Added a management command for resetting GitHub auth tokens.
Review Request #5684 — Created April 8, 2014 and submitted
With the new Heartbleed vulnerability in the wild, GitHub recommends
resetting all authentication tokens, just to be sure. This change
introduces a management command that makes that somewhat easy.This command will loop through all GitHub accounts that are linked to
Review Board, resetting their tokens and replacing them new, valid
tokens.If using a registered GitHub OAuth app for Review Board, then the resets
won't require any credentials. However, for personal tokens (which is
the standard case), it will require a password, and possibly a
two-factor auth token.
Reset a valid working personal OAuth token.
Reset an OAuth token I had locally that had no corresponding entry on GitHub. Saw it create a valid entry.
Reset an OAuth token backed by a registered OAuth app.
In each case, I verified the token payload contents and verified that I could fetch files from GitHub in the diff viewer.
Tested the
--yes
and--local-sites
options.Unit tests pass.