git-webkit setup should allow changing the credentials

https://bugs.webkit.org/show_bug.cgi?id=235297
<rdar://problem/87988794>

Reviewed by Dewei Zhu.

* Tools/Scripts/libraries/webkitbugspy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitbugspy/webkitbugspy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitbugspy/webkitbugspy/bugzilla.py:
(Tracker.credentials): Pass validater into webkitscmpy.credentials if caller requests validation.
* Tools/Scripts/libraries/webkitbugspy/webkitbugspy/github.py:
(Tracker.credentials): Pass validater into webkitscmpy.credentials if caller requests validation.
* Tools/Scripts/libraries/webkitcorepy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/credentials.py:
(credentials): Allow caller to provide a callback which will validate credentials to ensure
they work, re-prompt user if credentials fail validation.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/setup.py:
(Setup.git): Request validation of GitHub credentials.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/git_hub.py:
(GitHub.credentials): Pass validation flag.


Canonical link: https://commits.webkit.org/247173@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289687 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Tools/ChangeLog

@@ -1,3 +1,29 @@
+2022-02-08  Jonathan Bedard  <jbedard@apple.com>
+
+        git-webkit setup should allow changing the credentials
+        https://bugs.webkit.org/show_bug.cgi?id=235297
+        <rdar://problem/87988794>
+
+        Reviewed by Dewei Zhu.
+
+        * Scripts/libraries/webkitbugspy/setup.py: Bump version.
+        * Scripts/libraries/webkitbugspy/webkitbugspy/__init__.py: Ditto.
+        * Scripts/libraries/webkitbugspy/webkitbugspy/bugzilla.py:
+        (Tracker.credentials): Pass validater into webkitscmpy.credentials if caller requests validation.
+        * Scripts/libraries/webkitbugspy/webkitbugspy/github.py:
+        (Tracker.credentials): Pass validater into webkitscmpy.credentials if caller requests validation.
+        * Scripts/libraries/webkitcorepy/setup.py: Bump version.
+        * Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py: Ditto.
+        * Scripts/libraries/webkitcorepy/webkitcorepy/credentials.py:
+        (credentials): Allow caller to provide a callback which will validate credentials to ensure
+        they work, re-prompt user if credentials fail validation.
+        * Scripts/libraries/webkitscmpy/webkitscmpy/program/setup.py:
+        (Setup.git): Request validation of GitHub credentials.
+        * Scripts/libraries/webkitscmpy/setup.py: Bump version.
+        * Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
+        * Scripts/libraries/webkitscmpy/webkitscmpy/remote/git_hub.py:
+        (GitHub.credentials): Pass validation flag.
+
 2022-02-09  Jonathan Bedard  <jbedard@apple.com>
 
         [git-webkit] Link issue to pull requests

Tools/Scripts/libraries/webkitbugspy/setup.py

@@ -30,7 +30,7 @@ def readme():
 
 setup(
     name='webkitbugspy',
-    version='0.3.2',
+    version='0.3.3',
     description='Library containing a shared API for various bug trackers.',
     long_description=readme(),
     classifiers=[

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/__init__.py

@@ -46,7 +46,7 @@ def _maybe_add_library_path(path):
         "Please install webkitcorepy with `pip install webkitcorepy --extra-index-url <package index URL>`"
     )
 
-version = Version(0, 3, 2)
+version = Version(0, 3, 3)
 
 from .user import User
 from .issue import Issue

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/bugzilla.py

@@ -110,11 +110,19 @@ def from_string(self, string):
                 return self.issue(int(match.group('id')))
         return None
 
-    def credentials(self, required=True):
+    def credentials(self, required=True, validate=False):
+        def validater(username, password):
+            response = requests.get('{}/rest/user/{}?login={}&password={}'.format(self.url, username, username, password))
+            if response.status_code == 200:
+                return True
+            sys.stderr.write('Login to {} for {} failed\n'.format(self.url, username))
+            return False
+
         return webkitcorepy.credentials(
             url=self.url,
             required=required,
             prompt=self.url.split('//')[-1],
+            validater=validater if validate else None,
         )
 
     def _login_arguments(self, required=False, query=None):

