Token auth check (#3855)

* fix

Signed-off-by: jace-roell <[email protected]>

* avoid duplicate entires

Signed-off-by: jace-roell <[email protected]>

* update profiles tests

Signed-off-by: jace-roell <[email protected]>

* changelog

Signed-off-by: jace-roell <[email protected]>

* unused import

Signed-off-by: jace-roell <[email protected]>

* fix case of original chlid path not being checked

Signed-off-by: jace-roell <[email protected]>

* optimize path building

Signed-off-by: jace-roell <[email protected]>

---------

Signed-off-by: jace-roell <[email protected]>
Signed-off-by: Jace Roell <[email protected]>

Author: jace-roell

packages/zowe-explorer/CHANGELOG.md

@@ -11,6 +11,7 @@ All notable changes to the "vscode-extension-for-zowe" extension will be documen
 
 ### Bug fixes
 
+- Fixed regression where a profile was incorrectly detected as using basic authentication, specifically when `tokenValue` was set in the secure array of a parent profile or a default base profile instead of a service profile. [#3855](https://github.com/zowe/zowe-explorer-vscode/pull/3855)
 - Fixed an issue where secure credentials and headers were being logged to the Zowe logger and VSCode output channel. [#3848](https://github.com/zowe/zowe-explorer-vscode/pull/3848)
 - Updated Zowe SDKs to `8.27.0` for technical currency. [#3848](https://github.com/zowe/zowe-explorer-vscode/pull/3848)
 

packages/zowe-explorer/__tests__/__unit__/configuration/Profiles.unit.test.ts

@@ -854,6 +854,199 @@ describe("Profiles Unit Tests - function deleteProfile", () => {
     });
 });
 
+describe("Profiles Unit Tests - function profileHasSecureToken", () => {
+    const globalMocks = createGlobalMocks();
+
+    const environmentSetup = (globalMocks): void => {
+        globalMocks.testProfile.profile.password = null;
+        globalMocks.testProfile.profile.tokenType = "";
+        Object.defineProperty(Profiles.getInstance(), "profilesForValidation", {
+            value: [
+                {
+                    name: "sestest",
+                    message: "",
+                    type: "",
+                    status: "active",
+                    failNotFound: false,
+                },
+            ],
+            configurable: true,
+        });
+        Object.defineProperty(Profiles.getInstance(), "profilesValidationSetting", {
+            value: [
+                {
+                    name: "otherSestest",
+                    setting: false,
+                },
+            ],
+            configurable: true,
+        });
+    };
+
+    beforeEach(() => {
+        jest.clearAllMocks();
+        environmentSetup(globalMocks);
+    });
+
+    it("should extract parent profiles", async () => {
+        Object.defineProperty(Constants, "PROFILES_CACHE", { value: "test4" });
+        jest.spyOn(Profiles.getInstance(), "getProfileInfo").mockResolvedValue({
+            getTeamConfig: () => ({
+                api: {
+                    profiles: {
+                        getProfilePathFromName: () => "profiles.test1.profiles.test2.profiles.test3",
+                    },
+                    secure: {
+                        secureFields: () => ["test1.test2.test3"],
+                    },
+                },
+            }),
+            isSecured: () => true,
+        } as any);
+        jest.spyOn(Profiles.getInstance(), "getDefaultProfile").mockReturnValue({} as any);
+        expect((Profiles.getInstance() as any).profileHasSecureToken("test1.test2.test3")).toBeTruthy();
+    });
+
+    it("should return false when no secure fields match any profile paths", async () => {
+        Object.defineProperty(Constants, "PROFILES_CACHE", { value: { getDefaultProfile: () => null } });
+        jest.spyOn(Profiles.getInstance(), "getProfileInfo").mockResolvedValue({
+            getTeamConfig: () => ({
+                api: {
+                    profiles: {
+                        getProfilePathFromName: () => "profiles.test1.profiles.test2",
+                    },
+                    secure: {
+                        secureFields: () => ["someother.field.tokenValue"],
+                    },
+                },
+            }),
+            isSecured: () => true,
+        } as any);
+
+        const result = await (Profiles.getInstance() as any).profileHasSecureToken({ name: "test2" });
+        expect(result).toBeFalsy();
+    });
+
+    it("should return true when base profile has secure token", async () => {
+        const mockBaseProfile = { name: "base" };
+        Object.defineProperty(Constants, "PROFILES_CACHE", {
+            value: { getDefaultProfile: () => mockBaseProfile },
+        });
+
+        jest.spyOn(Profiles.getInstance(), "getProfileInfo").mockResolvedValue({
+            getTeamConfig: () => ({
+                api: {
+                    profiles: {
+                        getProfilePathFromName: (name) => {
+                            if (name === "base") return "profiles.base";
+                            return "profiles.test1.profiles.test2";
+                        },
+                    },
+                    secure: {
+                        secureFields: () => ["profiles.base.properties.tokenValue"],
+                    },
+                },
+            }),
+            isSecured: () => true,
+        } as any);
+
+        const result = await (Profiles.getInstance() as any).profileHasSecureToken({ name: "test2" });
+        expect(result).toBeTruthy();
+    });
+
+    it("should handle empty secure fields array", async () => {
+        Object.defineProperty(Constants, "PROFILES_CACHE", { value: { getDefaultProfile: () => null } });
+        jest.spyOn(Profiles.getInstance(), "getProfileInfo").mockResolvedValue({
+            getTeamConfig: () => ({
+                api: {
+                    profiles: {
+                        getProfilePathFromName: () => "profiles.test1.profiles.test2",
+                    },
+                    secure: {
+                        secureFields: () => [],
+                    },
+                },
+            }),
+            isSecured: () => true,
+        } as any);
+
+        const result = await (Profiles.getInstance() as any).profileHasSecureToken({ name: "test2" });
+        expect(result).toBeFalsy();
+    });
+
+    it("should handle complex nested profile hierarchy", async () => {
+        Object.defineProperty(Constants, "PROFILES_CACHE", { value: { getDefaultProfile: () => null } });
+        jest.spyOn(Profiles.getInstance(), "getProfileInfo").mockResolvedValue({
+            getTeamConfig: () => ({
+                api: {
+                    profiles: {
+                        getProfilePathFromName: () => "profiles.level1.profiles.level2.profiles.level3.profiles.level4",
+                    },
+                    secure: {
+                        secureFields: () => ["profiles.level1.profiles.level2.properties.tokenValue", "other.field"],
+                    },
+                },
+            }),
+            isSecured: () => true,
+        } as any);
+
+        const result = await (Profiles.getInstance() as any).profileHasSecureToken({ name: "level4" });
+        expect(result).toBeTruthy();
+    });
+
+    it("should not include duplicate paths in allPaths array", async () => {
+        Object.defineProperty(Constants, "PROFILES_CACHE", { value: { getDefaultProfile: () => null } });
+        const secureFieldsSpy = jest.fn().mockReturnValue(["profiles.test1.properties.tokenValue"]);
+
+        jest.spyOn(Profiles.getInstance(), "getProfileInfo").mockResolvedValue({
+            getTeamConfig: () => ({
+                api: {
+                    profiles: {
+                        getProfilePathFromName: () => "profiles.test1.profiles.test1", // duplicate segment
+                    },
+                    secure: {
+                        secureFields: secureFieldsSpy,
+                    },
+                },
+            }),
+            isSecured: () => true,
+        } as any);
+
+        const result = await (Profiles.getInstance() as any).profileHasSecureToken({ name: "test1" });
+
+        // Should still work correctly even with duplicate segments
+        expect(result).toBeTruthy();
+        expect(secureFieldsSpy).toHaveBeenCalledTimes(1);
+    });
+
+    it("should handle base profile when it matches an existing path", async () => {
+        const mockBaseProfile = { name: "test1" };
+        Object.defineProperty(Constants, "PROFILES_CACHE", {
+            value: { getDefaultProfile: () => mockBaseProfile },
+        });
+
+        jest.spyOn(Profiles.getInstance(), "getProfileInfo").mockResolvedValue({
+            getTeamConfig: () => ({
+                api: {
+                    profiles: {
+                        getProfilePathFromName: (name) => {
+                            if (name === "test1") return "profiles.test1";
+                            return "profiles.test1.profiles.test2";
+                        },
+                    },
+                    secure: {
+                        secureFields: () => ["profiles.test1.properties.tokenValue"],
+                    },
+                },
+            }),
+            isSecured: () => true,
+        } as any);
+
+        const result = await (Profiles.getInstance() as any).profileHasSecureToken({ name: "test2" });
+        expect(result).toBeTruthy();
+    });
+});
+
 describe("Profiles Unit Tests - function checkCurrentProfile", () => {
     const environmentSetup = (globalMocks): void => {
         globalMocks.testProfile.profile.password = null;

