Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Excessive permissions required to file a bug using Github #655

Open
AlfonsoML opened this issue Aug 3, 2015 · 38 comments
Open

Excessive permissions required to file a bug using Github #655

AlfonsoML opened this issue Aug 3, 2015 · 38 comments

Comments

@AlfonsoML
Copy link

@AlfonsoML AlfonsoML commented Aug 3, 2015

When I tried to file a bug about a website there are two buttons at the bottom "Report via Github" and "Report anonymously", I clicked on Github and then I was prompted to grant too many permissions:

mezer_08-03_12-15-18

I had expected to only allow permissions on the webcompat repository and granting permission to read my identity and file a bug on my behalf seems like should be enough, no need to give full permissions on everything

@miketaylr

This comment has been minimized.

Copy link
Member

@miketaylr miketaylr commented Aug 3, 2015

Hey @AlfonsoML, thanks for filing. FWIW, I totally agree with you. Unfortunately GitHub doesn't yet provide an oauth scope that restricts access to issues. :(

If you'd like to contact GitHub and make that suggestion that might help--we've also asked them to do the same.

@karlcow karlcow changed the title Excesive permissions required to file a bug using Github Excessive permissions required to file a bug using Github Sep 30, 2015
@hallvors

This comment has been minimized.

Copy link
Contributor

@hallvors hallvors commented Oct 1, 2015

Question: if the user is not filing through webcompat.com UI but directly on GitHub, I guess s/he doesn't need to grant any permissions at all? Could we offer that as a third option, for users who know what they are doing?

@miketaylr

This comment has been minimized.

Copy link
Member

@miketaylr miketaylr commented Oct 1, 2015

Yes, possibly. But GitHub doesn't allow for issue templates so we may find that the quality of the bugs varies wildly. The Webcompat UI at least forces some notion of consistency. Maybe this is just a theoretical concern though. Right now nothing will break (I think).

@hallvors

This comment has been minimized.

Copy link
Contributor

@hallvors hallvors commented Oct 1, 2015

What if we add in small print underneath the "report" buttons

"You can also copy the text you entered above and click here to add a new bug through GitHub. This lets you report under your user name without having to grant our app access to your GitHub account."

@hallvors

This comment has been minimized.

Copy link
Contributor

@hallvors hallvors commented Oct 1, 2015

Even better - GitHub supports some query string arguments to /issues/new - I just tested :) So we can update that link in real time and add ?title=foo&body=bar

@miketaylr

This comment has been minimized.

Copy link
Member

@miketaylr miketaylr commented Oct 1, 2015

Cool. I can work on this tomorrow morning.

@miketaylr miketaylr self-assigned this Oct 1, 2015
@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented Oct 11, 2015

Same concerns than @miketaylr
I would rather have

  • [report via Webcompat] The old report via GitHub
  • [report via GitHub] The new hallvord proposal
  • [report anonymously]

Issue: Screenshot feature? Maybe not, just something to add to the body.

@hallvors

This comment has been minimized.

Copy link
Contributor

@hallvors hallvors commented Oct 15, 2015

Hm.. The screenshot feature should "just work" (famous last words) if it submits an image to a GitHub service and gets a magic markdown string back that is added to the body. That magic string is of course passed on to GitHub with the rest of the text with the [Report via GitHub] option..

Is there any functional difference between your [Report via Webcompat] and [Report via GitHub], @karlcow? If we had a [Report via GitHub] button, would be need the webcompat one?

@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented Oct 16, 2015

Is there any functional difference between your [Report via Webcompat] and [Report via GitHub], @karlcow? If we had a [Report via GitHub] button, would be need the webcompat one?

If I understood your proposal is about making an HTTP POST to the Web site (a bit like a selenium test). Not talking to the API of Github directly.

@miketaylr

This comment has been minimized.

Copy link
Member

@miketaylr miketaylr commented Jun 14, 2016

Let's close until GitHub announces finer grained OAuth scopes.

@miketaylr

This comment has been minimized.

Copy link
Member

@miketaylr miketaylr commented Oct 12, 2016

It seems like something is coming: https://developer.github.com/early-access/integrations/#granular-permissions

(still not ready for public to use yet tho... but promising!)

@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented May 31, 2017

Reopening the issue, after a comment by @dbaron on a recent bug. I was wondering if GitHub was now offering finer granularity. I need to dig a bit more the docs.

https://developer.github.com/apps/building-integrations/setting-up-and-registering-oauth-apps/about-scopes-for-oauth-apps/

@karlcow karlcow reopened this May 31, 2017
@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented May 31, 2017

To note that the issue is known by GitHub
dear-github/dear-github#113

@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented May 31, 2017

if I check my current Scopes in my headers, I get

X-OAuth-Scopes: gist, repo, user
X-Accepted-OAuth-Scopes: 
@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented May 31, 2017

@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented May 31, 2017

ok closing again for now.

@karlcow karlcow closed this May 31, 2017
@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented Jan 30, 2018

This is potentially interesting.
https://developer.github.com/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps/

Your GitHub App can perform actions on behalf of a user, like creating an issue, creating a deployment, and using other supported endpoints.

and

The user's access token allows the GitHub App to make requests to the API on behalf of a user.

@dmose

This comment has been minimized.

Copy link

@dmose dmose commented Apr 29, 2018

@zoepage It's not obvious to me that this is an enhancement. Right now, to file through webcompat.com, I'm required to give webcompat.com the ability to write the code in all the public repositories that I have access to, which is a serious overreach and certainly a vector for security breach access to spread, should webcompat.com get breached.

@miketaylr What are your thoughts on converting this to a Github App? Is that a substantial amount of work?

