boxen 1.5.2 → 2.0.0

data/boxen.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |gem|
   gem.name          = "boxen"
-  gem.version       = "1.5.2"
+  gem.version       = "2.0.0"
   gem.authors       = ["John Barnette", "Will Farrington"]
   gem.email         = ["jbarnette@github.com", "wfarr@github.com"]
   gem.description   = "Manage Mac development boxes with love (and Puppet)."
@@ -18,7 +18,7 @@ Gem::Specification.new do |gem|
   gem.add_dependency "highline",         "~> 1.6"
   gem.add_dependency "json_pure",        [">= 1.7.7", "< 2.0"]
   gem.add_dependency "librarian-puppet", "~> 0.9.9"
-  gem.add_dependency "octokit",          "~> 1.15"
+  gem.add_dependency "octokit",          "~> 2.0.0"
   gem.add_dependency "puppet",           "~> 3.0"
 
   gem.add_development_dependency "minitest", "4.4.0" # pinned for mocha

data/lib/boxen/config.rb

@@ -26,7 +26,6 @@ module Boxen
         end
 
         keychain        = Boxen::Keychain.new config.user
-        config.password = keychain.password
         config.token    = keychain.token
 
         if config.enterprise?
@@ -69,7 +68,6 @@ module Boxen
       end
 
       keychain          = Boxen::Keychain.new config.user
-      keychain.password = config.password
       keychain.token    = config.token
 
       config
@@ -85,10 +83,10 @@ module Boxen
     end
 
     # Create an API instance using the current user creds. A new
-    # instance is created any time `login` or `password` change.
+    # instance is created any time `token` changes.
 
     def api
-      @api ||= Octokit::Client.new :login => login, :password => password
+      @api ||= Octokit::Client.new :login => token, :password => 'x-oauth-basic'
     end
 
     # Spew a bunch of debug logging? Default is `false`.
@@ -139,26 +137,12 @@ module Boxen
 
     # A GitHub user login. Default is `nil`.
 
-    attr_reader :login
-
-    def login=(login)
-      @api = nil
-      @login = login
-    end
+    attr_accessor :login
 
     # A GitHub user's profile name.
 
     attr_accessor :name
 
-    # A GitHub user password. Default is `nil`.
-
-    attr_reader :password
-
-    def password=(password)
-      @api = nil
-      @password = password
-    end
-
     # Just go through the motions? Default is `false`.
 
     def pretend?
@@ -294,7 +278,12 @@ module Boxen
 
     # A GitHub OAuth token. Default is `nil`.
 
-    attr_accessor :token
+    attr_reader :token
+
+    def token=(token)
+      @token = token
+      @api = nil
+    end
 
     # A local user login. Default is the `USER` environment variable.
 

data/lib/boxen/flags.rb

@@ -12,7 +12,7 @@ module Boxen
     attr_reader :homedir
     attr_reader :logfile
     attr_reader :login
-    attr_reader :password
+    attr_reader :token
     attr_reader :srcdir
     attr_reader :user
 
@@ -118,8 +118,8 @@ module Boxen
           @stealth = true
         end
 
-        o.on "--password PASSWORD", "Your GitHub password." do |password|
-          @password = password
+        o.on "--token TOKEN", "Your GitHub OAuth token." do |token|
+          @token = token
         end
 
         o.on "--profile", "Profile the Puppet run." do
@@ -158,7 +158,7 @@ module Boxen
       config.homedir       = homedir  if homedir
       config.logfile       = logfile  if logfile
       config.login         = login    if login
-      config.password      = password if password
+      config.token         = token    if token
       config.pretend       = pretend?
       config.profile       = profile?
       config.future_parser = future_parser?

data/lib/boxen/hook/github_issue.rb

@@ -4,7 +4,10 @@ module Boxen
   class Hook
     class GitHubIssue < Hook
       def perform?
-        enabled? && !config.stealth? && !config.pretend? && checkout.master?
+        enabled? &&
+        !config.stealth? && !config.pretend? &&
+        !config.login.to_s.empty? &&
+        checkout.master?
       end
 
       def call

data/lib/boxen/keychain.rb

@@ -18,14 +18,8 @@ module Boxen
 
     def initialize(login)
       @login = login
-    end
-
-    def password
-      get PASSWORD_SERVICE
-    end
-
-    def password=(password)
-      set PASSWORD_SERVICE, password
+      # Clear the password. We're storing tokens now.
+      set PASSWORD_SERVICE, ""
     end
 
     def token
@@ -47,14 +41,14 @@ module Boxen
       $?.success? ? result : nil
     end
 
