Summary

Added a management command for resetting GitHub auth tokens.

Review Request #5684 — Created April 8, 2014 and submitted April 11, 2014, 4:53 p.m.

Information

Owner

chipx86

Repository

Review Board

Branch

release-1.7.x

Bugs

Depends On

Commit

e884a43...

Reviewers

Groups

reviewboard

People

Description

With the new Heartbleed vulnerability in the wild, GitHub recommends
resetting all authentication tokens, just to be sure. This change
introduces a management command that makes that somewhat easy.

This command will loop through all GitHub accounts that are linked to
Review Board, resetting their tokens and replacing them new, valid
tokens.

If using a registered GitHub OAuth app for Review Board, then the resets
won't require any credentials. However, for personal tokens (which is
the standard case), it will require a password, and possibly a
two-factor auth token.

Testing Done

Reset a valid working personal OAuth token.

Reset an OAuth token I had locally that had no corresponding entry on GitHub. Saw it create a valid entry.

Reset an OAuth token backed by a registered OAuth app.

In each case, I verified the token payload contents and verified that I could fetch files from GitHub in the diff viewer.

Tested the --yes and --local-sites options.

Unit tests pass.

Issues

Description	From	Last Updated
This should be marked for localization.	david	April 8, 2014, 10:18 p.m.
l10n.	david	April 8, 2014, 10:18 p.m.
l10n.	david	April 8, 2014, 10:18 p.m.
l10n.	david	April 8, 2014, 10:18 p.m.
This should be self.stdout.write. Also, l10n.	david	April 8, 2014, 10:18 p.m.
l10n.	david	April 8, 2014, 10:20 p.m.
The break doesn't do anything here.	david	April 8, 2014, 10:20 p.m.

reviewboard/hostingsvcs/github.py (Diff revision 1)

Make sure you change these to use the 'as' syntax when you merge to release-2.0.x/master.

chipx86 April 8, 2014, 10:21 p.m.

Yep. Actually wrote this on 2.0, and then cherry-picked and changed everything for 1.7.

david April 8, 2014, 10:36 p.m.
```
Care to post the 2.0 version?
```

reviewboard/hostingsvcs/management/commands/reset-github-tokens.py (Diff revision 1)

Make sure that you do relevant unicode bits when merging this to release-2.0.x/master.

reviewboard/hostingsvcs/management/commands/reset-github-tokens.py (Diff revision 1)
The issue has been resolved. Show all issues
```
This should be marked for localization.
```
reviewboard/hostingsvcs/management/commands/reset-github-tokens.py (Diff revision 1)
The issue has been resolved. Show all issues
```
l10n.
```
reviewboard/hostingsvcs/management/commands/reset-github-tokens.py (Diff revision 1)
The issue has been resolved. Show all issues
```
l10n.
```
reviewboard/hostingsvcs/management/commands/reset-github-tokens.py (Diff revision 1)
```
Make sure to do the six input stuff here when you merge.
```
reviewboard/hostingsvcs/management/commands/reset-github-tokens.py (Diff revision 1)
The issue has been resolved. Show all issues
```
l10n.
```
reviewboard/hostingsvcs/management/commands/reset-github-tokens.py (Diff revision 1)
The issue has been resolved. Show all issues
```
This should be self.stdout.write. Also, l10n.
```
reviewboard/hostingsvcs/management/commands/reset-github-tokens.py (Diff revision 1)
The issue has been resolved. Show all issues
```
l10n.
```
reviewboard/hostingsvcs/management/commands/reset-github-tokens.py (Diff revision 1)
The issue has been resolved. Show all issues
```
The break doesn't do anything here.
```

Change Summary:

Changes requested during review.

Commit:

151350d0b6b20deed55445ee145007b391972b3e

e884a436ef68144765f1d77da63877288347848f

Diff:

Revision 2 (+245 -14)

Show changes

	reviewboard/hostingsvcs/github.py
	reviewboard/hostingsvcs/management/commands/reset-github-tokens.py

Ship it!

```
Ship It!
```

Status:: Completed