Fix CES survey auth to be non-blocking (#1527)

Suppress blocking CES survey auth failures so extension integration and
feedback paths continue when CES service principal is disabled.

Co-authored-by: Amit Joshi <amitjoshi@microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: 3 people

src/common/copilot/user-feedback/CESSurvey.ts

@@ -24,6 +24,15 @@ export async function CESUserFeedback(context: vscode.ExtensionContext, sessionI
         feedbackPanel.dispose();
     }
 
+    const apiToken: string = await npsAuthentication(SurveyConstants.AUTHORIZATION_ENDPOINT, true);
+
+    if (!apiToken) {
+        sendTelemetryEvent({ eventName: CopilotUserFeedbackFailureEvent, feedbackType: thumbType, copilotSessionId: sessionId, error: new Error(ERROR_CONSTANTS.NPS_FAILED_AUTH) });
+        return;
+    }
+
+    sendTelemetryEvent({ eventName: CopilotNpsAuthenticationCompleted, feedbackType: thumbType, copilotSessionId: sessionId });
+
     feedbackPanel = createFeedbackPanel(context);
 
     feedbackPanel.webview.postMessage({ type: "thumbType", value: thumbType });
@@ -36,14 +45,6 @@ export async function CESUserFeedback(context: vscode.ExtensionContext, sessionI
 
     const feedbackData = initializeFeedbackData(sessionId, vscode.env.uiKind === vscode.UIKind.Web, geoName, messageScenario, tenantId);
 
-    const apiToken: string = await npsAuthentication(SurveyConstants.AUTHORIZATION_ENDPOINT);
-
-    if (apiToken) {
-        sendTelemetryEvent({ eventName: CopilotNpsAuthenticationCompleted, feedbackType: thumbType, copilotSessionId: sessionId });
-    } else {
-        sendTelemetryEvent({ eventName: CopilotUserFeedbackFailureEvent, feedbackType: thumbType, copilotSessionId: sessionId, error: new Error(ERROR_CONSTANTS.NPS_FAILED_AUTH) });
-    }
-
     const endpointUrl = useEUEndpoint(geoName) ? `https://europe.ces.microsoftcloud.com/api/v1/portalsdesigner/Surveys/powerpageschatgpt/Feedbacks?userId=${userID}` :
         `https://world.ces.microsoftcloud.com/api/v1/portalsdesigner/Surveys/powerpageschatgpt/Feedbacks?userId=${userID}`;
 

src/common/services/AuthenticationProvider.ts

@@ -172,7 +172,8 @@ export async function dataverseAuthentication(
 }
 
 export async function npsAuthentication(
-    cesSurveyAuthorizationEndpoint: string
+    cesSurveyAuthorizationEndpoint: string,
+    silentOnly = false
 ): Promise<string> {
     let accessToken = "";
     sendTelemetryEvent(
@@ -184,7 +185,7 @@ export async function npsAuthentication(
             [cesSurveyAuthorizationEndpoint, SCOPE_OPTION_OFFLINE_ACCESS],
             { silent: true }
         );
-        if (!session) {
+        if (!session && !silentOnly) {
             session = await vscode.authentication.getSession(
                 PROVIDER_ID,
                 [cesSurveyAuthorizationEndpoint, SCOPE_OPTION_OFFLINE_ACCESS],
@@ -199,16 +200,20 @@ export async function npsAuthentication(
             { eventName: VSCODE_EXTENSION_NPS_AUTHENTICATION_COMPLETED }
         );
     } catch (error) {
-        showErrorDialog(
-            vscode.l10n.t(
-                "Authorization Failed. Please run again to authorize it"
-            ),
-            vscode.l10n.t("There was a permissions problem with the server")
-        );
+        const errorMessage = (error as Error).message ?? "";
+        const isCesSurveyServicePrincipalDisabledError = errorMessage.includes("AADSTS500014");
+        if (!silentOnly && !isCesSurveyServicePrincipalDisabledError) {
+            showErrorDialog(
+                vscode.l10n.t(
+                    "Authorization Failed. Please run again to authorize it"
+                ),
+                vscode.l10n.t("There was a permissions problem with the server")
+            );
+        }
         sendTelemetryEvent(
             {
                 eventName: VSCODE_EXTENSION_NPS_AUTHENTICATION_FAILED,
-                errorMsg: (error as Error).message
+                errorMsg: errorMessage
             }
         );
     }