packages/zowe-explorer/src/configuration/Profiles.ts

@@ -102,13 +102,49 @@ export class Profiles extends ProfilesCache {
      * Checks if the profile has a secure token.
      * Note: This is a workaround to maintain backward compatibility.
      * @param theProfile - The profile to check.
-     * @returns True if the profile has a secure token, false otherwise.
+     * @returns True if the profile, a parent on the profile, or the default base profile has a secure token, false otherwise.
      */
     private async profileHasSecureToken(theProfile: imperative.IProfileLoaded): Promise<boolean> {
         const teamConfig = (await this.getProfileInfo()).getTeamConfig();
         const profName = teamConfig.api.profiles.getProfilePathFromName(theProfile.name);
-        const tokenValue = profName + ".properties.tokenValue";
-        return teamConfig.api.secure.secureFields().includes(tokenValue);
+
+        const getCumulativePaths = (profName: string): string[] => {
+            const parts = profName.split(".profiles.");
+            return parts.slice(1).reduce(
+                (acc, part) => {
+                    const previousPath = acc.length > 0 ? acc[acc.length - 1] : parts[0];
+                    const currentPath = `${previousPath}.profiles.${part}`;
+                    acc.push(currentPath);
+                    return acc;
+                },
+                [parts[0]]
+            );
+        };
+
+        const paths = getCumulativePaths(profName);
+
+        // Add all intermediate paths by working backwards
+        const allPaths: string[] = [];
+        for (const path of paths) {
+            const segments = path.split(".profiles.");
+            for (let j = 1; j <= segments.length; j++) {
+                const subPath = segments.slice(0, j).join(".profiles.");
+                if (!allPaths.includes(subPath)) {
+                    allPaths.push(subPath);
+                }
+            }
+        }
+
+        const defaultBase = Constants.PROFILES_CACHE.getDefaultProfile?.("base");
+        const profilePath = defaultBase && teamConfig.api.profiles.getProfilePathFromName(defaultBase.name);
+        if (profilePath && !allPaths.includes(profilePath)) {
+            allPaths.push(profilePath);
+        }
+        if (!allPaths.includes(profName)) {
+            allPaths.push(profName);
+        }
+
+        return allPaths.some((path) => teamConfig.api.secure.secureFields().includes(path + ".properties.tokenValue"));
     }
 
     public async checkCurrentProfile(theProfile: imperative.IProfileLoaded, node?: Types.IZoweNodeType): Promise<Validation.IValidationProfile> {