octokit 4.2.0 → 9.2.0

data/lib/octokit/error.rb

@@ -1,12 +1,16 @@
+# frozen_string_literal: true
+
 module Octokit
   # Custom error class for rescuing from all GitHub errors
   class Error < StandardError
+    attr_reader :context
 
     # Returns the appropriate Octokit::Error subclass based
     # on status and response message
     #
     # @param [Hash] response HTTP response
     # @return [Octokit::Error]
+    # rubocop:disable Metrics/CyclomaticComplexity
     def self.from_response(response)
       status  = response[:status].to_i
       body    = response[:body].to_s
@@ -16,12 +20,14 @@ module Octokit
                   when 400      then Octokit::BadRequest
                   when 401      then error_for_401(headers)
                   when 403      then error_for_403(body)
-                  when 404      then Octokit::NotFound
+                  when 404      then error_for_404(body)
                   when 405      then Octokit::MethodNotAllowed
                   when 406      then Octokit::NotAcceptable
                   when 409      then Octokit::Conflict
+                  when 410      then Octokit::Deprecated
                   when 415      then Octokit::UnsupportedMediaType
-                  when 422      then Octokit::UnprocessableEntity
+                  when 422      then error_for_422(body)
+                  when 451      then Octokit::UnavailableForLegalReasons
                   when 400..499 then Octokit::ClientError
                   when 500      then Octokit::InternalServerError
                   when 501      then Octokit::NotImplemented
@@ -32,10 +38,18 @@ module Octokit
         klass.new(response)
       end
     end
+    # rubocop:enable Metrics/CyclomaticComplexity
+
+    def build_error_context
+      if RATE_LIMITED_ERRORS.include?(self.class)
+        @context = Octokit::RateLimit.from_response(@response)
+      end
+    end
 
-    def initialize(response=nil)
+    def initialize(response = nil)
       @response = response
       super(build_error_message)
+      build_error_context
     end
 
     # Documentation URL returned by the API for some errors
@@ -47,7 +61,9 @@ module Octokit
 
     # Returns most appropriate error for 401 HTTP status code
     # @private
+    # rubocop:disable Naming/VariableNumber
     def self.error_for_401(headers)
+      # rubocop:enbale Naming/VariableNumber
       if Octokit::OneTimePasswordRequired.required_header(headers)
         Octokit::OneTimePasswordRequired
       else
@@ -58,46 +74,103 @@ module Octokit
     # Returns most appropriate error for 403 HTTP status code
     # @private
     def self.error_for_403(body)
-      if body =~ /rate limit exceeded/i
+      # rubocop:enable Naming/VariableNumber
+      case body
+      when /rate limit exceeded/i, /exceeded a secondary rate limit/i
         Octokit::TooManyRequests
-      elsif body =~ /login attempts exceeded/i
+      when /login attempts exceeded/i
         Octokit::TooManyLoginAttempts
-      elsif body =~ /abuse/i
+      when /(returns|for) blobs (up to|between) [0-9-]+ MB/i
+        Octokit::TooLargeContent
+      when /abuse/i
         Octokit::AbuseDetected
-      elsif body =~ /repository access blocked/i
+      when /repository access blocked/i
         Octokit::RepositoryUnavailable
-      elsif body =~ /email address must be verified/i
+      when /email address must be verified/i
         Octokit::UnverifiedEmail
+      when /account was suspended/i
+        Octokit::AccountSuspended
+      when /billing issue/i
+        Octokit::BillingIssue
+      when /Resource protected by organization SAML enforcement/i
+        Octokit::SAMLProtected
+      when /suspended your access|This installation has been suspended/i
+        Octokit::InstallationSuspended
       else
         Octokit::Forbidden
       end
     end
 
+    # Return most appropriate error for 404 HTTP status code
+    # @private
+    # rubocop:disable Naming/VariableNumber
+    def self.error_for_404(body)
+      # rubocop:enable Naming/VariableNumber
+      if body =~ /Branch not protected/i
+        Octokit::BranchNotProtected
+      else
+        Octokit::NotFound
+      end
+    end
+
+    # Return most appropriate error for 422 HTTP status code
+    # @private
+    # rubocop:disable Naming/VariableNumber
+    def self.error_for_422(body)
+      # rubocop:enable Naming/VariableNumber
+      if body =~ /PullRequestReviewComment/i && body =~ /(commit_id|end_commit_oid) is not part of the pull request/i
+        Octokit::CommitIsNotPartOfPullRequest
+      elsif body =~ /Path diff too large/i
+        Octokit::PathDiffTooLarge
+      else
+        Octokit::UnprocessableEntity
+      end
+    end
+
     # Array of validation errors
     # @return [Array<Hash>] Error info
     def errors
-      if data && data.is_a?(Hash)
+      if data.is_a?(Hash)
         data[:errors] || []
       else
         []
       end
     end
 