-    def set(service, password)
-      cmd = shellescape(HELPER, service, login, password)
+    def set(service, token)
+      cmd = shellescape(HELPER, service, login, token)
 
       unless system *cmd
         raise Boxen::Error, "Can't save #{service} in the keychain."
       end
 
-      password
+      token
     end
 
     def shellescape(*args)

data/lib/boxen/preflight/creds.rb

@@ -8,21 +8,62 @@ require "octokit"
 HighLine.track_eof = false
 
 class Boxen::Preflight::Creds < Boxen::Preflight
-  def basic?
-    config.api.user rescue nil
-  end
+  attr :otp
+  attr :password
 
   def ok?
-    basic? && token?
+    if config.token && config.api.user
+      # There was a period of time when login wasn't geting set on first run.
+      # This should correct that.
+      config.login = config.api.user.login
+      true
+    end
+  rescue
+    nil
+  end
+
+  def tmp_api
+    @tmp_api ||= Octokit::Client.new :login => config.login, :password => password, :auto_paginate => true
   end
 
-  def token?
-    return unless config.token
+  def headers
+    otp.nil? ? {} : {"X-GitHub-OTP" => otp}
+  end
+
+  def get_otp
+    console = HighLine.new
+
+    # junk API call to send OTP until we implement PUT
+    tmp_api.create_authorization rescue nil
 
-    tapi = Octokit::Client.new \
-      :login => config.login, :oauth_token => config.token
+    @otp = console.ask "One time password (via SMS or device):" do |q|
+      q.echo = '*'
+    end
+  end
 
-    tapi.user rescue nil
+  # Attempt to use the username+password to get a list of the user's OAuth
+  # authorizations from the API. If it fails because of 2FA, ask the user for
+  # her OTP and try again.
+  #
+  # Returns a list of authorizations
+  def get_tokens
+    begin
+      tmp_api.authorizations(:headers => headers)
+    rescue Octokit::Unauthorized => e
+      puts
+      if e.message =~ /OTP/
+        if otp.nil?
+          warn "It looks like you have two-factor auth enabled."
+        else
+          warn "That one time password didn't work. Let's try again."
+        end
+        get_otp
+        get_tokens
+      else
+        abort "Sorry, I can't auth you on GitHub.",
+          "Please check your credentials and teams and give it another try."
+      end
+    end
   end
 
   def run
@@ -34,27 +75,26 @@ class Boxen::Preflight::Creds < Boxen::Preflight
       q.default = config.login || config.user
       q.validate = /\A[^@]+\Z/
     end
-  
-    config.password = console.ask "GitHub password: " do |q|
+
+    @password = console.ask "GitHub password: " do |q|
       q.echo = "*"
     end
 
-    unless basic?
-      puts # i <3 vertical whitespace
+    tokens = get_tokens
 
-      abort "Sorry, I can't auth you on GitHub.",
-        "Please check your credentials and teams and give it another try."
+    unless auth = tokens.detect { |a| a.note == "Boxen" }
+      auth = tmp_api.create_authorization \
+        :note => "Boxen",
+        :scopes => %w(repo user),
+        :headers => headers
     end
 
-    # Okay, the basic creds are good, let's deal with an OAuth token.
+    config.token = auth.token
 
-    unless auth = config.api.authorizations.detect { |a| a.note == "Boxen" }
-      auth = config.api.create_authorization \
-        :note => "Boxen", :scopes => %w(repo user)
+    unless ok?
+      puts
+      abort "Something went terribly wrong.",
+        "I was able to get your OAuth token, but was unable to use it."
     end
-
-    # Reset the token for later.
-
-    config.token = auth.token
   end
 end

data/src/keychain-helper.c

@@ -20,7 +20,7 @@ int key_exists_p(
     NULL, strlen(service), service, strlen(login), login, &len, &buf, item
   );
 
