Added a management command for resetting GitHub auth tokens.

Review Request #5684 — Created April 8, 2014 and submitted — Latest diff uploaded

Information

Review Board
release-1.7.x
e884a43...

Reviewers

With the new Heartbleed vulnerability in the wild, GitHub recommends
resetting all authentication tokens, just to be sure. This change
introduces a management command that makes that somewhat easy.

This command will loop through all GitHub accounts that are linked to
Review Board, resetting their tokens and replacing them new, valid
tokens.

If using a registered GitHub OAuth app for Review Board, then the resets
won't require any credentials. However, for personal tokens (which is
the standard case), it will require a password, and possibly a
two-factor auth token.

Reset a valid working personal OAuth token.

Reset an OAuth token I had locally that had no corresponding entry on GitHub. Saw it create a valid entry.

Reset an OAuth token backed by a registered OAuth app.

In each case, I verified the token payload contents and verified that I could fetch files from GitHub in the diff viewer.

Tested the --yes and --local-sites options.

Unit tests pass.