8000 Use AppBearerTokenAuth in login_as_app_installation · staticdev/github4.py@655c8e1 · GitHub
[go: up one dir, main page]
Skip to content
This repository was archived by the owner on May 22, 2021. It is now read-only.

Commit 655c8e1

Browse files
datodato
committed
Use AppBearerTokenAuth in login_as_app_installation
Previously, this method used an Authorization header via `headers` parameter, instead of an AuthBase instance via the `auth` parameter. But the requests library has this behavior where it will try to pick up authentication credentials from ~/.netrc if neither session nor request has an associated AuthBase object. (A sole Authorization header will not prevent this behavior.) Since all of github3.py uses AuthBase instances to authenticate, but login_as_app_installation didn't, this makes for an incredibly difficult issue to debug, since the latter is the only place in which the issue can manifest, if a user's ~/.netrc has an entry for api.github.com. By using AppBearerTokenAuth, this can no longer happen, since the ~/.netrc path is not hit any more.
1 parent 3587d2f commit 655c8e1

File tree

2 files changed

+8
-4
lines changed

2 files changed

+8
-4
lines changed

AUTHORS.rst

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -200,3 +200,5 @@ Contributors
200200
- Andrew Hayworth (@ahayworth)
201201

202202
- Dmitry Kiselev (@dmitrykiselev27)
203+
204+
- Adeodato Simó (@dato)

src/github3/github.py

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
from . import pulls
2323
from .repos import repo
2424
from . import search
25+
from . import session
2526
from . import structs
2627
from . import users
2728
from . import utils
@@ -1399,14 +1400,15 @@ def login_as_app_installation(
13991400
# NOTE(sigmavirus24): This JWT token does not need to last very long.
14001401
# Instead of allowing it to stick around for 10 minutes, let's limit
14011402
# it to 30 seconds.
1402-
headers = apps.create_jwt_headers(
1403-
private_key_pem, app_id, expire_in=30
1404-
)
1403+
jwt_token = apps.create_token(private_key_pem, app_id, expire_in=30)
1404+
bearer_auth = session.AppBearerTokenAuth(jwt_token, 30)
14051405
url = self._build_url(
14061406
"app", "installations", str(installation_id), "access_tokens"
14071407
)
14081408
with self.session.no_auth():
1409-
response = self.session.post(url, headers=headers)
1409+
response = self.session.post(
1410+
url, auth=bearer_auth, headers=apps.APP_PREVIEW_HEADERS
1411+
)
14101412
json = self._json(response, 201)
14111413

14121414
self.session.app_installation_token_auth(json)

0 commit comments

Comments
 (0)
0