src/web/client/services/NPSService.ts

@@ -66,10 +66,17 @@ export class NPSService {
         try {
 
             const baseApiUrl = this.getNpsSurveyEndpoint();
-            const accessToken: string = await npsAuthentication(SurveyConstants.AUTHORIZATION_ENDPOINT);
+            const accessToken: string = await npsAuthentication(SurveyConstants.AUTHORIZATION_ENDPOINT, true);
 
             if (accessToken) {
                 WebExtensionContext.telemetry.sendInfoTelemetry(webExtensionTelemetryEventNames.WEB_EXTENSION_NPS_AUTHENTICATION_COMPLETED);
+            } else {
+                WebExtensionContext.telemetry.sendErrorTelemetry(
+                    webExtensionTelemetryEventNames.WEB_EXTENSION_NPS_AUTHENTICATION_FAILED,
+                    this.setEligibility.name,
+                    "CES survey authentication failed or unavailable"
+                );
+                return;
             }
 
             // eslint-disable-next-line @typescript-eslint/no-explicit-any

src/web/client/test/integration/AuthenticationProvider.test.ts

@@ -8,12 +8,13 @@ import { expect } from "chai";
 import {
     dataverseAuthentication,
     getCommonHeaders,
+    npsAuthentication,
 } from "../../../../common/services/AuthenticationProvider";
 import vscode from "vscode";
 import * as errorHandler from "../../../../common/utilities/errorHandlerUtil";
 import { oneDSLoggerWrapper } from "../../../../common/OneDSLoggerTelemetry/oneDSLoggerWrapper";
 import * as copilotTelemetry from "../../../../common/copilot/telemetry/copilotTelemetry";
-import { VSCODE_EXTENSION_DATAVERSE_AUTHENTICATION_FAILED } from "../../../../common/services/TelemetryConstants";
+import { VSCODE_EXTENSION_DATAVERSE_AUTHENTICATION_FAILED, VSCODE_EXTENSION_NPS_AUTHENTICATION_FAILED } from "../../../../common/services/TelemetryConstants";
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 let traceError: any
@@ -122,4 +123,41 @@ describe("Authentication Provider", () => {
         expect(result.accessToken).empty;
         expect(result.userId).empty;
     });
+
+    it("npsAuthentication_whenSilentOnlyAndNoSession_shouldNotShowErrorDialog", async () => {
+        const _mockgetSession = sinon
+            .stub(await vscode.authentication, "getSession")
+            .resolves(undefined);
+
+        const showErrorDialog = sinon.spy(errorHandler, "showErrorDialog");
+        const sendTelemetryEvent = sinon.spy(copilotTelemetry, "sendTelemetryEvent");
+
+        const result = await npsAuthentication("https://microsoft.onmicrosoft.com/cessurvey/user", true);
+
+        sinon.assert.calledOnce(_mockgetSession);
+        sinon.assert.notCalled(showErrorDialog);
+        sinon.assert.calledTwice(sendTelemetryEvent);
+        expect(result).empty;
+    });
+
+    it("npsAuthentication_whenAadsts500014_shouldSuppressErrorDialog", async () => {
+        const errorMessage = "AADSTS500014: The service principal for resource 'https://microsoft.onmicrosoft.com/cessurvey' is disabled.";
+        const _mockgetSession = sinon
+            .stub(await vscode.authentication, "getSession")
+            .throws(new Error(errorMessage));
+
+        const showErrorDialog = sinon.spy(errorHandler, "showErrorDialog");
+        const sendTelemetryEvent = sinon.spy(copilotTelemetry, "sendTelemetryEvent");
+
+        const result = await npsAuthentication("https://microsoft.onmicrosoft.com/cessurvey/user");
+
+        sinon.assert.calledOnce(_mockgetSession);
+        sinon.assert.notCalled(showErrorDialog);
+        sinon.assert.calledTwice(sendTelemetryEvent);
+        sinon.assert.calledWith(sendTelemetryEvent, {
+            eventName: VSCODE_EXTENSION_NPS_AUTHENTICATION_FAILED,
+            errorMsg: errorMessage
+        });
+        expect(result).empty;
+    });
 });