@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented May 10, 2018

@dmose
About

which is a serious overreach

yes and we are not happy about it as you see in this thread. :)

@miketaylr What are your thoughts on converting this to a Github App? Is that a substantial amount of work?

I guess there's indeed the amount of work that would require, which could be an issue. Maybe we should check/look for a project which went through this type of transition to assess the challenges.

@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented May 10, 2018

@miketaylr

This comment has been minimized.

Copy link
Member

@miketaylr miketaylr commented May 10, 2018

I don't think there's any harm in re-opening this, since it's something I would love to fix.

@miketaylr What are your thoughts on converting this to a Github App? Is that a substantial amount of work?

It doesn't look like an impossible amount of work. It looks like it would allow us to kill of @webcompat-bot (sorry, buddy), for anonymous reports, which is nice. I need to investigate if it would still allow us to file issues on behalf of a user, as the user (if they choose the non-anon option).

@miketaylr

This comment has been minimized.

Copy link
Member

@miketaylr miketaylr commented May 10, 2018

Realistically, we don't have bandwidth to work on this in Q2, but it's possible we could make progress in Q3. Thanks for re-raising @dmose.

@dmose

This comment has been minimized.

Copy link

@dmose dmose commented May 14, 2018

No worries; thanks for the updates!

@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented Jan 11, 2019

I know you might not have a better choice, but the @MozWebCompat permissions are way too broad.. (r/w all repository data, no less) https://twitter.com/kangsterizer/status/1083551261054488577/photo/1
doing anonymous report but adding your github username seems to work fine though ;-)

https://twitter.com/kangsterizer/status/1083551575937695744

@Manishearth

This comment has been minimized.

Copy link

@Manishearth Manishearth commented Aug 20, 2019

A far simpler solution to writing an entire Github App is to use Github's support for prefilling issues with query parameters. When you click "file", it uploads all images server-side using the API and generates a link, which you are navigated to. You can then submit it after making any edits you need to.

@miketaylr

This comment has been minimized.

Copy link
Member

@miketaylr miketaylr commented Aug 20, 2019

@Manishearth wow! I didn't know this existed.

@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented Jan 3, 2020

Added backlog to reopen when it's time to work on it.

@karlcow karlcow reopened this Jan 3, 2020
@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented Jan 3, 2020

Our low band-aid for this is to report anonymously and leave your github username in the field allowing it. It's not perfect but easier than redeveloping the oauth for Github App in our current resources.

@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented Jan 5, 2020

This might become more urgent with the #3118 events.

@dmose

This comment has been minimized.

Copy link

@dmose dmose commented Jan 6, 2020

@karlcow isn't the thing described in #655 (comment) a way to avoid a big rewrite?

@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented Jan 6, 2020

@dmose it seems interesting, but I don't think it will solve our issues. Maybe I'm wrong.

You must have the proper permissions for any action to use the equivalent query parameter.

So I interpret this as only people with specific permissions on the repo will be able to file a complete report as we wish it to be.

@Manishearth

This comment has been minimized.

Copy link

@Manishearth Manishearth commented Jan 6, 2020

So I interpret this as only people with specific permissions on the repo will be able to file a complete report as we wish it to be.

The only thing you will lose out on is labeling, and you can write a pretty lightweight bot to label issues based on metadata in a comment at the end of it or whatever.

@Manishearth

This comment has been minimized.

Copy link

@Manishearth Manishearth commented Jan 6, 2020

You can also use this feature in conjunction with issue templates to autoset labels, but y'all have a lot of them and getting the entire set of possible labels into templates would be annoying.

@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented Jan 6, 2020

So to be clear, the issue we are talking about here is people reporting issue with https://webcompat.com/issues/new and wants to log in as a GitHub user to have the report made under their name.

The form is created by webcompat.com and then sent to GitHub. We are not using the GitHub form templates to file issues currently (except for the very rare case where people use directly GitHub).

This for example doesn't solve our issues. :)
https://github.com/webcompat/webcompat-tests/issues/new?labels=bug&title=New+bug+report

It just creates a prefilled form on GitHub, not on webcompat.com

@Manishearth

This comment has been minimized.

Copy link

@Manishearth Manishearth commented Jan 6, 2020

Right, I understand what you want to achieve here. What I'm suggesting is this:

  • User fills in form on webcompat.com, clicks submit
  • webcompat.com generates a GitHub prefilled form link, and redirects to it
  • user just needs to click submit on the GitHub issue

There are two problems here: images, and labels. You can't send images through the query string, and you can't use labels since not everyone has permissions to use labels on the repo. For the former, you can preupload the images server-side and then just insert links. For the latter, you can note the relevant metadata in the issue and have a bot apply the correct labels.

I mentioned templates because templates are one way to get around the label restriction, GitHub allows templates to come with preset labels, and you can use the query string thing with templates. But this workaround requires you create one template for each label combination, and is a big hack, using a bot for labeling seems easier.

@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented Jan 6, 2020

@Manishearth Thanks for explaining. I understood you were trying to redirect the users to github. :)

  1. For labels we already have a bot.
  2. For the images we are linking to them. ;)
@Manishearth

This comment has been minimized.

Copy link

@Manishearth Manishearth commented Jan 6, 2020

Ah, so then we should be all set? We just need to replace the server side stuff that the "report via github" button does with a simple link generator thing. This doesn't fix anonymous filling, but it makes the github filling much easier and less permissionsy.

@karlcow

This comment has been minimized.

Copy link
Contributor

@karlcow karlcow commented Jan 6, 2020

it means we have an option if we accept to get out of the current UX workflow. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
7 participants
You can’t perform that action at this time.