Support two-factor authentication for GitHub.

Review Request #5017 — Created Nov. 20, 2013 and submitted — Latest diff uploaded

Information

Review Board
release-1.7.x

Reviewers

Support two-factor authentication for GitHub.

This adds support for two-factor authentication when linking an account
for a GitHub repository. Two-factor auth is much safer, and is something
to be encouraged, but was not previously usable with Review Board.

We only ever authenticate when linking an account for the first time, in
order to get an OAuth token. The repository form now has support for
HostingServices to raise a TwoFactorAuthCodeRequiredError, which
indicates the service needs an authorization code to continue.

The repository form responds to that by displaying a field where the
user can enter their auth code. The HostingService will be passed this
code and can include it in the authorization request.

There are no other points where a two-factor auth token is needed for
GitHub, since requests using OAuth tokens do not need two-factor auth
tokens.

Tested linking an account that didn't require two-factor auth, and I
never saw any errors or the field. Account linked successfully.

Tested linking an account with two-factor auth turned on. After clicking
Save, I got instructions to re-enter my password and the auth token that
GitHub sent me, which appeared on my phone. Entered these, saved, and
account was linked and repository was created.

Verified I could access diffs and otherwise make queries against the API
without issues.

Inspected the payload associated with the account and saw that I had indeed
received a valid OAuth token.

Unit tests pass.