+    # Status code returned by the GitHub server.
+    #
+    # @return [Integer]
+    def response_status
+      @response[:status]
+    end
+
+    # Headers returned by the GitHub server.
+    #
+    # @return [Hash]
+    def response_headers
+      @response[:response_headers]
+    end
+
+    # Body returned by the GitHub server.
+    #
+    # @return [String]
+    def response_body
+      @response[:body]
+    end
+
     private
 
     def data
       @data ||=
         if (body = @response[:body]) && !body.empty?
           if body.is_a?(String) &&
-            @response[:response_headers] &&
-            @response[:response_headers][:content_type] =~ /json/
+             @response[:response_headers] &&
+             @response[:response_headers][:content_type] =~ /json/
 
             Sawyer::Agent.serializer.decode(body)
           else
             body
           end
-        else
-          nil
         end
     end
 
@@ -117,9 +190,13 @@ module Octokit
     def response_error_summary
       return nil unless data.is_a?(Hash) && !Array(data[:errors]).empty?
 
-      summary = "\nError summary:\n"
-      summary << data[:errors].map do |hash|
-        hash.map { |k,v| "  #{k}: #{v}" }
+      summary = +"\nError summary:\n"
+      summary << data[:errors].map do |error|
+        if error.is_a? Hash
+          error.map { |k, v| "  #{k}: #{v}" }
+        else
+          "  #{error}"
+        end
       end.join("\n")
 
       summary
@@ -128,19 +205,21 @@ module Octokit
     def build_error_message
       return nil if @response.nil?
 
-      message =  "#{@response[:method].to_s.upcase} "
-      message << redact_url(@response[:url].to_s) + ": "
+      message = +"#{@response[:method].to_s.upcase} "
+      message << "#{redact_url(@response[:url].to_s.dup)}: "
       message << "#{@response[:status]} - "
-      message << "#{response_message}" unless response_message.nil?
-      message << "#{response_error}" unless response_error.nil?
-      message << "#{response_error_summary}" unless response_error_summary.nil?
+      message << response_message.to_s unless response_message.nil?
+      message << response_error.to_s unless response_error.nil?
+      message << response_error_summary.to_s unless response_error_summary.nil?
       message << " // See: #{documentation_url}" unless documentation_url.nil?
       message
     end
 
     def redact_url(url_string)
-      %w[client_secret access_token].each do |token|
-        url_string.gsub!(/#{token}=\S+/, "#{token}=(redacted)") if url_string.include? token
+      %w[client_secret access_token api_key].each do |token|
+        if url_string.include? token
+          url_string.gsub!(/#{token}=\S+/, "#{token}=(redacted)")
+        end
       end
       url_string
     end
@@ -158,10 +237,10 @@ module Octokit
   # Raised when GitHub returns a 401 HTTP status code
   # and headers include "X-GitHub-OTP"
   class OneTimePasswordRequired < ClientError
-    #@private
-    OTP_DELIVERY_PATTERN = /required; (\w+)/i
+    # @private
+    OTP_DELIVERY_PATTERN = /required; (\w+)/i.freeze
 
-    #@private
+    # @private
     def self.required_header(headers)
       OTP_DELIVERY_PATTERN.match headers['X-GitHub-OTP'].to_s
     end
@@ -193,6 +272,10 @@ module Octokit
   # and body matches 'login attempts exceeded'
   class TooManyLoginAttempts < Forbidden; end
 
+  # Raised when GitHub returns a 403 HTTP status code
+  # and body matches 'returns blobs up to [0-9]+ MB'
+  class TooLargeContent < Forbidden; end
+
   # Raised when GitHub returns a 403 HTTP status code
   # and body matches 'abuse'
   class AbuseDetected < Forbidden; end
@@ -205,9 +288,29 @@ module Octokit
   # and body matches 'email address must be verified'
   class UnverifiedEmail < Forbidden; end
 
+  # Raised when GitHub returns a 403 HTTP status code
+  # and body matches 'account was suspended'
+  class AccountSuspended < Forbidden; end
+
+  # Raised when GitHub returns a 403 HTTP status code
+  # and body matches 'billing issue'
+  class BillingIssue < Forbidden; end
+
+  # Raised when GitHub returns a 403 HTTP status code
+  # and body matches 'Resource protected by organization SAML enforcement'
+  class SAMLProtected < Forbidden; end
+
+  # Raised when GitHub returns a 403 HTTP status code
+  # and body matches 'suspended your access'
+  class InstallationSuspended < Forbidden; end
+
   # Raised when GitHub returns a 404 HTTP status code
   class NotFound < ClientError; end
 
+  # Raised when GitHub returns a 404 HTTP status code
+  # and body matches 'Branch not protected'
+  class BranchNotProtected < ClientError; end
+
   # Raised when GitHub returns a 405 HTTP status code
   class MethodNotAllowed < ClientError; end
 
