Bring back password & cookie settings but don't recommend them

Author: Sander Ronde

README.md

@@ -10,8 +10,11 @@ To set up the extension, you'll need to set up authentication. This can be done
 
 -   `gerrit.auth.username` - This is your username on gerrit. You can find this next to the `Username` field under "HTTP Credentials".
 -   `gerrit.auth.url` - This is automatically inferred from your `.gitreview` file (if you have one). If you don't have one or it doesn't work, set this URL to the HTTP URL of your gerrit instance. This will be the URL your visit in the browser.
--   `gerrit.auth.password` (encrypted secret) - This is your HTTP password. You can generate one by clicking "Generate new password" on Gerrit and copying it.
--   `gerrit.auth.extraCookies` (encrypted secret) - This is your authentication cookie. Use this if your administrator has disabled the use of HTTP credentials. You can find it by going to gerrit in your browser, opening the developer tools, and finding the value of the cookie named `GerritAccount`.
+-   `gerrit.auth.password` - Your HTTP password (stored as an encrypted secret when entered via the command). You can generate one by clicking "Generate new password" on Gerrit and copying it.
+-   Authentication cookie - Use this if your administrator has disabled HTTP credentials. Enter it via the command (stored securely) or set `gerrit.auth.cookie` in settings. You can find it by going to gerrit in your browser, opening the developer tools, and copying the value of the cookie named `GerritAccount`.
+-   `gerrit.auth.extraCookies` - Other cookies besides the authentication cookie to send on every request.
+
+You can also set `gerrit.auth.password` and `gerrit.auth.cookie` in settings; these are not recommended because they are stored in plain text. Prefer "Gerrit: Enter credentials" for secure storage. Using the settings is still supported for cases like devcontainers.
 
 Additionally the extension requires the python package [git-review](https://pypi.org/project/git-review/) to be installed.
 

package.json

@@ -1037,6 +1037,16 @@
 					"title": "Gerrit username",
 					"description": "Gerrit login username"
 				},
+				"gerrit.auth.password": {
+					"type": "string",
+					"title": "Gerrit HTTP password",
+					"description": "Not recommended: stored in plain text in settings. Prefer the command \"Gerrit: Enter credentials\" so the password is stored securely. This setting is still supported for scenarios where the command is not practical (e.g. devcontainers)."
+				},
+				"gerrit.auth.cookie": {
+					"type": "string",
+					"title": "Gerrit access token (or authentication cookie)",
+					"description": "Not recommended: stored in plain text in settings. Prefer the command \"Gerrit: Enter credentials\" so the value is stored securely. This can be the access token from Gerrit Settings → HTTP Credentials or the GerritAccount cookie. This setting is still supported for scenarios where the command is not practical (e.g. devcontainers)."
+				},
 				"gerrit.extraCookies": {
 					"type": "object",
 					"title": "Extra Gerrit cookies",

src/commands/defs.ts

@@ -745,6 +745,22 @@ export const config = {
 			description: 'Gerrit login username',
 		},
 	},
+	'gerrit.auth.password': {
+		jsonDefinition: {
+			type: 'string',
+			title: 'Gerrit HTTP password',
+			description:
+				'Not recommended: stored in plain text in settings. Prefer the command "Gerrit: Enter credentials" so the password is stored securely. This setting is still supported for scenarios where the command is not practical (e.g. devcontainers).',
+		},
+	},
+	'gerrit.auth.cookie': {
+		jsonDefinition: {
+			type: 'string',
+			title: 'Gerrit access token (or authentication cookie)',
+			description:
+				'Not recommended: stored in plain text in settings. Prefer the command "Gerrit: Enter credentials" so the value is stored securely. This can be the access token from Gerrit Settings → HTTP Credentials or the GerritAccount cookie. This setting is still supported for scenarios where the command is not practical (e.g. devcontainers).',
+		},
+	},
 	'gerrit.extraCookies': {
 		jsonDefinition: {
 			type: 'object',

src/lib/credentials/enterCredentials.ts

@@ -268,9 +268,9 @@ async function enterCookieCredentials(gerritRepo: Repository): Promise<void> {
 	const cookieStep = new MultiStepEntry({
 		placeHolder: '34-char-long alphanumeric string',
 		prompt: (stepper) =>
-			`Enter your Gerrit authentication cookie (go to ${
+			`Enter your Gerrit access token (or the GerritAccount cookie value: go to ${
 				stepper.values[0] ?? 'www.yourgerrithost.com'
-			} and copy the value of the GerritAccount cookie)`,
+			} and copy the GerritAccount cookie from your browser)`,
 		value: async (stepper) =>
 			(await GerritSecrets.getForUrlOrWorkspace(
 				'cookie',
@@ -312,7 +312,8 @@ async function enterCookieCredentials(gerritRepo: Repository): Promise<void> {
 			} else if (!(await connection.authenticated)) {
 				return {
 					isValid: false,
-					message: 'Authentication failed, invalid cookie,',
+					message:
+						'Authentication failed, invalid access token or cookie.',
 					buttons: [viewCurlCmd],
 				};
 			}
@@ -352,7 +353,9 @@ export async function enterCredentials(gerritRepo: Repository): Promise<void> {
 				label: 'Enter username and password',
 			},
 			{
-				label: 'Enter cookie',
+				label: 'Access token (or cookie)',
+				description:
+					'Same value as GerritAccount cookie or from Gerrit Settings → HTTP Credentials',
 			},
 		] as const,
 		{

src/lib/vscode/config.ts

@@ -49,12 +49,16 @@ export function initConfigListener(): void {
 	});
 }
 
-/** @deprecated */
+/**
+ * Configuration that includes auth settings stored in plain text (not recommended).
+ * Prefer "Gerrit: Enter credentials" for secure storage; these settings are still
+ * supported for cases like devcontainers where the command is not practical.
+ */
 export function getConfigurationWithLegacy(): TypedWorkspaceConfiguration<
 	ConfigSettings & {
-		/** @deprecated */
+		/** Not recommended: stored in plain text. Prefer the credentials command for secure storage. */
 		'gerrit.auth.password'?: string;
-		/** @deprecated */
+		/** Not recommended: stored in plain text. Prefer the credentials command for secure storage. */
 		'gerrit.auth.cookie'?: string;
 	}
 > {