1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
|
package shared
import (
"bytes"
"encoding/json"
"fmt"
"net/http"
"os"
"slices"
"strings"
"github.com/MakeNowJust/heredoc"
"github.com/cli/cli/v2/api"
"github.com/cli/cli/v2/git"
"github.com/cli/cli/v2/internal/authflow"
"github.com/cli/cli/v2/internal/browser"
"github.com/cli/cli/v2/internal/ghinstance"
"github.com/cli/cli/v2/pkg/cmd/ssh-key/add"
"github.com/cli/cli/v2/pkg/iostreams"
"github.com/cli/cli/v2/pkg/ssh"
)
const defaultSSHKeyTitle = "GitHub CLI"
type iconfig interface {
Login(string, string, string, string, bool) (bool, error)
UsersForHost(string) []string
}
type LoginOptions struct {
IO *iostreams.IOStreams
Config iconfig
HTTPClient *http.Client
GitClient *git.Client
Hostname string
Interactive bool
Web bool
Scopes []string
Executable string
GitProtocol string
Prompter Prompt
Browser browser.Browser
SecureStorage bool
sshContext ssh.Context
}
func Login(opts *LoginOptions) error {
cfg := opts.Config
hostname := opts.Hostname
httpClient := opts.HTTPClient
cs := opts.IO.ColorScheme()
gitProtocol := strings.ToLower(opts.GitProtocol)
if opts.Interactive && gitProtocol == "" {
options := []string{
"HTTPS",
"SSH",
}
result, err := opts.Prompter.Select(
"What is your preferred protocol for Git operations on this host?",
options[0],
options)
if err != nil {
return err
}
proto := options[result]
gitProtocol = strings.ToLower(proto)
}
var additionalScopes []string
credentialFlow := &GitCredentialFlow{
Executable: opts.Executable,
Prompter: opts.Prompter,
GitClient: opts.GitClient,
}
if opts.Interactive && gitProtocol == "https" {
if err := credentialFlow.Prompt(hostname); err != nil {
return err
}
additionalScopes = append(additionalScopes, credentialFlow.Scopes()...)
}
var keyToUpload string
keyTitle := defaultSSHKeyTitle
if opts.Interactive && gitProtocol == "ssh" {
pubKeys, err := opts.sshContext.LocalPublicKeys()
if err != nil {
return err
}
if len(pubKeys) > 0 {
options := append(pubKeys, "Skip")
keyChoice, err := opts.Prompter.Select(
"Upload your SSH public key to your GitHub account?",
options[0],
options)
if err != nil {
return err
}
if keyChoice < len(pubKeys) {
keyToUpload = pubKeys[keyChoice]
}
} else if opts.sshContext.HasKeygen() {
sshChoice, err := opts.Prompter.Confirm("Generate a new SSH key to add to your GitHub account?", true)
if err != nil {
return err
}
if sshChoice {
passphrase, err := opts.Prompter.Password(
"Enter a passphrase for your new SSH key (Optional)")
if err != nil {
return err
}
keyPair, err := opts.sshContext.GenerateSSHKey("id_ed25519", passphrase)
if err != nil {
return err
}
keyToUpload = keyPair.PublicKeyPath
}
}
if keyToUpload != "" {
var err error
keyTitle, err = opts.Prompter.Input(
"Title for your SSH key:", defaultSSHKeyTitle)
if err != nil {
return err
}
additionalScopes = append(additionalScopes, "admin:public_key")
}
}
var authMode int
if opts.Web {
authMode = 0
} else if opts.Interactive {
options := []string{"Login with a web browser", "Paste an authentication token"}
var err error
authMode, err = opts.Prompter.Select(
"How would you like to authenticate GitHub CLI?",
options[0],
options)
if err != nil {
return err
}
}
var authToken string
var username string
if authMode == 0 {
var err error
authToken, username, err = authflow.AuthFlow(hostname, opts.IO, "", append(opts.Scopes, additionalScopes...), opts.Interactive, opts.Browser)
if err != nil {
return fmt.Errorf("failed to authenticate via web browser: %w", err)
}
fmt.Fprintf(opts.IO.ErrOut, "%s Authentication complete.\n", cs.SuccessIcon())
} else {
minimumScopes := append([]string{"repo", "read:org"}, additionalScopes...)
fmt.Fprint(opts.IO.ErrOut, heredoc.Docf(`
Tip: you can generate a Personal Access Token here https://%s/settings/tokens
The minimum required scopes are %s.