-  if (ret == 0) {
+  if (ret == errSecSuccess) {
     return 0;
   } else {
     if (ret != errSecItemNotFound) {
@@ -45,7 +45,7 @@ int main(int argc, char **argv) {
   UInt32 len;
   SecKeychainItemRef item;
 
-  if (password != NULL) {
+  if (password != NULL && strlen(password) != 0) {
     if (key_exists_p(service, login, &item) == 0) {
       SecKeychainItemDelete(item);
     }
@@ -59,7 +59,13 @@ int main(int argc, char **argv) {
       REPORT_KEYCHAIN_ERROR(create_key);
       return 1;
     }
-
+  } else if (password != NULL && strlen(password) == 0) {
+    if (key_exists_p(service, login, &item) == 0) {
+      OSStatus ret = SecKeychainItemDelete(item);
+      if (ret != errSecSuccess) {
+        REPORT_KEYCHAIN_ERROR(ret);
+      }
+    }
   } else {
     OSStatus find_key = SecKeychainFindGenericPassword(
       NULL, strlen(service), service, strlen(login), login, &len, &buf, &item);

data/test/boxen_config_test.rb

@@ -96,13 +96,6 @@ class BoxenConfigTest < Boxen::Test
     assert_equal "foo", @config.name
   end
 
-  def test_password
-    assert_nil @config.password
-
-    @config.password = "foo"
-    assert_equal "foo", @config.password
-  end
-
   def test_pretend?
     refute @config.pretend?
 
@@ -346,11 +339,10 @@ class BoxenConfigTest < Boxen::Test
   end
 
   def test_api
-    @config.login    = login = "someuser"
-    @config.password = pass  = "s3kr!7"
+    @config.token    = token = "s3kr!7"
 
     api = Object.new
-    Octokit::Client.expects(:new).with(:login => login, :password => pass).once.returns(api)
+    Octokit::Client.expects(:new).with(:login => token, :password => 'x-oauth-basic').once.returns(api)
 
     assert_equal api, @config.api
     assert_equal api, @config.api  # This extra call plus the `once` on the expectation is for the ivar cache.

data/test/boxen_flags_test.rb

@@ -12,7 +12,7 @@ class BoxenFlagsTest < Boxen::Test
       expects(:homedir=).with "homedir"
       expects(:logfile=).with "logfile"
       expects(:login=).with "login"
-      expects(:password=).with "password"
+      expects(:token=).with "token"
       expects(:pretend=).with true
       expects(:profile=).with true
       expects(:future_parser=).with true
@@ -26,10 +26,10 @@ class BoxenFlagsTest < Boxen::Test
     # Do our best to frob every switch.
 
     flags = Boxen::Flags.new "--debug", "--help", "--login", "login",
-      "--no-fde", "--no-pull", "--no-issue", "--noop", "--password", "password",
+      "--no-fde", "--no-pull", "--no-issue", "--noop",
       "--pretend", "--profile", "--future-parser", "--report", "--projects",
       "--user", "user", "--homedir", "homedir", "--srcdir", "srcdir",
-      "--logfile", "logfile"
+      "--logfile", "logfile", "--token", "token"
 
     assert_same config, flags.apply(config)
   end
@@ -141,14 +141,14 @@ class BoxenFlagsTest < Boxen::Test
     assert_equal %w(foo), config.args
   end
 
-  def test_password
-    assert_nil flags.password
-    assert_equal "foo", flags("--password", "foo").password
+  def test_token
+    assert_nil flags.token
+    assert_equal "foo", flags("--token", "foo").token
   end
 
-  def test_password_missing_value
+  def test_token_missing_value
     ex = assert_raises Boxen::Error do
-      flags "--password"
+      flags "--token"
     end
 
     assert_match "missing argument", ex.message

data/test/boxen_hook_github_issue_test.rb

@@ -31,6 +31,7 @@ class BoxenHookGitHubIssueTest < Boxen::Test
     @config.stubs(:stealth?).returns(true)
     @config.stubs(:pretend?).returns(true)
     @checkout.stubs(:master?).returns(false)
+    @config.stubs(:login).returns(nil)
 
     refute @hook.perform?
 
@@ -44,6 +45,12 @@ class BoxenHookGitHubIssueTest < Boxen::Test
     refute @hook.perform?
 
