Commit: 6af377de63c31c5ea08233f421126feade9dea9a Author: Johannes Schlüter <johan...@schlueters.de> Wed, 20 Nov 2013 23:42:04 +0100 Parents: f8eedcc9f478a73190b1c05002a2c9e0d114e492 Branches: master
Link: http://git.php.net/?p=web/qa.git;a=commitdiff;h=6af377de63c31c5ea08233f421126feade9dea9a Log: Switch to token based authentication Changed paths: M pulls/api.php M pulls/config.php.in M pulls/index.php Diff: diff --git a/pulls/api.php b/pulls/api.php index a878b3e..a23e166 100644 --- a/pulls/api.php +++ b/pulls/api.php @@ -60,16 +60,19 @@ function do_http_request($url, $opts) if (empty($opts['user_agent'])) { $opts['user_agent'] = USER_AGENT; } + // IMPORTANT $opts might be logged. Make sure token is removed from log! + $opts['header'] = 'Authorization: token '.GITHUB_TOKEN; $ctxt = stream_context_create(array('http' => $opts)); - $actual_url = str_replace('https://', 'https://'.GITHUB_USER.':'.GITHUB_PASS.'@', $url); $old_track_errors = ini_get('track_errors'); ini_set('track_errors', true); - $s = @file_get_contents($actual_url, false, $ctxt); + $s = @file_get_contents($url, false, $ctxt); ini_set('track_errors', $old_track_errors); if (isset($_SESSION['debug']['requests'])) { + // The token shall not be leaked! + $opts['header'] = 'Authorization: token (secret)'; $_SESSION['debug']['requests'][] = array( 'url' => $url, 'opts'=> $opts, @@ -80,13 +83,7 @@ function do_http_request($url, $opts) if (!$s) { $errors[] = "Server responded: ".$http_response_header[0]; - $errors[] = "Github user: ".GITHUB_USER; - if ($_SESSION['user'] === 'johannes') { - /* This might include the password or such, so not everybody should get it - The good news is that the HTTP Status code usually is a good enough hint - */ - $errors[] = $php_errormsg; - } + $errors[] = $php_errormsg; return false; } return $s; diff --git a/pulls/config.php.in b/pulls/config.php.in index ec65f53..15e2d86 100644 --- a/pulls/config.php.in +++ b/pulls/config.php.in @@ -1,5 +1,11 @@ <?php const GITHUB_BASEURL = 'https://api.github.com/'; const GITHUB_ORG = 'php'; -const GITHUB_USER = '....'; -const GITHUB_PASS = '....'; + +/* +Github tokens can be generated using "Personal Access Tokens" on +https://github.com/settings/applications after logging in as the user +they should belong to. On php.net this is the php-pulls user. On +test setups this might be your normal user. +*/ +const GITHUB_TOKEN = '....'; diff --git a/pulls/index.php b/pulls/index.php index 62ed205..12a7404 100644 --- a/pulls/index.php +++ b/pulls/index.php @@ -135,7 +135,7 @@ if (!getenv('AUTH_TOKEN')) { echo '<div style="width: 100%; border: 2px solid red; padding:10px;"><b>Error:</b> AUTH_TOKEN not set</div><br>'; } -if (!constant('GITHUB_PASS')) { +if (!constant('GITHUB_TOKEN')) { echo '<div style="width: 100%; border: 2px solid red; padding:10px;"><b>Error:</b> config.php not configured correctly.</div><br>'; common_footer(); exit; -- PHP Quality Assurance Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
