auth status

[vilmibm]

This PR adds gh auth status.

Bad states:

Good state:

If GITHUB_TOKEN is specified in the environment, a single status check is done against it:

bad:

~/s/cli (auth-status|✔) $ env GITHUB_TOKEN=REDACTED ghd auth status --hostname tilde.town
X tilde.town: authentication failed

good:

~/s/cli (auth-status|✔) [1] $ env GITHUB_TOKEN=REDACTED ghd auth status
✓ token valid for github.com as vilmibm

I added --hostname; if specified, just that host is checked (either against GITHUB_TOKEN or the token from the config).

Part of #1413

[mislav]

This looks good so far! One tiny but important request: when authentication fails, would this command give you the instructions on how to fix the problem? That's what I imagined the whole point of the command to be.

For example (rough sketch):

# credentials from hosts.yml
$ gh auth status
github.com: authentication failed
The currently stored token has expired. To re-authenticate, run `gh auth login -h github.com`

# credentials from GITHUB_TOKEN
$ gh auth status
github.com: authentication failed
The token in your GITHUB_TOKEN environment variable is invalid. Generate a new token at
https://github.com/settings/tokens and give it "repo", "read:org", and "gist" scopes.

My experience with hub is that often people set GITHUB_TOKEN in their environment and forget about it until the token expires and suddenly none of the commands work anymore. They try to check their credentials in ~/.config/hub and those might be fine, but only later they discover they had an environment variable too. So I'm thinking that our error messages should ideally be explicit about where the token came from in the first place.

Also, would the command list the preferred git clone protocol for each host, or is that planned as follow-up?

[vilmibm]

Here's status with helpful instructions:

For missing scopes I added instruction to run gh auth refresh though that doesn't exist yet.

[ampinsk]

@vilmibm and I worked through some design changes for the output, and came up with this!

[vilmibm]

discussion from sync: have status "print" tokens with *** and accept a flag to show the token.

users may still want to view their tokens in order to authenticate in some other, headless environment. printing the token means they don't have to open the config file or depend on the gh config get oauth_token invocation (since the key name might change at some point).

[mislav]

Just nits; but overall looks great 🏆

[vilmibm]

@ampinsk Updated the formatting!

(...i ran auth refresh...)

[vilmibm]

NB: I opened a new issue for the token printing behavior instead of tacking that into this already-reviewed PR: #1514

[ampinsk]

@vilmibm looks good!! one thing: those indentations look pretty big, I was thinking similar space to the indentation we have on pr status, which looks like 2 spaces:

github.com
  ✓ Logged in to github.com as vilmibm

[vilmibm]

@ampinsk done

[ampinsk]

🎉 🎉