     @checkout.stubs(:master?).returns(true)
+    refute @hook.perform?
+
+    @config.stubs(:login).returns('')
+    refute @hook.perform?
+
+    @config.stubs(:login).returns('somelogin')
     assert @hook.perform?
   end
 

data/test/boxen_keychain_test.rb

@@ -3,26 +3,22 @@ require "boxen/keychain"
 
 class BoxenKeychainTest < Boxen::Test
   def setup
-    @keychain = Boxen::Keychain.new('test')
+    @keychain = Boxen::Keychain.new('test') if osx?
   end
 
-  def test_get_password
-    @keychain.expects(:get).with('GitHub Password').returns('foobar')
-    assert_equal 'foobar', @keychain.password
-  end
-
-  def test_set_password
-    @keychain.expects(:set).with('GitHub Password', 'foobar').returns('foobar')
-    assert_equal 'foobar', @keychain.password=('foobar')
+  def osx?
+    RUBY_PLATFORM.downcase.include?("darwin")
   end
 
   def test_get_token
+    return skip("Keychain helper is OSX only") unless osx?
     @keychain.expects(:get).with('GitHub API Token').returns('foobar')
     assert_equal 'foobar', @keychain.token
   end
 
   def test_set_token
+    return skip("Keychain helper is OSX only") unless osx?
     @keychain.expects(:set).with('GitHub API Token', 'foobar').returns('foobar')
     assert_equal 'foobar', @keychain.token=('foobar')
   end
-end
+end

data/test/boxen_preflight_creds_test.rb

@@ -0,0 +1,41 @@
+require 'boxen/test'
+require 'boxen/preflight/creds'
+
+class BoxenPreflightCredsTest < Boxen::Test
+  def setup
+    @config   = Boxen::Config.new do |c|
+      c.user  = 'mojombo'
+      c.token = 'sekr3t!'
+    end
+  end
+
+  def test_basic
+    preflight = Boxen::Preflight::Creds.new @config
+
+    error = Octokit::Unauthorized.new
+    @config.api.stubs(:user).raises(error)
+
+    refute preflight.ok?
+  end
+
+  def test_basic_with_otp_challenge
+    preflight = Boxen::Preflight::Creds.new @config
+
+    blank_opt = {:headers => {}}
+    good_otp  = {:headers => {"X-GitHub-OTP" => "123456"}}
+
+    error = Octokit::Unauthorized.new
+    error.stubs(:message).returns("OTP")
+
+    preflight.tmp_api.expects(:authorizations).with(blank_opt).raises(error)
+    preflight.tmp_api.expects(:authorizations).with(good_otp).returns([])
+    preflight.tmp_api.expects(:create_authorization).raises(error)
+
+    preflight.expects(:warn)
+    HighLine.any_instance.expects(:ask).returns("123456")
+
+    preflight.get_tokens
+    assert_equal "123456", preflight.otp
+  end
+
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: boxen
 version: !ruby/object:Gem::Version
-  version: 1.5.2
+  version: 2.0.0
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-07-19 00:00:00.000000000 Z
+date: 2013-09-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ansi
@@ -105,7 +105,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '1.15'
+        version: 2.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -113,7 +113,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '1.15'
+        version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: puppet
   requirement: !ruby/object:Gem::Requirement
@@ -223,6 +223,7 @@ files:
 - test/boxen_keychain_test.rb
 - test/boxen_postflight_active_test.rb
 - test/boxen_postflight_env_test.rb
+- test/boxen_preflight_creds_test.rb
 - test/boxen_preflight_etc_my_cnf_test.rb
 - test/boxen_preflight_homebrew_test.rb
 - test/boxen_preflight_rvm_test.rb
@@ -271,6 +272,7 @@ test_files:
 - test/boxen_keychain_test.rb
 - test/boxen_postflight_active_test.rb
 - test/boxen_postflight_env_test.rb
+- test/boxen_preflight_creds_test.rb
 - test/boxen_preflight_etc_my_cnf_test.rb
 - test/boxen_preflight_homebrew_test.rb
 - test/boxen_preflight_rvm_test.rb
@@ -282,3 +284,4 @@ test_files:
 - test/fixtures/repo/modules/projects/manifests/first-project.pp
 - test/fixtures/repo/modules/projects/manifests/second-project.pp
 - test/system_timer.rb
+has_rdoc: