-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use new API endpoint to validate token #38
Conversation
The new endpoint https://developer.github.com/v3/apps/oauth_applications/#check-a-token replaces https://developer.github.com/v3/apps/oauth_applications/#check-an-authorization https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/ https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/
error = GH::Error.new | ||
error.info[:response_status] = 500 | ||
raise error | ||
end | ||
expect { subject['/x'] }.not_to raise_error | ||
expect { subject['/x'] }.to raise_error(GH::Error(:response_status => 500)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems to me that the previous spec, while pending, was wrong.
`GH::Remote` should be able to pass body to HTTP backend. Changing `#http` call signature (`def http(verb, url, body, headers = {}, &block)`) may be a little risky, so we piggyback on `headers`.
Tested with pry[1] pry(main)> require 'gh' => true [2] pry(main)> token_check=GH::TokenCheck.new => #> [3] pry(main)> token_check.client_id = 'XXX' => "XXX" [4] pry(main)> token_check.client_secret = 'YYY' => "YYY" [6] pry(main)> token_check.token = 'ZZZ' => "ZZZ" [7] pry(main)> token_check.check_token => #<Faraday::Response:0x00007fc16cac7c60 @env= #<struct Faraday::Env method=:post, body= "{\"id\":AAAAA,\"url\":\"https://api.github.com/authorizations/AAAAA\",\"app\":{\"name\":\"Travis staging\",\"url\":\"https://staging.travis-ci.org\",\"client_id\":\"XXX\"},\"token\":\"ZZZ\",\"hashed_token\":\"BBBBB\",\"token_last_eight\":… |
I've also checked the use of this new call with travis.rb locally. |
@@ -75,7 +75,8 @@ def generate_response(key, response) | |||
|
|||
# Internal: ... | |||
def http(verb, url, headers = {}, &block) | |||
connection.run_request(verb, url, nil, headers, &block) | |||
body = headers.delete :body |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is somewhat iffy; ideally, we would be changing the call signature of #http
, so that body
is set properly without really hacking into headers
parameter.
The new endpoint
https://developer.github.com/v3/apps/oauth_applications/#check-a-token
replaces
https://developer.github.com/v3/apps/oauth_applications/#check-an-authorization
https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/
https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/