Summary

Provide GitHub auth tokens in the Authorization header and not URL.

Review Request #10878 — Created Feb. 3, 2020 and submitted Feb. 6, 2020, 2:38 p.m.

Information

Owner

chipx86

Repository

Review Board

Branch

release-3.0.x

Bugs

Depends On

Reviewers

Groups

reviewboard

People

Description

GitHub has recently deprecated some aspects of their Authorizations API

and authentication methods, and one of those deprecations became very

public today. Review Board has historically provided the user's access

token in the URL, which is now deprecated and triggering e-mails from

GitHub warning about this deprecation.
The correct way forward is to use the Authorization header to provide

this token. This change updates all our GitHub support to do this, and

to make note of a few places where upcoming deprecations will be

affecting us.

Testing Done

Tested all file retrieval operations (file existence checks, file fetching)
and repository browsing (fetching of branches and commits) by way of viewing
diffs and performing operations through the New Review Request page.

Tested linking a new account, with and without a registered GitHub OAuth
app.

Tested editing account credentials, with and without a registered GitHub
OAuth app.

Unit tests pass.

Commits

Summary	ID
Provide GitHub auth tokens in the Authorization header and not URL. GitHub has recently deprecated some aspects of their Authorizations API and authentication methods, and one of those deprecations became very public today. Review Board has historically provided the user's access token in the URL, which is now deprecated and triggering e-mails from GitHub warning about this deprecation. The correct way forward is to use the `Authorization` header to provide this token. This change updates all our GitHub support to do this, and to make note of a few places where upcoming deprecations will be affecting us.	947e28ca115ae411febeea797c5c4c66e45f71cd

Summary

Provide GitHub auth tokens in the Authorization header and not URL.

GitHub has recently deprecated some aspects of their Authorizations API and authentication methods, and one of those deprecations became very public today. Review Board has historically provided the user's access token in the URL, which is now deprecated and triggering e-mails from GitHub warning about this deprecation. The correct way forward is to use the `Authorization` header to provide this token. This change updates all our GitHub support to do this, and to make note of a few places where upcoming deprecations will be affecting us.

947e28ca115ae411febeea797c5c4c66e45f71cd

Issues

Description	From	Last Updated
E501 line too long (116 > 79 characters)	reviewbot	Feb. 3, 2020, 4:29 p.m.
E501 line too long (96 > 79 characters)	reviewbot	Feb. 3, 2020, 4:29 p.m.

flake8 failed.

JSHint passed.

flake8

reviewboard/hostingsvcs/github.py (Diff revision 1)
The issue has been dropped. Show all issues
```
E501 line too long (116 > 79 characters)
```
reviewboard/hostingsvcs/github.py (Diff revision 1)
The issue has been dropped. Show all issues
```
E501 line too long (96 > 79 characters)
```

Ship it!

```
Ship It!
```

Status:: Completed
Change Summary:: Pushed to release-3.0.x (4b205c0)