migrate request --> got in [github] auth acceptor (#7248)

2021-11-12 18:04:03 +00:00
parent 9f322f55f6
commit 0e38eab8df
4 changed files with 173 additions and 81 deletions
--- a/services/github/auth/acceptor.js
+++ b/services/github/auth/acceptor.js
@@ -1,8 +1,9 @@
 import queryString from 'query-string'
-import request from 'request'
-import { userAgent } from '../../../core/base-service/got.js'
+import { fetchFactory } from '../../../core/base-service/got.js'
 import log from '../../../core/server/log.js'

+const requestFetcher = fetchFactory()
+
 function setRoutes({ server, authHelper, onTokenAccepted }) {
  const baseUrl = process.env.GATSBY_BASE_URL || 'https://img.shields.io'

@@ -23,20 +24,18 @@ function setRoutes({ server, authHelper, onTokenAccepted }) {
    end('')
  })

-  server.route(/^\/github-auth\/done$/, (data, match, end, ask) => {
+  server.route(/^\/github-auth\/done$/, async (data, match, end, ask) => {
    if (!data.code) {
      log.log(`GitHub OAuth data: ${JSON.stringify(data)}`)
      return end('GitHub OAuth authentication failed to provide a code.')
    }

    const options = {
-      url: 'https://github.com/login/oauth/access_token',
      method: 'POST',
      headers: {
        'Content-type': 'application/x-www-form-urlencoded;charset=UTF-8',
-        'User-Agent': userAgent,
      },
-      form: queryString.stringify({
+      form: {
        // TODO The `_user` and `_pass` properties bypass security checks in
        // AuthHelper (e.g: enforceStrictSsl and shouldAuthenticateRequest).
        // Do not use them elsewhere. It would be better to clean
@@ -44,40 +43,45 @@ function setRoutes({ server, authHelper, onTokenAccepted }) {
        client_id: authHelper._user,
        client_secret: authHelper._pass,
        code: data.code,
-      }),
+      },
    }
-    request(options, (err, res, body) => {
-      if (err != null) {
-        return end('The connection to GitHub failed.')
-      }

-      let content
-      try {
-        content = queryString.parse(body)
-      } catch (e) {
-        return end('The GitHub OAuth token could not be parsed.')
-      }
-
-      const { access_token: token } = content
-      if (!token) {
-        return end('The GitHub OAuth process did not return a user token.')
-      }
-
-      ask.res.setHeader('Content-Type', 'text/html')
-      end(
-        '<p>Shields.io has received your app-specific GitHub user token. ' +
-          'You can revoke it by going to ' +
-          '<a href="https://github.com/settings/applications">GitHub</a>.</p>' +
-          '<p>Until you do, you have now increased the rate limit for GitHub ' +
-          'requests going through Shields.io. GitHub-related badges are ' +
-          'therefore more robust.</p>' +
-          '<p>Thanks for contributing to a smoother experience for ' +
-          'everyone!</p>' +
-          '<p><a href="/">Back to the website</a></p>'
+    let resp
+    try {
+      resp = await requestFetcher(
+        'https://github.com/login/oauth/access_token',
+        options
      )
+    } catch (e) {
+      return end('The connection to GitHub failed.')
+    }

-      onTokenAccepted(token)
-    })
+    let content
+    try {
+      content = queryString.parse(resp.buffer)
+    } catch (e) {
+      return end('The GitHub OAuth token could not be parsed.')
+    }
+
+    const { access_token: token } = content
+    if (!token) {
+      return end('The GitHub OAuth process did not return a user token.')
+    }
+
+    ask.res.setHeader('Content-Type', 'text/html')
+    end(
+      '<p>Shields.io has received your app-specific GitHub user token. ' +
+        'You can revoke it by going to ' +
+        '<a href="https://github.com/settings/applications">GitHub</a>.</p>' +
+        '<p>Until you do, you have now increased the rate limit for GitHub ' +
+        'requests going through Shields.io. GitHub-related badges are ' +
+        'therefore more robust.</p>' +
+        '<p>Thanks for contributing to a smoother experience for ' +
+        'everyone!</p>' +
+        '<p><a href="/">Back to the website</a></p>'
+    )
+
+    onTokenAccepted(token)
  })
 }

--- a/services/github/auth/acceptor.spec.js
+++ b/services/github/auth/acceptor.spec.js
@@ -10,10 +10,11 @@ import GithubConstellation from '../github-constellation.js'
 import { setRoutes } from './acceptor.js'

 const fakeClientId = 'githubdabomb'
+const fakeClientSecret = 'foobar'

 describe('Github token acceptor', function () {
  const oauthHelper = GithubConstellation._createOauthHelper({
-    private: { gh_client_id: fakeClientId },
+    private: { gh_client_id: fakeClientId, gh_client_secret: fakeClientSecret },
  })

  let port, baseUrl
@@ -78,7 +79,10 @@ describe('Github token acceptor', function () {
        scope = nock('https://github.com')
          .post('/login/oauth/access_token')
          .reply((url, requestBody) => {
-            expect(queryString.parse(requestBody).code).to.equal(fakeCode)
+            const parsedBody = queryString.parse(requestBody)
+            expect(parsedBody.client_id).to.equal(fakeClientId)
+            expect(parsedBody.client_secret).to.equal(fakeClientSecret)
+            expect(parsedBody.code).to.equal(fakeCode)
            return [
              200,
              queryString.stringify({ access_token: fakeAccessToken }),