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/github.py

@@ -86,27 +86,33 @@ def from_string(self, string):
                 return self.issue(int(match.group('id')))
         return None
 
-    def credentials(self, required=True):
+    def credentials(self, required=True, validate=False):
+        def validater(username, access_token):
+            if '@' in username:
+                sys.stderr.write("Provided username contains an '@' symbol. Please make sure to enter your GitHub username, not an email associated with the account\n")
+                return False
+            response = requests.get(
+                '{}/user'.format(self.api_url),
+                headers=dict(Accept='application/vnd.github.v3+json'),
+                auth=HTTPBasicAuth(username, access_token),
+            )
+            if response.status_code == 200 and response.json().get('login') == username:
+                return True
+            sys.stderr.write('Login to {} for {} failed\n'.format(self.api_url, username))
+            return False
+
         hostname = self.url.split('/')[2]
-        args = dict(
+        return webkitcorepy.credentials(
             url=self.api_url,
             required=required,
             name=self.url.split('/')[2].replace('.', '_').upper(),
             prompt='''GitHub's API
 Please go to https://{host}/settings/tokens/new and generate a new 'Personal access token' via 'Developer settings'
 with 'repo' and 'workflow' access and appropriate 'Expiration' for your {host} user'''.format(host=hostname),
             key_name='token',
+            validater=validater if validate else None,
         )
 
-        username, token = webkitcorepy.credentials(**args)
-        if username and '@' in username:
-            sys.stderr.write("Provided username contains an '@' symbol. Please make sure to enter your GitHub username, not an email associated with the account\n")
-            webkitcorepy.delete_credentials(url=args['url'], name=args['name'])
-            username, token = webkitcorepy.credentials(**args)
-        if username and '@' in username:
-            raise ValueError("GitHub usernames cannot have '@' in them")
-        return username, token
-
     def request(self, path=None, params=None, headers=None, authenticated=None, paginate=True):
         headers = {key: value for key, value in headers.items()} if headers else dict()
         headers['Accept'] = headers.get('Accept', 'application/vnd.github.v3+json')

Tools/Scripts/libraries/webkitcorepy/setup.py

@@ -30,7 +30,7 @@ def readme():
 
 setup(
     name='webkitcorepy',
-    version='0.12.9',
+    version='0.13.0',
     description='Library containing various Python support classes and functions.',
     long_description=readme(),
     classifiers=[

Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py

@@ -44,7 +44,7 @@
 from webkitcorepy.editor import Editor
 from webkitcorepy.file_lock import FileLock
 
-version = Version(0, 12, 10)
+version = Version(0, 13, 0)
 
 from webkitcorepy.autoinstall import Package, AutoInstall
 if sys.version_info > (3, 0):

Tools/Scripts/libraries/webkitcorepy/webkitcorepy/credentials.py

@@ -24,12 +24,12 @@
 import sys
 
 from subprocess import CalledProcessError
-from webkitcorepy import Environment, OutputCapture, Terminal
+from webkitcorepy import Environment, OutputCapture, Terminal, string_utils
 
 _cache = dict()
 
 
-def credentials(url, required=True, name=None, prompt=None, key_name='password'):
+def credentials(url, required=True, name=None, prompt=None, key_name='password', validater=None, retry=3):
     global _cache
 
     name = name or url.split('/')[2].replace('.', '_')
@@ -51,36 +51,49 @@ def credentials(url, required=True, name=None, prompt=None, key_name='password')
 
     username_prompted = False
     key_prompted = False
-    if not username:
-        try:
-            if keyring:
-                username = keyring.get_password(url, 'username')
-        except (RuntimeError, AttributeError):
-            pass
 
