Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GitHub legacy token authentication is broken #283

Open
BloggerBust opened this issue Apr 7, 2019 · 5 comments

Comments

Projects
None yet
3 participants
@BloggerBust
Copy link

commented Apr 7, 2019

The most recent commit updated the construction of a GitHub instance in the connect controller, but did not pass the 'version' option. As a result it is not possible to use the legacy 'token' GitHub authentication. I created a commit to my own branch to try ad address this issue. However I am now getting an UnhandledPromiseRejectionWarning. The details are in the linked commit comments.

Are you in the process of tearing out support for token authentication? Any ideas why it is currently failing to work?

UPDATE:
I captured the error. It is returning a 404. I am not sure why yet though.

{ HttpError: Not Found
  at response.text.then.message (/var/task/user/index.js:130027:27)
  at <anonymous>
  at process._tickDomainCallback (internal/process/next_tick.js:228:7)
  name: 'HttpError',
  status: 404,
  headers: 
  { 'access-control-allow-origin': '*',
    'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type',
    connection: 'close',
    'content-encoding': 'gzip',
    'content-security-policy': 'default-src \'none\'',
    'content-type': 'application/json; charset=utf-8',
    date: 'Sun, 07 Apr 2019 13:02:39 GMT',
    'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
    server: 'GitHub.com',
    status: '404 Not Found',
    'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
    'transfer-encoding': 'chunked',
    'x-accepted-oauth-scopes': 'public_repo, repo, repo:invite',
    'x-content-type-options': 'nosniff',
    'x-frame-options': 'deny',
    'x-github-media-type': 'github.v3; format=json',
    'x-github-request-id': 'E876:4A18:21B074A:28D6BF7:5CA9F4EF',
    'x-oauth-scopes': '',
    'x-ratelimit-limit': '5000',
    'x-ratelimit-remaining': '4999',
    'x-ratelimit-reset': '1554645759',
    'x-xss-protection': '1; mode=block' },
  request: 
  { method: 'GET',
    url: 'https://api.github.com/user/repository_invitations',
    headers: 
    { accept: 'application/vnd.github.v3+json',
      'user-agent': 'Staticman agent octokit.js/16.8.0 Node.js/8.10.0 (Linux 4.14; x64)',
      authorization: 'token <MY-TOKEN>' },
    request: { timeout: 5000, validate: [Object] } },
  documentation_url: 'https://developer.github.com/v3/repos/invitations/#list-a-users-repository-invitations' }

@BloggerBust

This comment has been minimized.

Copy link
Author

commented Apr 9, 2019

I solved this issue. The problem was that my token was not authorized to access the invitations endpoint. Once I gave my token the repo invitations permission everything worked. I can make a PR for this tomorrow. I won't have time today unfortunately. I want to read over your contributing section, add a unt test and make sure everything passes etc. I will leave this issue open until I make the PR. Thanks.

@BloggerBust

This comment has been minimized.

Copy link
Author

commented Apr 11, 2019

7 suites and 60 tests are failing in master. I started to fix tests until I had only 17 failing, but then realized that the tests are meant for version 2 of the GitHub API, but the code has been partially updated to version 3 of the GitHub API. I am not sure how the maintainers wish to handle this, so I stopped fixing tests. Was a PR accidentally pushed to master that was meant for dev? Perhaps the simplest solution here is simply to rollback the commit?

@BloggerBust-bot

This comment has been minimized.

Copy link

commented Apr 11, 2019

I created PR #285 to rollback version 3 API support. I understand that the normal procedure is to make a PR for the dev branch. This rollback will fix all the unit tests and restore version 2 API support to last known good. Once the dev branch is ready then it can be merged again into master.

@maslankalm

This comment has been minimized.

Copy link

commented Apr 19, 2019

+1 for this issue. I just hit that when I tried to run my own instance from latest master branch.

Quick temporary workaround if needed - checkout latest verified version and restart application:
git checkout -b workaround 9ce2c48

@BloggerBust

This comment has been minimized.

Copy link
Author

commented Apr 23, 2019

+1 for this issue. I just hit that when I tried to run my own instance from latest master branch.

Quick temporary workaround if needed - checkout latest verified version and restart application:
git checkout -b workaround 9ce2c48

Thank you @maslankalm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.