@@ -217,12 +320,26 @@ module Octokit
   # Raised when GitHub returns a 409 HTTP status code
   class Conflict < ClientError; end
 
+  # Raised when GHES Manage return a 410 HTTP status code
+  class Deprecated < ClientError; end
+
   # Raised when GitHub returns a 414 HTTP status code
   class UnsupportedMediaType < ClientError; end
 
   # Raised when GitHub returns a 422 HTTP status code
   class UnprocessableEntity < ClientError; end
 
+  # Raised when GitHub returns a 422 HTTP status code
+  # and body matches 'PullRequestReviewComment' and 'commit_id (or end_commit_oid) is not part of the pull request'
+  class CommitIsNotPartOfPullRequest < UnprocessableEntity; end
+
+  # Raised when GitHub returns a 422 HTTP status code and body matches 'Path diff too large'.
+  # It could occur when attempting to post review comments on a "too large" file.
+  class PathDiffTooLarge < UnprocessableEntity; end
+
+  # Raised when GitHub returns a 451 HTTP status code
+  class UnavailableForLegalReasons < ClientError; end
+
   # Raised on errors in the 500-599 range
   class ServerError < Error; end
 
@@ -248,4 +365,5 @@ module Octokit
   # Raised when a repository is created with an invalid format
   class InvalidRepository < ArgumentError; end
 
+  RATE_LIMITED_ERRORS = [Octokit::TooManyRequests, Octokit::AbuseDetected].freeze
 end

data/lib/octokit/gist.rb

@@ -1,8 +1,8 @@
-module Octokit
+# frozen_string_literal: true
 
+module Octokit
   # Class to parse and create Gist URLs
   class Gist
-
     # !@attribute id
     #   @return [String] Gist ID
     attr_accessor :id
@@ -10,12 +10,12 @@ module Octokit
     # Instantiate {Gist} object from Gist URL
     # @ return [Gist]
     def self.from_url(url)
-      Gist.new(URI.parse(url).path[1..-1])
+      Gist.new(URI.parse(url).path[1..])
     end
 
     def initialize(gist)
       case gist
-      when Fixnum, String
+      when Integer, String
         @id = gist.to_s
       end
     end
@@ -31,6 +31,5 @@ module Octokit
     def url
       "https://gist.github.com/#{@id}"
     end
-
   end
 end

