github.com/jingweno/gh@v2.1.1-0.20221007190738-04a7985fa9a1+incompatible/features/authentication.feature (about) 1 Feature: OAuth authentication 2 Background: 3 Given I am in "dotfiles" git repo 4 5 Scenario: Ask for username & password, create authorization 6 Given the GitHub API server: 7 """ 8 require 'rack/auth/basic' 9 get('/authorizations') { json [] } 10 post('/authorizations') { 11 auth = Rack::Auth::Basic::Request.new(env) 12 unless auth.credentials == %w[mislav kitty] 13 halt 401, json(:error => 'error') 14 end 15 assert :scopes => ['repo'] 16 json :token => 'OTOKEN' 17 } 18 get('/user') { 19 unless request.env['HTTP_AUTHORIZATION'] == 'token OTOKEN' 20 halt 401, json(:error => 'error') 21 end 22 json :login => 'MiSlAv' 23 } 24 post('/user/repos') { 25 unless request.env['HTTP_AUTHORIZATION'] == 'token OTOKEN' 26 halt 401, json(:error => 'error') 27 end 28 json :full_name => 'mislav/dotfiles' 29 } 30 """ 31 When I run `hub create` interactively 32 When I type "mislav" 33 And I type "kitty" 34 Then the output should contain "github.com username:" 35 And the output should contain "github.com password for mislav (never stored):" 36 And the exit status should be 0 37 And the file "../home/.config/gh" should contain "mislav" 38 And the file "../home/.config/gh" should contain "OTOKEN" 39 #And the file "../home/.config/gh" should have mode "0600" 40 41 Scenario: Ask for username & password, re-use existing authorization 42 Given the GitHub API server: 43 """ 44 require 'rack/auth/basic' 45 get('/authorizations') { 46 auth = Rack::Auth::Basic::Request.new(env) 47 unless auth.credentials == %w[mislav kitty] 48 halt 401, json(:error => 'error') 49 end 50 51 json [ 52 {:token => 'SKIPPD', :app => {:url => 'http://example.com'}}, 53 {:token => 'OTOKEN', :app => {:url => 'http://owenou.com/gh'}} 54 ] 55 } 56 get('/user') { 57 json :login => 'mislav' 58 } 59 post('/user/repos') { 60 json :full_name => 'mislav/dotfiles' 61 } 62 """ 63 When I run `hub create` interactively 64 When I type "mislav" 65 And I type "kitty" 66 Then the output should contain "github.com password for mislav (never stored):" 67 And the exit status should be 0 68 And the file "../home/.config/gh" should contain "OTOKEN" 69 70 Scenario: Credentials from GITHUB_USER & GITHUB_PASSWORD 71 Given the GitHub API server: 72 """ 73 require 'rack/auth/basic' 74 get('/authorizations') { 75 auth = Rack::Auth::Basic::Request.new(env) 76 unless auth.credentials == %w[mislav kitty] 77 halt 401, json(:error => 'error') 78 end 79 json [ 80 {:token => 'OTOKEN', :app => {:url => 'http://owenou.com/gh'}} 81 ] 82 } 83 get('/user') { 84 json :login => 'mislav' 85 } 86 post('/user/repos') { 87 json :full_name => 'mislav/dotfiles' 88 } 89 """ 90 Given $GITHUB_USER is "mislav" 91 And $GITHUB_PASSWORD is "kitty" 92 When I successfully run `hub create` 93 Then the output should not contain "github.com password for mislav" 94 And the file "../home/.config/gh" should contain "OTOKEN" 95 96 Scenario: Wrong password 97 Given the GitHub API server: 98 """ 99 require 'rack/auth/basic' 100 get('/authorizations') { 101 auth = Rack::Auth::Basic::Request.new(env) 102 unless auth.credentials == %w[mislav kitty] 103 halt 401, json(:error => 'auth error') 104 end 105 } 106 """ 107 When I run `hub create` interactively 108 When I type "mislav" 109 And I type "WRONG" 110 Then the stderr should contain "401 - Error: auth error" 111 And the exit status should be 1 112 #And the file "../home/.config/gh" should not