Merge pull request bitly#392 from arnottcr/master

jehiah · web-flow · commit 6d6cb7e1f83f · 2017-05-26T08:42:07.000-04:00
[github provider] use Authorization header, not access_token query parameter
diff --git a/providers/github.go b/providers/github.go
@@ -62,8 +62,7 @@ func (p *GitHubProvider) hasOrg(accessToken string) (bool, error) {
 	}
 
 	params := url.Values{
-		"access_token": {accessToken},
-		"limit":        {"100"},
+		"limit": {"100"},
 	}
 
 	endpoint := &url.URL{
@@ -74,6 +73,7 @@ func (p *GitHubProvider) hasOrg(accessToken string) (bool, error) {
 	}
 	req, _ := http.NewRequest("GET", endpoint.String(), nil)
 	req.Header.Set("Accept", "application/vnd.github.v3+json")
+	req.Header.Set("Authorization", fmt.Sprintf("token %s", accessToken))
 	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
 		return false, err
@@ -86,7 +86,7 @@ func (p *GitHubProvider) hasOrg(accessToken string) (bool, error) {
 	}
 	if resp.StatusCode != 200 {
 		return false, fmt.Errorf(
-			"got %d from %q %s", resp.StatusCode, stripToken(endpoint.String()), body)
+			"got %d from %q %s", resp.StatusCode, endpoint.String(), body)
 	}
 
 	if err := json.Unmarshal(body, &orgs); err != nil {
@@ -118,8 +118,7 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {
 	}
 
 	params := url.Values{
-		"access_token": {accessToken},
-		"limit":        {"100"},
+		"limit": {"100"},
 	}
 
 	endpoint := &url.URL{
@@ -130,6 +129,7 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {
 	}
 	req, _ := http.NewRequest("GET", endpoint.String(), nil)
 	req.Header.Set("Accept", "application/vnd.github.v3+json")
+	req.Header.Set("Authorization", fmt.Sprintf("token %s", accessToken))
 	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
 		return false, err
@@ -142,7 +142,7 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {
 	}
 	if resp.StatusCode != 200 {
 		return false, fmt.Errorf(
-			"got %d from %q %s", resp.StatusCode, stripToken(endpoint.String()), body)
+			"got %d from %q %s", resp.StatusCode, endpoint.String(), body)
 	}
 
 	if err := json.Unmarshal(body, &teams); err != nil {
@@ -198,17 +198,14 @@ func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error) {
 		}
 	}
 
-	params := url.Values{
-		"access_token": {s.AccessToken},
-	}
-
 	endpoint := &url.URL{
-		Scheme:   p.ValidateURL.Scheme,
-		Host:     p.ValidateURL.Host,
-		Path:     path.Join(p.ValidateURL.Path, "/user/emails"),
-		RawQuery: params.Encode(),
+		Scheme: p.ValidateURL.Scheme,
+		Host:   p.ValidateURL.Host,
+		Path:   path.Join(p.ValidateURL.Path, "/user/emails"),
 	}
-	resp, err := http.DefaultClient.Get(endpoint.String())
+	req, _ := http.NewRequest("GET", endpoint.String(), nil)
+	req.Header.Set("Authorization", fmt.Sprintf("token %s", s.AccessToken))
+	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
 		return "", err
 	}
@@ -220,9 +217,9 @@ func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error) {
 
 	if resp.StatusCode != 200 {
 		return "", fmt.Errorf("got %d from %q %s",
-			resp.StatusCode, stripToken(endpoint.String()), body)
+			resp.StatusCode, endpoint.String(), body)
 	} else {
-		log.Printf("got %d from %q %s", resp.StatusCode, stripToken(endpoint.String()), body)
+		log.Printf("got %d from %q %s", resp.StatusCode, endpoint.String(), body)
 	}
 
