Provide GitHub auth tokens in the Authorization header and not URL.

Review Request #10878 — Created Feb. 3, 2020 and submitted — Latest diff uploaded

Information

Review Board
release-3.0.x

Reviewers

GitHub has recently deprecated some aspects of their Authorizations API
and authentication methods, and one of those deprecations became very
public today. Review Board has historically provided the user's access
token in the URL, which is now deprecated and triggering e-mails from
GitHub warning about this deprecation.

The correct way forward is to use the Authorization header to provide
this token. This change updates all our GitHub support to do this, and
to make note of a few places where upcoming deprecations will be
affecting us.

Tested all file retrieval operations (file existence checks, file fetching)
and repository browsing (fetching of branches and commits) by way of viewing
diffs and performing operations through the New Review Request page.

Tested linking a new account, with and without a registered GitHub OAuth
app.

Tested editing account credentials, with and without a registered GitHub
OAuth app.

Unit tests pass.

Commits

Files