lastLogin here so we don't need to type in the user name again.
Ideally we'd use the same username, and just ask for the password again (like how other apps require re-authentication when performing security operations). It's somewhat odd having to enter the username again.

That being said, after using it - why do we have the user explicitly ask to generate a keypair? Is there any reason they'd want to create multiple key pairs? We're essentially generating this key pair so the user doesn't need to re-enter their password every time, correct? In which case, I'd expect the flow to be more like Login -> enter username/password, with an option to "Remember Me", rather than having an action "Generate DHE Keypair". Thoughts?

[bmingles]

Users could in theory create different keys for different usernames, so we would at least need to have a way for them to create a key for a different user. This could be facilitated by requiring logout and then login as the other user (related to your other comment of why we need to prompt user/password if there exists a key)

The remember me option is interesting depending on how much we want to expose to the user about the method of how things are stored. As-is, the user has to have some understanding they are opting for key pair encryption vs hiding that nuance. It does seem simpler that way but seems like something we'd want to run by Charles since it differs from current key pair usage.

[bmingles]

Assuming Charles is ok with hiding the private / key pair behind a "remember me" feature, I guess we could change the workflow to something like:

1. Prompt for username (remember last used)
2. If private key exists for selected user, use it. If not, prompt for password
3. Somewhere along the way present option to "remember me" and generate keys if not exists, or delete them if they do and user opts out

[bmingles]

Also, if we didn't want to make such a change on this PR, I could at least default the keygen username to remember the last username. That was just an oversight on my part

[bmingles]

I fixed it to remember the username

[mofojed]

I'm a little confused why you're adding this event/listener when it isn't being used anywhere (that I can see). Seems to be a pattern you do on a few services (e.g. DhService.onDidDisconnect). Any reason why?

[bmingles]

I had added this and then ended up swapping the instance using it for a SerializedKeyMap where I added the onDidChange. I just left it since it seemed something less to implement later if needed. I'm fine to remove it if you'd prefer though.

[mofojed]

Why bother prompting the user if they already have a key? Why not just login automatically?

[bmingles]

Use case would be to be able to login as a different user that doesn't have a private key.