VSCode plugin support

[janthoXO]

Checklist

General

• I tested all changes and their related features with all corresponding user types on a test server.
• This is a small issue that I tested locally and was confirmed by another developer on a test server.
• Language: I followed the guidelines for inclusive, diversity-sensitive, and appreciative language.
• I chose a title conforming to the naming conventions for pull requests.

Server

• Important: I implemented the changes with a very good performance and prevented too many (unnecessary) database calls.
• I strictly followed the server coding and design guidelines.
• I added multiple integration tests (Spring) related to the features (with a high test coverage).
• I added pre-authorization annotations according to the guidelines and checked the course groups for all new REST Calls (security).
• I documented the Java code using JavaDoc style.

Client

• Important: I implemented the changes with a very good performance, prevented too many (unnecessary) REST calls and made sure the UI is responsive, even with large data.
• I strictly followed the client coding and design guidelines.
• Following the theming guidelines, I specified colors only in the theming variable files and checked that the changes look consistent in both the light and the dark theme.
• I added multiple integration tests (Jest) related to the features (with a high test coverage), while following the test guidelines.
• I added authorities to all new routes and checked the course groups for displaying navigation elements (links, buttons).
• I documented the TypeScript code using JSDoc style.
• I added multiple screenshots/screencasts of my UI changes.
• I translated all newly inserted strings into English and German.

Changes affecting Programming Exercises

• High priority: I tested all changes and their related features with all corresponding user types on a test server configured with the integrated lifecycle setup (LocalVC and LocalCI).
• I tested all changes and their related features with all corresponding user types on a test server configured with Gitlab and Jenkins.

Motivation and Context

Description

closes #8777 adjust config for cors
closes #8817 API support bearer token
closes #8876 fetching Problem-statement support bearer

Steps for Testing

Prerequisites:

• 1 Instructor
• 2 Students
• 1 Programming Exercise with Complaints enabled

1. Log in to Artemis
2. Navigate to Course Administration
3. ...

Exam Mode Testing

Prerequisites:

• 1 Instructor
• 2 Students
• 1 Exam with a Programming Exercise

1. Log in to Artemis
2. Participate in the exam as a student
3. Make sure that the UI of the programming exercise in the exam mode stays unchanged. You can use the exam mode documentation as reference.
4. ...

Testserver States

Note

These badges show the state of the test servers.
Green = Currently available, Red = Currently locked
Click on the badges to get to the test servers.

Review Progress

Performance Review

• I (as a reviewer) confirm that the client changes (in particular related to REST calls and UI responsiveness) are implemented with a very good performance
• I (as a reviewer) confirm that the server changes (in particular related to database calls) are implemented with a very good performance

Code Review

• Code Review 1
• Code Review 2

Manual Tests

• Test 1
• Test 2

Exam Mode Test

• Test 1
• Test 2

Test Coverage

Screenshots

[Hialus]

As this comment was not addressed in #8819 (and this is the PR which contains those changes now), I'll leave it here again so it is not lost/forgotten about:

From what I get you have a client that for some reason cannot read/set the "Set-Cookie/Cookie" headers, but can read the body or a response and set the "Authorization" Header. Every proper library for executing HTTP requests should be able to handle arbitrary headers nowadays.
Our various iOS/Android apps are also able to use the Cookie headers instead of the Authorization header. Adding a separate way of authentication just for a single client that happens to use a bad requesting library is not a good idea imo.

Edit: I see that Stephan has raised similar concerns in the linked issue, so maybe we can discuss this in the next dev meeting on monday.

[janthoXO]

As this comment was not addressed in #8819 (and this is the PR which contains those changes now), I'll leave it here again so it is not lost/forgotten about:

From what I get you have a client that for some reason cannot read/set the "Set-Cookie/Cookie" headers, but can read the body or a response and set the "Authorization" Header. Every proper library for executing HTTP requests should be able to handle arbitrary headers nowadays.
Our various iOS/Android apps are also able to use the Cookie headers instead of the Authorization header. Adding a separate way of authentication just for a single client that happens to use a bad requesting library is not a good idea imo.
Edit: I see that Stephan has raised similar concerns in the linked issue, so maybe we can discuss this in the next dev meeting on monday.

theres gonna be a discussion on monday concerning this issue

[janthoXO]

just for a single client that happens to use a bad requesting library is not a good idea imo.

but to answer that its just the fetch API which is able to handle cookies. the problem is though that vscode plugins dont support cookie nor local storage

[Hialus]

just for a single client that happens to use a bad requesting library is not a good idea imo.

but to answer that its just the fetch API which is able to handle cookies. the problem is though that vscode plugins dont support cookie nor local storage

I've looked into the fetch docs and it provides the response.headers.get(String) method for getting response headers (and various ways to also create headers). Therefore I do not see why it shouldn't be possible to just read and write the proper cookie headers manually. I've done much the same with Pythons requests library in the past. Your library does not need to provide first party cookie support for you to use cookies, as cookies are just headers in HTTP.

[janthoXO]

I've looked into the fetch docs and it provides the response.headers.get(String) method

It indeed does provide this method. But still if you call the method or in general print all headers the set cookie header is still missing

[janthoXO]

Screen.Recording.2024-06-22.at.16.32.17.mov

thats a request on the {base_url}/api/public/authenticate endpoint

[Hialus]

According to several online sources it seems like you have to set the credentials param to include or same-origin for the fetch api to enable cookies.
So like this:

fetch(url, {
  credentials: 'include'
})

[janthoXO]

According to several online sources it seems like you have to set the credentials param to include or same-origin for the fetch api to enable cookies. So like this:

fetch(url, {
  credentials: 'include'
})

I'm aware that the fetch API does support cookies. But the vscode extension environment does not. So cookies wont work in a VSCode extension.