`, hostname, scopesSentence(minimumScopes)))
var err error
authToken, err = opts.Prompter.AuthToken()
if err != nil {
return err
}
if err := HasMinimumScopes(httpClient, hostname, authToken); err != nil {
return fmt.Errorf("error validating token: %w", err)
}
}
if username == "" {
var err error
username, err = GetCurrentLogin(httpClient, hostname, authToken)
if err != nil {
return fmt.Errorf("error retrieving current user: %w", err)
}
}
// Get these users before adding the new one, so that we can
// check whether the user was already logged in later.
//
// In this case we ignore the error if the host doesn't exist
// because that can occur when the user is logging into a host
// for the first time.
usersForHost := cfg.UsersForHost(hostname)
userWasAlreadyLoggedIn := slices.Contains(usersForHost, username)
if gitProtocol != "" {
fmt.Fprintf(opts.IO.ErrOut, "- gh config set -h %s git_protocol %s\n", hostname, gitProtocol)
fmt.Fprintf(opts.IO.ErrOut, "%s Configured git protocol\n", cs.SuccessIcon())
}
insecureStorageUsed, err := cfg.Login(hostname, username, authToken, gitProtocol, opts.SecureStorage)
if err != nil {
return err
}
if insecureStorageUsed {
fmt.Fprintf(opts.IO.ErrOut, "%s Authentication credentials saved in plain text\n", cs.Yellow("!"))
}
if credentialFlow.ShouldSetup() {
err := credentialFlow.Setup(hostname, username, authToken)
if err != nil {
return err
}
}
if keyToUpload != "" {
uploaded, err := sshKeyUpload(httpClient, hostname, keyToUpload, keyTitle)
if err != nil {
return err
}
if uploaded {
fmt.Fprintf(opts.IO.ErrOut, "%s Uploaded the SSH key to your GitHub account: %s\n", cs.SuccessIcon(), cs.Bold(keyToUpload))
} else {
fmt.Fprintf(opts.IO.ErrOut, "%s SSH key already existed on your GitHub account: %s\n", cs.SuccessIcon(), cs.Bold(keyToUpload))
}
}
fmt.Fprintf(opts.IO.ErrOut, "%s Logged in as %s\n", cs.SuccessIcon(), cs.Bold(username))
if userWasAlreadyLoggedIn {
fmt.Fprintf(opts.IO.ErrOut, "%s You were already logged in to this account\n", cs.WarningIcon())
}
return nil
}
func scopesSentence(scopes []string) string {
quoted := make([]string, len(scopes))
for i, s := range scopes {
quoted[i] = fmt.Sprintf("'%s'", s)
}
return strings.Join(quoted, ", ")
}
func sshKeyUpload(httpClient *http.Client, hostname, keyFile string, title string) (bool, error) {
f, err := os.Open(keyFile)
if err != nil {
return false, err
}
defer f.Close()
return add.SSHKeyUpload(httpClient, hostname, f, title)
}
func GetCurrentLogin(httpClient httpClient, hostname, authToken string) (string, error) {
query := `query UserCurrent{viewer{login}}`
reqBody, err := json.Marshal(map[string]interface{}{"query": query})
if err != nil {
return "", err
}
result := struct {
Data struct{ Viewer struct{ Login string } }
}{}
apiEndpoint := ghinstance.GraphQLEndpoint(hostname)
req, err := http.NewRequest("POST", apiEndpoint, bytes.NewBuffer(reqBody))
if err != nil {
return "", err
}
req.Header.Set("Authorization", "token "+authToken)
res, err := httpClient.Do(req)
if err != nil {
return "", err
}
defer res.Body.Close()
if res.StatusCode > 299 {
return "", api.HandleHTTPError(res)
}
decoder := json.NewDecoder(res.Body)
err = decoder.Decode(&result)
if err != nil {
return "", err
}
return result.Data.Viewer.Login, nil
}
|
