octokit / auth-basic.js Goto Github PK
View Code? Open in Web Editor NEWGitHub API Basic authentication for browsers and Node.js
License: MIT License
GitHub API Basic authentication for browsers and Node.js
License: MIT License
βοΈ Important announcement: Greenkeeper will be saying goodbye π and passing the torch to Snyk on June 3rd, 2020! Find out how to migrate to Snyk and more at greenkeeper.io
5.4.0
to 5.4.1
.π¨ View failing branch.
This version is covered by your current version range and after updating it in your project the build failed.
@octokit/request is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.
There is a collection of frequently asked questions. If those donβt help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot π΄
5.2.1
to 5.3.0
.π¨ View failing branch.
This version is covered by your current version range and after updating it in your project the build failed.
@octokit/request is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.
There is a collection of frequently asked questions. If those donβt help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot π΄
Compare octokit/auth-oauth-app.js#35
1.2.0
to 1.2.1
.π¨ View failing branch.
This version is covered by your current version range and after updating it in your project the build failed.
@octokit/request-error is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.
There is a collection of frequently asked questions. If those donβt help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot π΄
βοΈ Important announcement: Greenkeeper will be saying goodbye π and passing the torch to Snyk on June 3rd, 2020! Find out how to migrate to Snyk and more at greenkeeper.io
2.0.2
to 2.0.3
.π¨ View failing branch.
This version is covered by your current version range and after updating it in your project the build failed.
prettier is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
There is a collection of frequently asked questions. If those donβt help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot π΄
master
branch failed. π¨I recommend you give this issue a high priority, so other packages depending on you could benefit from your bug fixes and new features.
You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. Iβm sure you can resolve this πͺ.
Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.
Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master
branch. You can also manually restart the failed CI job that runs semantic-release.
If you are not sure how to resolve this, here is some links that can help you:
If those donβt help, or if this issue is reporting something you think isnβt right, you can always ask the humans behind semantic-release.
semantic-release cannot push the version tag to the branch master
on the remote Git repository with URL https://x-access-token:[secure]@github.com/octokit/auth-basic.js
.
This can be caused by:
Good luck with your project β¨
Your semantic-release bot π¦π
The current flow using all Octokit auth libraries is as follows.
Example
import { createBasicAuth } from "@octokit/auth-basic";
Example
const auth = createBasicAuth({
username: "octocat",
password: "secret",
on2Fa() {
return prompt("2Fa Code");
}
});
Example
const authentication = await auth({ url: "/authorizations" });
const { data } = await request("/authorizations", {
headers: authentication.headers
});
The challenge is: how to make sure that the request()
call has all required authentications, included a 2Fa code?
With the current implementation await auth({url: '/authorizations'})
directly returns username
and password
and returns headers.authorization
set to Basic <encoded username:password>
. So if the user has 2Fa enabled, the request would fail with 401 Unauthorized
and the user would need to catch the error, ask the user for a 2Fa code and retry the same request.
An alternative approach would be to always send a request to assure that the authentication is still valid. For basic auth, instead of just returning the username/password synchronously, a request could be sent to check if the user has 2Fa enabled, in which case the user would be prompted and the returned authentication would include the 2Fa code and x-github-otp
header. But that approach has its own tradeoffs:
401 Unauthorized
response would still need to be handled by re-requesting a 2Fa code from the user with some custom codeYet another approach could mean that the async auth()
has an additional auth.wrap(request, options)
method which could directly be passed to @octokit/request
as request.hook
option. That would make it possible to catch & handle request errors. This would imply that all @octokit/auth-*
libraries would need to return the auth.wrap(request, options)
method, it could act as a replacement of the .headers
and .query
keys.
The last consideration is that if a user has 2Fa enabled with SMS then an SMS is only sent for one of the following routes
POST /authorizations
Β - Create a new authorizationPUT /authorizations/clients/:client_id
Β - Get-or-create an authorization for a specific appPUT /authorizations/clients/:client_id/:fingerprint
Β - Get-or-create an authorization for a specific app and fingerprintPATCH /authorizations/:authorization_id
Β - Update an existing authorizationDELETE /authorizations/:authorization_id
Β - Delete an authorizationSo if the user requests GET /authorizations
and the server responses with 401 Unauthorized
, then the user will not retrieve a 2Fa code if they have SMS configured as delivery.
I'm currently double checking that assumption.
Update
I can confirm that all these routes can be used to trigger an SMS for accounts that have 2Fa enabled:
{POST,PATCH,PUT} /authorizations
{POST,PATCH,PUT} /authorizations/:authorization_id
(authorization_id
can be bogus, e.g. POST /authorizations/1
will work){POST,PATCH,PUT} /authorizations/clients/:client_id/:fingerprint
(client_id
and fingerprint
can be bogus, e.g. POST /authorizations/clients/1/1
works)All above routes works, even though the following are not even valid routes and will return 404 when a valid OTP is passed
{PATCH,PUT} /authorizations
POST /authorizations/clients/:client_id
POST /authorizations/:authorization_id
POST /authorizations/clients/:client_id/:fingerprint
I can also confirm that the above pathβs wonβt work with GET
, HEAD
, or DELETE
methods. I tested
GET /authorizations
DELETE /authorizations/:authorization_id
βοΈ Important announcement: Greenkeeper will be saying goodbye π and passing the torch to Snyk on June 3rd, 2020! Find out how to migrate to Snyk and more at greenkeeper.io
5.4.1
to 5.4.2
.π¨ View failing branch.
This version is covered by your current version range and after updating it in your project the build failed.
@octokit/request is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.
There is a collection of frequently asked questions. If those donβt help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot π΄
This issue is reserved for people who never contributed to Open Source before. We know that the process of creating a pull request is the biggest barrier for new contributors. This issue is for you π
The Pika CDN is now Skypack, see https://www.pika.dev/cdn. The CDN at https://cdn.pika.dev/ no longer works, all URLs must be replaced with the new CDN: https://cdn.skypack.dev/. We currently recommend using cdn.pika.dev
to import the library into the browser, but that no longer works. Replacing it with cdn.skypack.dev
will make it work again.
π Claim this issue: Comment below.
More than one person can work on this issue, don't worry if it's already claimed.
π Update the file \README.md (press the little pen Icon) and edit as shown below:
@@ -40,11 +40,11 @@ See the [official deprecation announcement](https://developer.github.com/changes
Browsers
</th><td width=100%>
-Load `@octokit/auth-basic` directly from [cdn.pika.dev](https://cdn.pika.dev)
+Load `@octokit/auth-basic` directly from [cdn.skypack.dev](https://cdn.skypack.dev)
```html
<script type="module">
- import { createBasicAuth } from "https://cdn.pika.dev/@octokit/auth-basic";
+ import { createBasicAuth } from "https://cdn.skypack.dev/@octokit/auth-basic";
</script>
```
πΎ Commit your changes
π Start a Pull Request. There are two ways how you can start a pull request:
π Done Ask for a review :)
If there are more than one pull requests with the correct change, we will merge the first one, but attribute the change to all authors who made the same change using @Co-authored-by
, so yo can be sure your contribution will count.
Leave a comment below!
This issue was created by First-Timers-Bot.
βοΈ Important announcement: Greenkeeper will be saying goodbye π and passing the torch to Snyk on June 3rd, 2020! Find out how to migrate to Snyk and more at greenkeeper.io
9.3.0
to 9.3.1
.π¨ View failing branch.
This version is covered by your current version range and after updating it in your project the build failed.
fetch-mock is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
The new version differs by 7 commits.
d22e983
linked to cheatsheet EVERYWHERE
1d2557d
Merge pull request #524 from wheresrhys/cheatsheet
1dfc6c2
completed cheatsheet
7efa6c5
cheatsheet formatting
438c835
refined set up/teardown section of cheatsheet
6a2d449
midway through writing cheatsheet content
633cf3e
improve documentation for when to use a named matcher
See the full diff
There is a collection of frequently asked questions. If those donβt help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot π΄
17.0.2
to 17.0.3
.π¨ View failing branch.
This version is covered by your current version range and after updating it in your project the build failed.
semantic-release is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
getGitAuthUrl
(e7bede1)The new version differs by 6 commits.
e7bede1
fix: pass a branch name to getGitAuthUrl
8426b42
chore(package): update tempy to version 0.4.0
804fc2a
docs(Troubleshooting): release not found in prereleases branch (e.g. beta
) after rebase on master
) (#1444)
389e331
chore(package): update got to version 10.5.2
a93c96f
revert: fix: allow plugins to set environment variables to be used by other plugins
68f7e92
fix: allow plugins to set environment variables to be used by other plugins
See the full diff
There is a collection of frequently asked questions. If those donβt help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot π΄
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.