github.com/jingweno/gh@v2.1.1-0.20221007190738-04a7985fa9a1+incompatible/features/authentication.feature (about)

     1  Feature: OAuth authentication
     2    Background:
     3      Given I am in "dotfiles" git repo
     4  
     5    Scenario: Ask for username & password, create authorization
     6      Given the GitHub API server:
     7        """
     8        require 'rack/auth/basic'
     9        get('/authorizations') { json [] }
    10        post('/authorizations') {
    11          auth = Rack::Auth::Basic::Request.new(env)
    12          unless auth.credentials == %w[mislav kitty]
    13            halt 401, json(:error => 'error')
    14          end
    15          assert :scopes => ['repo']
    16          json :token => 'OTOKEN'
    17        }
    18        get('/user') {
    19          unless request.env['HTTP_AUTHORIZATION'] == 'token OTOKEN'
    20            halt 401, json(:error => 'error')
    21          end
    22          json :login => 'MiSlAv'
    23        }
    24        post('/user/repos') {
    25          unless request.env['HTTP_AUTHORIZATION'] == 'token OTOKEN'
    26            halt 401, json(:error => 'error')
    27          end
    28          json :full_name => 'mislav/dotfiles'
    29        }
    30        """
    31      When I run `hub create` interactively
    32      When I type "mislav"
    33      And I type "kitty"
    34      Then the output should contain "github.com username:"
    35      And the output should contain "github.com password for mislav (never stored):"
    36      And the exit status should be 0
    37      And the file "../home/.config/gh" should contain "mislav"
    38      And the file "../home/.config/gh" should contain "OTOKEN"
    39      #And the file "../home/.config/gh" should have mode "0600"
    40  
    41    Scenario: Ask for username & password, re-use existing authorization
    42      Given the GitHub API server:
    43        """
    44        require 'rack/auth/basic'
    45        get('/authorizations') {
    46          auth = Rack::Auth::Basic::Request.new(env)
    47          unless auth.credentials == %w[mislav kitty]
    48            halt 401, json(:error => 'error')
    49          end
    50  
    51          json [
    52            {:token => 'SKIPPD', :app => {:url => 'http://example.com'}},
    53            {:token => 'OTOKEN', :app => {:url => 'http://owenou.com/gh'}}
    54          ]
    55        }
    56        get('/user') {
    57          json :login => 'mislav'
    58        }
    59        post('/user/repos') {
    60          json :full_name => 'mislav/dotfiles'
    61        }
    62        """
    63      When I run `hub create` interactively
    64      When I type "mislav"
    65      And I type "kitty"
    66      Then the output should contain "github.com password for mislav (never stored):"
    67      And the exit status should be 0
    68      And the file "../home/.config/gh" should contain "OTOKEN"
    69  
    70    Scenario: Credentials from GITHUB_USER & GITHUB_PASSWORD
    71      Given the GitHub API server:
    72        """
    73        require 'rack/auth/basic'
    74        get('/authorizations') {
    75          auth = Rack::Auth::Basic::Request.new(env)
    76          unless auth.credentials == %w[mislav kitty]
    77            halt 401, json(:error => 'error')
    78          end
    79          json [
    80            {:token => 'OTOKEN', :app => {:url => 'http://owenou.com/gh'}}
    81          ]
    82        }
    83        get('/user') {
    84          json :login => 'mislav'
    85        }
    86        post('/user/repos') {
    87          json :full_name => 'mislav/dotfiles'
    88        }
    89        """
    90      Given $GITHUB_USER is "mislav"
    91      And $GITHUB_PASSWORD is "kitty"
    92      When I successfully run `hub create`
    93      Then the output should not contain "github.com password for mislav"
    94      And the file "../home/.config/gh" should contain "OTOKEN"
    95  
    96    Scenario: Wrong password
    97      Given the GitHub API server:
    98        """
    99        require 'rack/auth/basic'
   100        get('/authorizations') {
   101          auth = Rack::Auth::Basic::Request.new(env)
   102          unless auth.credentials == %w[mislav kitty]
   103            halt 401, json(:error => 'auth error')
   104          end
   105        }
   106        """
   107      When I run `hub create` interactively
   108      When I type "mislav"
   109      And I type "WRONG"
   110      Then the stderr should contain "401 - Error: auth error"
   111      And the exit status should be 1
   112      #And the file "../home/.config/gh" should not exist
   113  
   114    Scenario: Two-factor authentication, create authorization
   115      Given the GitHub API server:
   116        """
   117        require 'rack/auth/basic'
   118        get('/authorizations') {
   119          auth = Rack::Auth::Basic::Request.new(env)
   120          unless auth.credentials == %w[mislav kitty]
   121            halt 401, json(:error => 'error')
   122          end
   123  
   124          if request.env['HTTP_X_GITHUB_OTP'] != "112233"
   125            response.headers['X-GitHub-OTP'] = "required; application"
   126            halt 401, json(:error => 'two-factor authorization OTP code')
   127          end
   128  
   129          json [
   130          ]
   131        }
   132        post('/authorizations') {
   133          auth = Rack::Auth::Basic::Request.new(env)
   134          unless auth.credentials == %w[mislav kitty]
   135            halt 401, json(:error => 'error')
   136          end
   137  
   138          unless params[:scopes]
   139            halt 412, json(:error => 'error')
   140          end
   141  
   142          if request.env['HTTP_X_GITHUB_OTP'] != "112233"
   143            response.headers['X-GitHub-OTP'] = "required; application"
   144            halt 401, json(:error => 'two-factor authentication OTP code')
   145          end
   146  
   147          json :token => 'OTOKEN'
   148        }
   149  
   150        get('/user') {
   151          json :login => 'mislav'
   152        }
   153  
   154        post('/user/repos') {
   155          json :full_name => 'mislav/dotfiles'
   156        }
   157        """
   158      When I run `hub create` interactively
   159      When I type "mislav"
   160      And I type "kitty"
   161      And I type "112233"
   162      Then the output should contain "github.com password for mislav (never stored):"
   163      Then the output should contain "two-factor authentication code:"
   164      And the exit status should be 0
   165      And the file "../home/.config/gh" should contain "OTOKEN"
   166  
   167    Scenario: Two-factor authentication, re-use existing authorization
   168      Given the GitHub API server:
   169        """
   170        token = 'OTOKEN'
   171        post('/authorizations') {
   172          assert_basic_auth 'mislav', 'kitty'
   173          token << 'SMS'
   174          halt 412, json(:error => 'error')
   175        }
   176        get('/authorizations') {
   177          assert_basic_auth 'mislav', 'kitty'
   178          if request.env['HTTP_X_GITHUB_OTP'] != "112233"
   179            response.headers['X-GitHub-OTP'] = "required; application"
   180            halt 401, json(:error => 'error')
   181          end
   182          json [ {
   183            :token => token,
   184            :app => {:url => 'http://owenou.com/gh'}
   185            } ]
   186        }
   187        get('/user') {
   188          json :login => 'mislav'
   189        }
   190        post('/user/repos') {
   191          json :full_name => 'mislav/dotfiles'
   192        }
   193        """
   194      When I run `hub create` interactively
   195      When I type "mislav"
   196      And I type "kitty"
   197      And I type "112233"
   198      Then the output should contain "github.com password for mislav (never stored):"
   199      Then the output should contain "two-factor authentication code:"
   200      And the exit status should be 0
   201      And the file "../home/.config/gh" should contain "OTOKEN"
   202  
   203    @wip
   204    Scenario: Special characters in username & password
   205      Given the GitHub API server:
   206        """
   207        get('/authorizations') { json [] }
   208        post('/authorizations') {
   209          assert_basic_auth 'mislav@example.com', 'my pass@phrase ok?'
   210          json :token => 'OTOKEN'
   211        }
   212        get('/user') {
   213          json :login => 'mislav'
   214        }
   215        post('/user/repos') {
   216          unless request.env['HTTP_AUTHORIZATION'] == 'token OTOKEN'
   217            halt 401, json(:error => 'error')
   218          end
   219          json :full_name => 'mislav/dotfiles'
   220        }
   221        """
   222      When I run `hub create` interactively
   223      When I type "mislav@example.com"
   224      And I type "my pass@phrase ok?"
   225      Then the output should contain "github.com password for mislav@example.com (never stored):"
   226      And the exit status should be 0
   227      And the file "../home/.config/gh" should contain "mislav"
   228      And the file "../home/.config/gh" should contain "OTOKEN"