New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: Enable github two-factor authentication; fixes #5252 #6668
Conversation
@aviks, when you have the chance, would you be able to test this PR? |
Ah, yes, will do imminently. |
Can we include the host name in the description of the token, so we can have it on different machines? That must work somehow since |
That would be amazing, but I have no idea how to do it. Where did you find documentation on this? |
Actually you can just share the token (haven't tested yet, but will submit as PR after I have). I did verify using curl that it can work though. Sorry @kmsquire if this adds more work to this PR.
|
No worries. I'll update this one once your PR is merged. |
Bump – this would be awesome to get merged. |
+:100: would love to see this merged! current behavior is very annoying for those of us required by our employers to have 2FA on :disappointed: |
507cba7
to
e5eaf80
Compare
Well, two-factor authentication works now, but it's kind of ugly. If all we care about is a working solution, this can be merged. If someone wants to improve it, please do! The current situation:
It's possible to shift the burden around slightly, but not much, AFAICT. Mostly this is a consequence of calling curl. Possible solutions:
|
I would argue that an ugly solution is better than no solution. We can merge now and improve later. |
Can't you feed |
I'm not sure. I have the impression that it's a little more complicated than that, since curl (and similar utilities, e.g.ssh, etc) do a bit of work to prompt you for your password. And there's also no easy way to actually prompt for a password and not have it echo to the screen on all platforms. (Or at least I couldn't find one.). The standard library functions ( I'm wondering how anyone solves this in a cross platform manner! |
Anyway, I'll merge a little later if no one else does first. |
RFC: Enable github two-factor authentication; fixes #5252
@StefanKarpinski, yes, you can actually send the password to curl via STDIN, if you use |
I was getting annoyed at having to disable two-factor authentication to run
Pkg.publish()
. Here's an attempt at fixing that.Remaining issues:
2. For the second password prompt, enter has to be pressed twice(!) (major)Regarding 2, which is the main annoyance, I'm stumped. I'm guessing some interaction between the repl and the spawned process is not letting curl see one of the return characters. Or maybe running the same process twice is causing issues.Edit: I just had to reauthenticate, and found that on latest master, this is no longer a problem (or at least it worked this time without having to press enter twice.
Since authenticating twice seems like a minor price to pay for having two-factor auth enabled, I think this can be merged (although I would appreciate someone else testing).
Cc: @StefanKarpinski, @aviks