-        if not username and required:
-            if not sys.stderr.isatty() or not sys.stdin.isatty():
-                raise OSError('No tty to prompt user for username')
-            sys.stderr.write("Authentication required to use {}\n".format(prompt or name))
-            sys.stderr.write('Username: ')
-            username = Terminal.input()
-            username_prompted = True
+    for attempt in range(retry):
+        if attempt:
+            sys.stderr.write('Ignoring keychain values and re-prompting user\n')
+        if not username:
+            try:
+                if keyring and not attempt:
+                    username = keyring.get_password(url, 'username')
+            except (RuntimeError, AttributeError):
+                pass
 
-    if not key:
-        try:
-            if keyring:
-                key = keyring.get_password(url, username)
-        except (RuntimeError, AttributeError):
-            pass
+            if not username and required:
+                if not sys.stderr.isatty() or not sys.stdin.isatty():
+                    raise OSError('No tty to prompt user for username')
+                sys.stderr.write("Authentication required to use {}\n".format(prompt or name))
+                sys.stderr.write('Username: ')
+                username = Terminal.input()
+                username_prompted = True
 
-        if not key and required:
-            if not sys.stderr.isatty() or not sys.stdin.isatty():
-                raise OSError('No tty to prompt user for username')
-            key = getpass.getpass('{}: '.format(key_name.capitalize()))
-            key_prompted = True
+        if not key:
+            try:
+                if keyring and not attempt:
+                    key = keyring.get_password(url, username)
+            except (RuntimeError, AttributeError):
+                pass
 
-    if username and key:
-        _cache[name] = (username, key)
+            if not key and required:
+                if not sys.stderr.isatty() or not sys.stdin.isatty():
+                    raise OSError('No tty to prompt user for username')
+                key = getpass.getpass('{}: '.format(key_name.capitalize()))
+                key_prompted = True
+
+        if username and key and (not validater or validater(username, key)):
+            _cache[name] = (username, key)
+            break
+
+        username = None
+        key = None
+        sys.stderr.write("Failed to validate credentials for '{}' ({} attempt)\n".format(url, string_utils.ordinal(attempt + 1)))
+
+    if not username or not key:
+        sys.stderr.write("Exhausted attempts to prompt user for '{}' credentials\n".format(url))
+        sys.exit(1)
 
     if keyring and (username_prompted or key_prompted):
         if Terminal.choose(

Tools/Scripts/libraries/webkitscmpy/setup.py

@@ -29,7 +29,7 @@ def readme():
 
 setup(
     name='webkitscmpy',
-    version='4.1.3',
+    version='4.1.4',
     description='Library designed to interact with git and svn repositories.',
     long_description=readme(),
     classifiers=[

Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py

@@ -46,7 +46,7 @@ def _maybe_add_webkitcorepy_path():
         "Please install webkitcorepy with `pip install webkitcorepy --extra-index-url <package index URL>`"
     )
 
-version = Version(4, 1, 3)
+version = Version(4, 1, 4)
 
 AutoInstall.register(Package('fasteners', Version(0, 15, 0)))
 AutoInstall.register(Package('jinja2', Version(2, 11, 3)))

Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/setup.py

@@ -251,7 +251,7 @@ def git(cls, args, repository, additional_setup=None, hooks=None, **kwargs):
         if code:
             return result
 
-        username, _ = rmt.credentials(required=True)
+        username, _ = rmt.credentials(required=True, validate=True)
         log.info("Adding forked remote as '{}' and 'fork'...".format(username))
         url = repository.url()
 

Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/git_hub.py

@@ -272,8 +272,8 @@ def __init__(self, url, dev_branches=None, prod_branches=None, contributors=None
                 users.create(contributor.name, contributor.github, contributor.emails)
         self.tracker = Tracker(url, users=users)
 
-    def credentials(self, required=True):
-        return self.tracker.credentials(required=required)
+    def credentials(self, required=True, validate=False):
+        return self.tracker.credentials(required=required, validate=validate)
 
     @property
     def is_git(self):