change github perms from repo to public_repo (#1059)

* change github permissions back to public_repo

* update tests

server/middleware/security/authentication.js

@@ -182,9 +182,16 @@ export const authenticateService = (req, res, next) => {
   const opts = { callbackURL: getOAuthCallbackUrl(req) };
 
   if (service === 'github') {
-    // 'repo' gives us access to organizational repositories as well
-    // vs. 'public_repo' which requires the org to give separate access to app
-    opts.scope = [ 'user:email', 'repo' ]; 
+    /*
+      'repo' gives us access to org repos and private repos (latter is an issue for some people)
+      'public_repo' should give us all public_repos but in some cases users report not 
+        being able to see their repos. 
+
+      We have fluctuated back and forth. With the new simplified GitHub signup flow,
+      it's possible that 'public_repo' is enough. 
+    */
+
+    opts.scope = [ 'user:email', 'public_repo' ]; 
     return passport.authenticate(service, opts)(req, res, next);
   }
 

test/connectedAccounts.routes.test.js

@@ -41,7 +41,7 @@ describe('connectedAccounts.routes.test.js: GIVEN a collective', () => {
             expect(err).not.to.exist;
             const baseUrl = 'https://github.com/login/oauth/authorize';
             const redirectUri = encodeURIComponent(`${config.host.website}/api/connected-accounts/github/callback?utm_source=mm&CollectiveId=&access_token=&redirect=`);
-            const scope = encodeURIComponent('user:email,repo');
+            const scope = encodeURIComponent('user:email,public_repo');
             const location = `^${baseUrl}\\?response_type=code&redirect_uri=${redirectUri}&scope=${scope}&client_id=${clientId}$`;
             expect(res.headers.location).to.match(new RegExp(location));
             done();