New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cache token scope check failures #1871

Merged
merged 6 commits into from Jan 3, 2019

Conversation

2 participants
@smashwilson
Copy link
Member

smashwilson commented Jan 2, 2019

Please be sure to read the contributor's guide to the GitHub package before submitting any pull requests.

Requirements

  • Filling out the template is required. Any pull request that does not include enough information to be reviewed in a timely manner may be closed at the maintainers' discretion.
  • Suggestion: You can use checklists to keep track of progress for the sections on metrics, tests, documentation, and user research.

Description of the Change

I've changed GithubLoginModel to cache not just the set of successfully authenticated tokens, but also tokens that have resulted in authentication failures or those that don't have sufficient OAuth scopes to be used.

I did not cache tokens that fail the scope-check because the fetch call raised an error, to prevent us from remembering the failure from a transient network error (or a GitHub outage).

Alternate Designs

We may also be able to address this with careful handling of how GithubLoginModel::getToken() is called, ensuring that it's only ever retried when the token has actually changed. Fixing it within getToken() feels more robust.

Benefits

We will no longer lock users out with rate-limit errors when the token stored in your OS keychain is revoked or older than the last time that we've changed the required OAuth scopes.

Possible Drawbacks

The Map of checked tokens could, theoretically, grow without bound. For it to be an issue you'd need to revoke and regenerate tokens millions of times. I'm guessing that the GitHub API would become unhappy with you long before your RAM started to noticeably bloat.

Applicable Issues

Fixes #1868.

Metrics

N/A

Tests

I've added unit tests to GithubLoginModel to test the caching of various kinds of failures.

To test it manually, I'll:

  1. Add a console.log to trace each time we're doing the scope check.
  2. Generate a personal access token without the OAuth scopes that we need.
  3. Log out of the GitHub package.
  4. Log back in with the PAT.
  5. Verify that the "insufficient scopes" message shows up in the GitHub tab, but that the scope check only happens once.
  6. Revoke the PAT.
  7. Reload Atom.
  8. Verify that the "log in" message shows up in the GitHub tab, but that the scope check only happens once.

Documentation

N/A

Release Notes

  • Fixed an issue where the GitHub package would check your OAuth token scopes repeatedly if the token was invalid or had insufficient scopes.

User Experience Research (Optional)

N/A

smashwilson added some commits Jan 2, 2019

@codecov

This comment has been minimized.

Copy link

codecov bot commented Jan 2, 2019

Codecov Report

Merging #1871 into master will increase coverage by 0.06%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1871      +/-   ##
==========================================
+ Coverage   91.14%   91.21%   +0.06%     
==========================================
  Files         196      196              
  Lines       10745    10745              
  Branches     1575     1574       -1     
==========================================
+ Hits         9794     9801       +7     
+ Misses        951      944       -7
Impacted Files Coverage Δ
lib/shared/keytar-strategy.js 58.13% <100%> (+0.32%) ⬆️
lib/models/github-login-model.js 89.83% <100%> (+11.49%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c2da601...e8f41f1. Read the comment docs.

@smashwilson

This comment has been minimized.

Copy link
Member

smashwilson commented Jan 2, 2019

From manual testing - here's the call log from master:

before

And here's the call log from this branch:

after

We still have two duplicated HEAD requests; that's because we have two calls to getToken that are asynchronously interleaved, so the second doesn't see the cached result from the first. Two hits per Atom launch are still much better than two hits per any render whatsoever 😅

@smashwilson smashwilson requested a review from atom/github-package Jan 2, 2019

Stability Sprint : 20 November 2018 - 8 January 2019 : v0.24.0 automation moved this from In Progress 🔧 to QA Review 🔬 Jan 3, 2019

@vanessayuenn
Copy link
Contributor

vanessayuenn left a comment

@annthurium and I discussed to implement a mentionable user fallback for an insufficient token scope by loading the authors from last n commits instead of just showing nothing. But I would be happy to address this in another PR so we don't hold up release.

I left a question, but this otherwise LGTM 👍 .

Show resolved Hide resolved lib/models/github-login-model.js Outdated
@smashwilson

This comment has been minimized.

Copy link
Member

smashwilson commented Jan 3, 2019

@annthurium and I discussed to implement a mentionable user fallback for an insufficient token scope by loading the authors from last n commits instead of just showing nothing. But I would be happy to address this in another PR so we don't hold up release.

Yeah, this is kind of what I was thinking 😄 I'll file another issue for that so we don't lose track of it.

@smashwilson

This comment has been minimized.

Copy link
Member

smashwilson commented Jan 3, 2019

Filed as #1872.

@smashwilson smashwilson merged commit b7eab9c into master Jan 3, 2019

2 checks passed

codecov/patch 100% of diff hit (target 91.14%)
Details
codecov/project 91.21% (+0.06%) compared to c2da601
Details

Stability Sprint : 20 November 2018 - 8 January 2019 : v0.24.0 automation moved this from QA Review 🔬 to Merged ☑️ Jan 3, 2019

@smashwilson smashwilson deleted the aw/insufficient-token-loop branch Jan 3, 2019

@smashwilson smashwilson referenced this pull request Jan 3, 2019

Closed

v0.23-2 QA Review #1879

16 of 16 tasks complete

smashwilson added a commit that referenced this pull request Jan 4, 2019

Merge pull request #1871 from atom/aw/insufficient-token-loop
Cache token scope check failures

@smashwilson smashwilson referenced this pull request Jan 4, 2019

Closed

v0.23.2-0 QA Review #1883

5 of 5 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment