Skip to content

Commit

Permalink
Merge pull request #825 from octokit/bearer-authentication
Browse files Browse the repository at this point in the history
Support Bearer JWT authentication #812
  • Loading branch information
tarebyte authored Mar 6, 2017
2 parents b0b8fb7 + 1b741c8 commit 8404007
Show file tree
Hide file tree
Showing 6 changed files with 71 additions and 1 deletion.
8 changes: 8 additions & 0 deletions lib/octokit/authentication.rb
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,14 @@ def token_authenticated?
!!@access_token
end

# Indicates if the client was supplied a bearer token
#
# @see https://developer.github.com/early-access/integrations/authentication/#as-an-integration
# @return [Boolean]
def bearer_authenticated?
!!@bearer_token
end

# Indicates if the client was supplied an OAuth
# access token or Basic Auth username and password
#
Expand Down
11 changes: 11 additions & 0 deletions lib/octokit/client.rb
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,7 @@ def inspect
# mask password
inspected = inspected.gsub! @password, "*******" if @password
inspected = inspected.gsub! @management_console_password, "*******" if @management_console_password
inspected = inspected.gsub! @bearer_token, '********' if @bearer_token
# Only show last 4 of token, secret
if @access_token
inspected = inspected.gsub! @access_token, "#{'*'*36}#{@access_token[36..-1]}"
Expand Down Expand Up @@ -188,6 +189,14 @@ def access_token=(value)
@access_token = value
end

# Set Bearer Token for authentication
#
# @param value [String] JWT
def bearer_token=(value)
reset_agent
@bearer_token = value
end

# Set OAuth app client_id
#
# @param value [String] 20 character GitHub OAuth app client_id
Expand All @@ -214,6 +223,8 @@ def client_without_redirects(options = {})
http.basic_auth(@login, @password)
elsif token_authenticated?
http.authorization 'token', @access_token
elsif bearer_authenticated?
http.authorization 'Bearer', @bearer_token
end
http.headers['accept'] = options[:accept] if options.key?(:accept)
end
Expand Down
6 changes: 5 additions & 1 deletion lib/octokit/configurable.rb
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ module Configurable
# @return [String] Base URL for API requests. default: https://api.github.com/
# @!attribute auto_paginate
# @return [Boolean] Auto fetch next page of results until rate limit reached
# @!attribute [w] bearer_token
# @see https://developer.github.com/early-access/integrations/authentication/#as-an-integration
# @return [String] JWT bearer token for authentication
# @!attribute client_id
# @see https://developer.github.com/v3/oauth/
# @return [String] Configure OAuth app key
Expand Down Expand Up @@ -47,7 +50,7 @@ module Configurable
# @!attribute web_endpoint
# @return [String] Base URL for web URLs. default: https://github.com/

attr_accessor :access_token, :auto_paginate, :client_id,
attr_accessor :access_token, :auto_paginate, :bearer_token, :client_id,
:client_secret, :default_media_type, :connection_options,
:middleware, :netrc, :netrc_file,
:per_page, :proxy, :user_agent
Expand All @@ -63,6 +66,7 @@ def keys
:access_token,
:api_endpoint,
:auto_paginate,
:bearer_token,
:client_id,
:client_secret,
:connection_options,
Expand Down
2 changes: 2 additions & 0 deletions lib/octokit/connection.rb
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,8 @@ def agent
http.basic_auth(@login, @password)
elsif token_authenticated?
http.authorization 'token', @access_token
elsif bearer_authenticated?
http.authorization 'Bearer', @bearer_token
elsif application_authenticated?
http.params = http.params.merge application_authentication
end
Expand Down
6 changes: 6 additions & 0 deletions lib/octokit/default.rb
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,12 @@ def auto_paginate
ENV['OCTOKIT_AUTO_PAGINATE']
end

# Default bearer token from ENV
# @return [String]
def bearer_token
ENV['OCTOKIT_BEARER_TOKEN']
end

# Default OAuth app key from ENV
# @return [String]
def client_id
Expand Down
39 changes: 39 additions & 0 deletions spec/octokit/client_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,12 @@
expect(inspected).not_to include("87614b09dd141c22800f96f11737ade5226d7ba8")
end

it "masks bearer token on inspect" do
client = Octokit::Client.new(bearer_token: 'secret JWT')
inspected = client.inspect
expect(inspected).not_to include("secret JWT")
end

it "masks client secrets on inspect" do
client = Octokit::Client.new(:client_secret => '87614b09dd141c22800f96f11737ade5226d7ba8')
inspected = client.inspect
Expand Down Expand Up @@ -140,30 +146,49 @@
before do
Octokit.reset!
end

it "sets basic auth creds with .configure" do
Octokit.configure do |config|
config.login = 'pengwynn'
config.password = 'il0veruby'
end
expect(Octokit.client).to be_basic_authenticated
end

it "sets basic auth creds with module methods" do
Octokit.login = 'pengwynn'
Octokit.password = 'il0veruby'
expect(Octokit.client).to be_basic_authenticated
end

it "sets oauth token with .configure" do
Octokit.configure do |config|
config.access_token = 'd255197b4937b385eb63d1f4677e3ffee61fbaea'
end
expect(Octokit.client).not_to be_basic_authenticated
expect(Octokit.client).to be_token_authenticated
end

it "sets oauth token with module methods" do
Octokit.access_token = 'd255197b4937b385eb63d1f4677e3ffee61fbaea'
expect(Octokit.client).not_to be_basic_authenticated
expect(Octokit.client).to be_token_authenticated
end

it "sets bearer token with module method" do
Octokit.bearer_token = 'secret JWT'
expect(Octokit.client).to be_bearer_authenticated
end

it "sets bearer token with .configure" do
Octokit.configure do |config|
config.bearer_token = 'secret JWT'
end
expect(Octokit.client).not_to be_basic_authenticated
expect(Octokit.client).not_to be_token_authenticated
expect(Octokit.client).to be_bearer_authenticated
end

it "sets oauth application creds with .configure" do
Octokit.configure do |config|
config.client_id = '97b4937b385eb63d1f46'
Expand All @@ -173,6 +198,7 @@
expect(Octokit.client).not_to be_token_authenticated
expect(Octokit.client).to be_application_authenticated
end

it "sets oauth token with module methods" do
Octokit.client_id = '97b4937b385eb63d1f46'
Octokit.client_secret = 'd255197b4937b385eb63d1f4677e3ffee61fbaea'
Expand Down Expand Up @@ -252,6 +278,19 @@
assert_requested :get, github_url('/user')
end
end

describe "when bearer authenticated", :vcr do
it "makes authenticated calls" do
jwt = 'secret JWT'
client = Octokit::Client.new(bearer_token: jwt)

root_request = stub_get("/").
with(:headers => {:authorization => "Bearer #{jwt}"})
client.get("/")
assert_requested root_request
end
end

describe "when application authenticated" do
it "makes authenticated calls" do
client = Octokit.client
Expand Down

0 comments on commit 8404007

Please sign in to comment.