Provide GitHub auth tokens in the Authorization header and not URL.

Review Request #10878 — Created Feb. 3, 2020 and submitted

Information

Review Board
release-3.0.x

Reviewers

GitHub has recently deprecated some aspects of their Authorizations API
and authentication methods, and one of those deprecations became very
public today. Review Board has historically provided the user's access
token in the URL, which is now deprecated and triggering e-mails from
GitHub warning about this deprecation.

The correct way forward is to use the Authorization header to provide
this token. This change updates all our GitHub support to do this, and
to make note of a few places where upcoming deprecations will be
affecting us.

Tested all file retrieval operations (file existence checks, file fetching)
and repository browsing (fetching of branches and commits) by way of viewing
diffs and performing operations through the New Review Request page.

Tested linking a new account, with and without a registered GitHub OAuth
app.

Tested editing account credentials, with and without a registered GitHub
OAuth app.

Unit tests pass.

Summary ID
Provide GitHub auth tokens in the Authorization header and not URL.
GitHub has recently deprecated some aspects of their Authorizations API and authentication methods, and one of those deprecations became very public today. Review Board has historically provided the user's access token in the URL, which is now deprecated and triggering e-mails from GitHub warning about this deprecation. The correct way forward is to use the `Authorization` header to provide this token. This change updates all our GitHub support to do this, and to make note of a few places where upcoming deprecations will be affecting us.
947e28ca115ae411febeea797c5c4c66e45f71cd
Description From Last Updated

E501 line too long (116 > 79 characters)

reviewbotreviewbot

E501 line too long (96 > 79 characters)

reviewbotreviewbot
Checks run (1 failed, 1 succeeded)
flake8 failed.
JSHint passed.

flake8

david
  1. Ship It!
  2. 
      
chipx86
Review request changed
Status:
Completed
Change Summary:
Pushed to release-3.0.x (4b205c0)