 	if err := json.Unmarshal(body, &emails); err != nil {

Original file line number	Diff line number	Diff line change
`@@ -62,8 +62,7 @@ func (p *GitHubProvider) hasOrg(accessToken string) (bool, error) {`
`62`	`62`	`}`
`63`	`63`
`64`	`64`	`params := url.Values{`
`65`		`- "access_token": {accessToken},`
`66`		`- "limit": {"100"},`
	`65`	`+ "limit": {"100"},`
`67`	`66`	`}`
`68`	`67`
`69`	`68`	`endpoint := &url.URL{`
`@@ -74,6 +73,7 @@ func (p *GitHubProvider) hasOrg(accessToken string) (bool, error) {`
`74`	`73`	`}`
`75`	`74`	`req, _ := http.NewRequest("GET", endpoint.String(), nil)`
`76`	`75`	`req.Header.Set("Accept", "application/vnd.github.v3+json")`
	`76`	`+ req.Header.Set("Authorization", fmt.Sprintf("token %s", accessToken))`
`77`	`77`	`resp, err := http.DefaultClient.Do(req)`
`78`	`78`	`if err != nil {`
`79`	`79`	`return false, err`
`@@ -86,7 +86,7 @@ func (p *GitHubProvider) hasOrg(accessToken string) (bool, error) {`
`86`	`86`	`}`
`87`	`87`	`if resp.StatusCode != 200 {`
`88`	`88`	`return false, fmt.Errorf(`
`89`		`- "got %d from %q %s", resp.StatusCode, stripToken(endpoint.String()), body)`
	`89`	`+ "got %d from %q %s", resp.StatusCode, endpoint.String(), body)`
`90`	`90`	`}`
`91`	`91`
`92`	`92`	`if err := json.Unmarshal(body, &orgs); err != nil {`
`@@ -118,8 +118,7 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {`
`118`	`118`	`}`
`119`	`119`
`120`	`120`	`params := url.Values{`
`121`		`- "access_token": {accessToken},`
`122`		`- "limit": {"100"},`
	`121`	`+ "limit": {"100"},`
`123`	`122`	`}`
`124`	`123`
`125`	`124`	`endpoint := &url.URL{`
`@@ -130,6 +129,7 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {`
`130`	`129`	`}`
`131`	`130`	`req, _ := http.NewRequest("GET", endpoint.String(), nil)`
`132`	`131`	`req.Header.Set("Accept", "application/vnd.github.v3+json")`
	`132`	`+ req.Header.Set("Authorization", fmt.Sprintf("token %s", accessToken))`
`133`	`133`	`resp, err := http.DefaultClient.Do(req)`
`134`	`134`	`if err != nil {`
`135`	`135`	`return false, err`
`@@ -142,7 +142,7 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {`
`142`	`142`	`}`
`143`	`143`	`if resp.StatusCode != 200 {`
`144`	`144`	`return false, fmt.Errorf(`
`145`		`- "got %d from %q %s", resp.StatusCode, stripToken(endpoint.String()), body)`
	`145`	`+ "got %d from %q %s", resp.StatusCode, endpoint.String(), body)`
`146`	`146`	`}`
`147`	`147`
`148`	`148`	`if err := json.Unmarshal(body, &teams); err != nil {`
`@@ -198,17 +198,14 @@ func (p GitHubProvider) GetEmailAddress(s SessionState) (string, error) {`
`198`	`198`	`}`
`199`	`199`	`}`
`200`	`200`
`201`		`- params := url.Values{`
`202`		`- "access_token": {s.AccessToken},`
`203`		`- }`
`204`		`-`
`205`	`201`	`endpoint := &url.URL{`
`206`		`- Scheme: p.ValidateURL.Scheme,`
`207`		`- Host: p.ValidateURL.Host,`
`208`		`- Path: path.Join(p.ValidateURL.Path, "/user/emails"),`
`209`		`- RawQuery: params.Encode(),`
	`202`	`+ Scheme: p.ValidateURL.Scheme,`
	`203`	`+ Host: p.ValidateURL.Host,`
	`204`	`+ Path: path.Join(p.ValidateURL.Path, "/user/emails"),`
`210`	`205`	`}`
`211`		`- resp, err := http.DefaultClient.Get(endpoint.String())`
	`206`	`+ req, _ := http.NewRequest("GET", endpoint.String(), nil)`
	`207`	`+ req.Header.Set("Authorization", fmt.Sprintf("token %s", s.AccessToken))`
	`208`	`+ resp, err := http.DefaultClient.Do(req)`
`212`	`209`	`if err != nil {`
`213`	`210`	`return "", err`
`214`	`211`	`}`
`@@ -220,9 +217,9 @@ func (p GitHubProvider) GetEmailAddress(s SessionState) (string, error) {`
`220`	`217`
`221`	`218`	`if resp.StatusCode != 200 {`
`222`	`219`	`return "", fmt.Errorf("got %d from %q %s",`
`223`		`- resp.StatusCode, stripToken(endpoint.String()), body)`
	`220`	`+ resp.StatusCode, endpoint.String(), body)`
`224`	`221`	`} else {`
`225`		`- log.Printf("got %d from %q %s", resp.StatusCode, stripToken(endpoint.String()), body)`
	`222`	`+ log.Printf("got %d from %q %s", resp.StatusCode, endpoint.String(), body)`
`226`	`223`	`}`
`227`	`224`
`228`	`225`	`if err := json.Unmarshal(body, &emails); err != nil {`