admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

Remove basic authentication support for GitHub.

Browse Source 
Since we (and GitHub) no longer support password authentication
using non-token passwords, always set the Authorization header,
rather than needlessly checking for a (possibly incorrect) username.
This commit is contained in:
Jonathan Chang 2020-12-17 23:09:22 +11:00
parent 632c9be369
commit 09c3058618
2 changed files with 11 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Library/Homebrew/dev-cmd/pr-pull.rb
View File

@ -343,15 +343,10 @@ module Homebrew
end end
def download_artifact(url, dir, pr) def download_artifact(url, dir, pr)
token, username = GitHub.api_credentials raise "Credentials must be set to access the Artifacts API" if GitHub.api_credentials_type == :none
case GitHub.api_credentials_type
when :env_username_password, :keychain_username_password token = GitHub.api_credentials
curl_args = ["--user", "#{username}:#{token}"] curl_args = ["--header", "Authorization: token #{token}"]
when :env_token
curl_args = ["--header", "Authorization: token #{token}"]
when :none
raise "Credentials must be set to access the Artifacts API"
end
# Download the artifact as a zip file and unpack it into `dir`. This is # Download the artifact as a zip file and unpack it into `dir`. This is
# preferred over system `curl` and `tar` as this leverages the Homebrew # preferred over system `curl` and `tar` as this leverages the Homebrew

21
Library/Homebrew/utils/github.rb
View File

@ -99,6 +99,9 @@ module GitHub
odisabled "the GitHub API with HOMEBREW_GITHUB_API_PASSWORD", "HOMEBREW_GITHUB_API_TOKEN" odisabled "the GitHub API with HOMEBREW_GITHUB_API_PASSWORD", "HOMEBREW_GITHUB_API_TOKEN"
end end
# Gets the password field from `git-credential-osxkeychain` for github.com,
# but only if that password looks like a GitHub Personal Access Token.
sig { returns(T.nilable(String)) }
def keychain_username_password def keychain_username_password
github_credentials = Utils.popen(["git", "credential-osxkeychain", "get"], "w+") do |pipe| github_credentials = Utils.popen(["git", "credential-osxkeychain", "get"], "w+") do |pipe|
pipe.write "protocol=https\nhost=github.com\n" pipe.write "protocol=https\nhost=github.com\n"
@ -114,7 +117,7 @@ module GitHub
# https://github.com/Homebrew/brew/issues/6862#issuecomment-572610344 # https://github.com/Homebrew/brew/issues/6862#issuecomment-572610344
return unless /^[a-f0-9]{40}$/i.match?(github_password) return unless /^[a-f0-9]{40}$/i.match?(github_password)
[github_password, github_username] github_password
rescue Errno::EPIPE rescue Errno::EPIPE
# The above invocation via `Utils.popen` can fail, causing the pipe to be # The above invocation via `Utils.popen` can fail, causing the pipe to be
# prematurely closed (before we can write to it) and thus resulting in a # prematurely closed (before we can write to it) and thus resulting in a
@ -182,13 +185,8 @@ module GitHub
args = ["--header", "Accept: application/vnd.github.v3+json", "--write-out", "\n%\{http_code}"] args = ["--header", "Accept: application/vnd.github.v3+json", "--write-out", "\n%\{http_code}"]
args += ["--header", "Accept: application/vnd.github.antiope-preview+json"] args += ["--header", "Accept: application/vnd.github.antiope-preview+json"]
token, username = api_credentials token = api_credentials
case api_credentials_type args += ["--header", "Authorization: token #{token}"] unless api_credentials_type == :none
when :env_username_password, :keychain_username_password
args += ["--user", "#{username}:#{token}"]
when :env_token
args += ["--header", "Authorization: token #{token}"]
end
data_tmpfile = nil data_tmpfile = nil
if data if data
@ -379,12 +377,7 @@ module GitHub
def check_fork_exists(repo) def check_fork_exists(repo)
_, reponame = repo.split("/") _, reponame = repo.split("/")
case api_credentials_type username = open_api(url_to("user")) { |json| json["login"] }
when :env_username_password, :keychain_username_password
_, username = api_credentials
when :env_token
username = open_api(url_to("user")) { |json| json["login"] }
end
json = open_api(url_to("repos", username, reponame)) json = open_api(url_to("repos", username, reponame))
return false if json["message"] == "Not Found" return false if json["message"] == "Not Found"