We install an HTTP middleware that adds the "Authorization" header on
every HTTP request. However, our asset download process might redirect
to a 3rd-party host (Amazon S3) and we want to allow those requests but
not require that they are authenticated.
Furthermore, we need the ability to specify the `Accept` request header
without it being overwritten by middleware, so now middleware only adds
headers that are not present in a request.
Ensure the response body is fully read and closed to reuse the same TCPconnection.
Co-authored-by: Kumar Saurabh <kumarsaurabh@Kumars-MacBook-Air.local>
`admin:org` is inclusive of `read:org`, so if we find the former listed
in response headers, we can conclude that the token has necessary scopes
instead of letting a warning notice be shown.
`fmt.Errorf` hides information and makes it hard to test for specific
conditions in returned error. Return a structured error instead.
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
Our code had an unspoken assumption that only one apiClient is created
during the course of a command. Violating this assumption is fine in
almost all cases, but not when we need to do a re-auth to add a new
oauth scope to a user's token.
There is likely a more elegant solution to the problem but until then
this changes determineBaseRepo to use an existing apiClient.
How this works for people with existing OAuth tokens:
$ gh issue list -L1
Notice: additional authorization required
Press Enter to open github.com in your browser...
[auth flow in the browser...]
Authentication complete. Press Enter to continue...
Showing 1 of 132 issues in cli/cli
...
Users of Personal Access Tokens get a different notice:
Warning: gh now requires the `read:org` OAuth scope.
Visit https://github.com/settings/tokens and edit your token to enable `read:org`
or generate a new token and paste it via `gh config set -h github.com oauth_token MYTOKEN`
- The local git remotes are scanned and resolved to GitHub repositories
- The "base" repo is the first result resolved to its parent repo (if a fork)
- The name of the default branch is read from the base repo
- The "head" repo is the first repo that has push access