exist 113 114 Scenario: Two-factor authentication, create authorization 115 Given the GitHub API server: 116 """ 117 require 'rack/auth/basic' 118 get('/authorizations') { 119 auth = Rack::Auth::Basic::Request.new(env) 120 unless auth.credentials == %w[mislav kitty] 121 halt 401, json(:error => 'error') 122 end 123 124 if request.env['HTTP_X_GITHUB_OTP'] != "112233" 125 response.headers['X-GitHub-OTP'] = "required; application" 126 halt 401, json(:error => 'two-factor authorization OTP code') 127 end 128 129 json [ 130 ] 131 } 132 post('/authorizations') { 133 auth = Rack::Auth::Basic::Request.new(env) 134 unless auth.credentials == %w[mislav kitty] 135 halt 401, json(:error => 'error') 136 end 137 138 unless params[:scopes] 139 halt 412, json(:error => 'error') 140 end 141 142 if request.env['HTTP_X_GITHUB_OTP'] != "112233" 143 response.headers['X-GitHub-OTP'] = "required; application" 144 halt 401, json(:error => 'two-factor authentication OTP code') 145 end 146 147 json :token => 'OTOKEN' 148 } 149 150 get('/user') { 151 json :login => 'mislav' 152 } 153 154 post('/user/repos') { 155 json :full_name => 'mislav/dotfiles' 156 } 157 """ 158 When I run `hub create` interactively 159 When I type "mislav" 160 And I type "kitty" 161 And I type "112233" 162 Then the output should contain "github.com password for mislav (never stored):" 163 Then the output should contain "two-factor authentication code:" 164 And the exit status should be 0 165 And the file "../home/.config/gh" should contain "OTOKEN" 166 167 Scenario: Two-factor authentication, re-use existing authorization 168 Given the GitHub API server: 169 """ 170 token = 'OTOKEN' 171 post('/authorizations') { 172 assert_basic_auth 'mislav', 'kitty' 173 token << 'SMS' 174 halt 412, json(:error => 'error') 175 } 176 get('/authorizations') { 177 assert_basic_auth 'mislav', 'kitty' 178 if request.env['HTTP_X_GITHUB_OTP'] != "112233" 179 response.headers['X-GitHub-OTP'] = "required; application" 180 halt 401, json(:error => 'error') 181 end 182 json [ { 183 :token => token, 184 :app => {:url => 'http://owenou.com/gh'} 185 } ] 186 } 187 get('/user') { 188 json :login => 'mislav' 189 } 190 post('/user/repos') { 191 json :full_name => 'mislav/dotfiles' 192 } 193 """ 194 When I run `hub create` interactively 195 When I type "mislav" 196 And I type "kitty" 197 And I type "112233" 198 Then the output should contain "github.com password for mislav (never stored):" 199 Then the output should contain "two-factor authentication code:" 200 And the exit status should be 0 201 And the file "../home/.config/gh" should contain "OTOKEN" 202 203 @wip 204 Scenario: Special characters in username & password 205 Given the GitHub API server: 206 """ 207 get('/authorizations') { json [] } 208 post('/authorizations') { 209 assert_basic_auth 'mislav@example.com', 'my pass@phrase ok?' 210 json :token => 'OTOKEN' 211 } 212 get('/user') { 213 json :login => 'mislav' 214 } 215 post('/user/repos') { 216 unless request.env['HTTP_AUTHORIZATION'] == 'token OTOKEN' 217 halt 401, json(:error => 'error') 218 end 219 json :full_name => 'mislav/dotfiles' 220 } 221 """ 222 When I run `hub create` interactively 223 When I type "mislav@example.com" 224 And I type "my pass@phrase ok?" 225 Then the output should contain "github.com password for mislav@example.com (never stored):" 226 And the exit status should be 0 227 And the file "../home/.config/gh" should contain "mislav" 228 And the file "../home/.config/gh" should contain "OTOKEN"