Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GitHub legacy token authentication is broken #283

Closed
BloggerBust opened this issue Apr 7, 2019 · 6 comments
Closed

GitHub legacy token authentication is broken #283

BloggerBust opened this issue Apr 7, 2019 · 6 comments
Labels
bug

Comments

@BloggerBust
Copy link

BloggerBust commented Apr 7, 2019
edited
Loading

The most recent commit updated the construction of a GitHub instance in the connect controller, but did not pass the 'version' option. As a result it is not possible to use the legacy 'token' GitHub authentication. I created a commit to my own branch to try ad address this issue. However I am now getting an UnhandledPromiseRejectionWarning. The details are in the linked commit comments.

Are you in the process of tearing out support for token authentication? Any ideas why it is currently failing to work?

UPDATE:
I captured the error. It is returning a 404. I am not sure why yet though.

{ HttpError: Not Found
  at response.text.then.message (/var/task/user/index.js:130027:27)
  at <anonymous>
  at process._tickDomainCallback (internal/process/next_tick.js:228:7)
  name: 'HttpError',
  status: 404,
  headers: 
  { 'access-control-allow-origin': '*',
    'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type',
    connection: 'close',
    'content-encoding': 'gzip',
    'content-security-policy': 'default-src \'none\'',
    'content-type': 'application/json; charset=utf-8',
    date: 'Sun, 07 Apr 2019 13:02:39 GMT',
    'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
    server: 'GitHub.com',
    status: '404 Not Found',
    'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
    'transfer-encoding': 'chunked',
    'x-accepted-oauth-scopes': 'public_repo, repo, repo:invite',
    'x-content-type-options': 'nosniff',
    'x-frame-options': 'deny',
    'x-github-media-type': 'github.v3; format=json',
    'x-github-request-id': 'E876:4A18:21B074A:28D6BF7:5CA9F4EF',
    'x-oauth-scopes': '',
    'x-ratelimit-limit': '5000',
    'x-ratelimit-remaining': '4999',
    'x-ratelimit-reset': '1554645759',
    'x-xss-protection': '1; mode=block' },
  request: 
  { method: 'GET',
    url: 'https://api.github.com/user/repository_invitations',
    headers: 
    { accept: 'application/vnd.github.v3+json',
      'user-agent': 'Staticman agent octokit.js/16.8.0 Node.js/8.10.0 (Linux 4.14; x64)',
      authorization: 'token <MY-TOKEN>' },
    request: { timeout: 5000, validate: [Object] } },
  documentation_url: 'https://developer.github.com/v3/repos/invitations/#list-a-users-repository-invitations' }
@BloggerBust
Copy link
Author

I solved this issue. The problem was that my token was not authorized to access the invitations endpoint. Once I gave my token the repo invitations permission everything worked. I can make a PR for this tomorrow. I won't have time today unfortunately. I want to read over your contributing section, add a unt test and make sure everything passes etc. I will leave this issue open until I make the PR. Thanks.

@BloggerBust
Copy link
Author

7 suites and 60 tests are failing in master. I started to fix tests until I had only 17 failing, but then realized that the tests are meant for version 2 of the GitHub API, but the code has been partially updated to version 3 of the GitHub API. I am not sure how the maintainers wish to handle this, so I stopped fixing tests. Was a PR accidentally pushed to master that was meant for dev? Perhaps the simplest solution here is simply to rollback the commit?

@BloggerBust-bot
Copy link

I created PR #285 to rollback version 3 API support. I understand that the normal procedure is to make a PR for the dev branch. This rollback will fix all the unit tests and restore version 2 API support to last known good. Once the dev branch is ready then it can be merged again into master.

@maslankalm
Copy link

+1 for this issue. I just hit that when I tried to run my own instance from latest master branch.

Quick temporary workaround if needed - checkout latest verified version and restart application:
git checkout -b workaround 9ce2c48

@BloggerBust
Copy link
Author

+1 for this issue. I just hit that when I tried to run my own instance from latest master branch.

Quick temporary workaround if needed - checkout latest verified version and restart application:
git checkout -b workaround 9ce2c48

Thank you @maslankalm

This was referenced May 18, 2019
Closed
Closed
This was referenced Jun 25, 2019
Closed
Closed
This was referenced Jul 3, 2019
Open
Merged
@alexwaibel alexwaibel added the bug label Nov 8, 2019
@alexwaibel
Copy link
Collaborator

Duplicate of #318

@alexwaibel alexwaibel marked this as a duplicate of #318 Nov 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alexwaibel @BloggerBust @maslankalm @BloggerBust-bot