data/lib/octokit/manage_ghes_client/manage_ghes.rb

@@ -0,0 +1,178 @@
+# frozen_string_literal: true
+
+module Octokit
+  # Client for the Manage GitHub Enterprise Server API
+  class ManageGHESClient
+    # Methods for the Manage GitHub Enterprise Server API
+    #
+    # @see https://developer.github.com/v3/enterprise-admin/manage-ghes
+    module ManageAPI
+      # Get information about the maintenance status of the GHES instance
+      #
+      # @return [nil]
+      def maintenance_mode
+        conn = authenticated_client
+
+        @last_response = conn.get('/manage/v1/maintenance')
+      end
+
+      # Configure the maintenance mode of the GHES instance
+      #
+      # @param maintenance [Hash] A hash configuration of the maintenance mode status
+      # @return [nil]
+      def set_maintenance_mode(enabled, options = {})
+        conn = authenticated_client
+
+        options[:enabled] = enabled
+        @last_response = conn.post('/manage/v1/maintenance', options)
+      end
+      alias configure_maintenance_mode set_maintenance_mode
+    end
+
+    # Uploads a license for the first time
+    #
+    # @param license [String] The path to your .ghl license file.
+    #
+    # @return [nil]
+    def upload_license(license)
+      conn = authenticated_client
+      begin
+        conn.request :multipart
+      rescue Faraday::Error
+        raise Faraday::Error, <<~ERROR
+          The `faraday-multipart` gem is required to upload a license.
+          Please add `gem "faraday-multipart"` to your Gemfile.
+        ERROR
+      end
+      params = {}
+      params[:license] = Faraday::FilePart.new(license, 'binary')
+      params[:password] = @manage_ghes_password
+      @last_response = conn.post('/manage/v1/config/init', params, { 'Content-Type' => 'multipart/form-data' })
+    end
+
+    # Start a configuration process.
+    #
+    # @return [nil]
+    def start_configuration
+      conn = authenticated_client
+      @last_response = conn.post('/manage/v1/config/apply')
+    end
+
+    # Get information about the Enterprise installation
+    #
+    # @return [nil]
+    def config_status
+      conn = authenticated_client
+      @last_response = conn.get('/manage/v1/config/apply')
+    end
+    alias config_check config_status
+
+    # Get information about the Enterprise installation
+    #
+    # @return [nil]
+    def settings
+      conn = authenticated_client
+      @last_response = conn.get('/manage/v1/config/settings')
+    end
+    alias get_settings settings
+
+    # Modify the Enterprise settings
+    #
+    # @param settings [Hash] A hash configuration of the new settings
+    #
+    # @return [nil]
+    def edit_settings(settings)
+      conn = authenticated_client
+      @last_response = conn.put('/manage/v1/config/settings', settings.to_json.to_s)
+    end
+
+    def authorized_keys
+      conn = authenticated_client
+      @last_response = conn.get('/manage/v1/access/ssh')
+    end
+    alias get_authorized_keys authorized_keys
+
+    # Add an authorized SSH keys on the Enterprise install
+    #
+    # @param key Either the file path to a key, a File handler to the key, or the contents of the key itself
+    # @return [nil]
+    def add_authorized_key(key)
+      conn = authenticated_client
+      case key
+      when String
+        if File.exist?(key)
+          key = File.open(key, 'r')
+          content = key.read.strip
+          key.close
+        else
+          content = key
+        end
+      when File
+        content = key.read.strip
+        key.close
+      end
+
+      queries = {}
+      queries[:key] = content
+      @last_response = conn.post('/manage/v1/access/ssh', queries)
+    end
+
+    # Removes an authorized SSH keys from the Enterprise install
+    #
+    # @param key Either the file path to a key, a File handler to the key, or the contents of the key itself
+    # @return [nil]
+    def remove_authorized_key(key)
+      conn = authenticated_client
+      case key
+      when String
+        if File.exist?(key)
+          key = File.open(key, 'r')
+          content = key.read.strip
+          key.close
+        else
+          content = key
+        end
+      when File
+        content = key.read.strip
+        key.close
+      end
+
+      queries = {}
+      queries[:key] = content
+      @last_response = conn.run_request(:delete, '/manage/v1/access/ssh', queries, nil)
+    end
+    alias delete_authorized_key remove_authorized_key
+
+    private
+
+    def basic_authenticated?
+      !!(@manage_ghes_username && @manage_ghes_password)
+    end
+
+    # If no username is provided, we assume root site admin should be used
+    def root_site_admin_assumed?
+      !@manage_ghes_username
+    end
+
+    def authenticated_client
+      @authenticated_client ||= Faraday.new(url: @manage_ghes_endpoint) do |c|
+        c.headers[:user_agent] = user_agent
+        c.request  :json
+        c.response :json
+        c.adapter Faraday.default_adapter
+
+        if root_site_admin_assumed?
+          username = 'api_key'
+        elsif basic_authenticated?
+          username = @manage_ghes_username
+        end
+        c.request(*FARADAY_BASIC_AUTH_KEYS, username, @manage_ghes_password)
+
+        # Disabling SSL is essential for certain self-hosted Enterprise instances
+        c.ssl[:verify] = false if connection_options[:ssl] && !connection_options[:ssl][:verify]
+
+        c.use Octokit::Response::RaiseError
+      end
+    end
+  end
+end

data/lib/octokit/manage_ghes_client.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require 'octokit/configurable'
+require 'octokit/connection'
+require 'octokit/warnable'
+require 'octokit/manage_ghes_client/manage_ghes'
+
+module Octokit
+  # ManageGHESClient is only meant to be used by GitHub Enterprise Server (GHES) operators
+  # and provides access to the Manage GHES API endpoints.
+  #
+  # @see Octokit::Client Use Octokit::Client for regular API use for GitHub
+  #   and GitHub Enterprise.
+  # @see https://developer.github.com/v3/enterprise-admin/manage-ghes/
+  class ManageGHESClient
+    include Octokit::Configurable
+    include Octokit::Connection
+    include Octokit::Warnable
+    include Octokit::ManageGHESClient::ManageAPI
+
+    def initialize(options = {})
+      # Use options passed in, but fall back to module defaults
+      # rubocop:disable Style/HashEachMethods
+      #
+      # This may look like a `.keys.each` which should be replaced with `#each_key`, but
+      # this doesn't actually work, since `#keys` is just a method we've defined ourselves.
+      # The class doesn't fulfill the whole `Enumerable` contract.
+      Octokit::Configurable.keys.each do |key|
+        # rubocop:enable Style/HashEachMethods
+        instance_variable_set(:"@#{key}", options[key] || Octokit.instance_variable_get(:"@#{key}"))
+      end
+    end
+
+    protected
+
+    def endpoint
+      manage_ghes_endpoint
+    end
+
+    # Set Manage GHES API endpoint
+    #
+    # @param value [String] Manage GHES API endpoint
+    def manage_ghes_endpoint=(value)
+      reset_agent
+      @manage_ghes_endpoint = value
+    end
+
+    # Set Manage GHES API username
+    #
+    # @param value [String] Manage GHES API username
+    def manage_ghes_username=(value)
+      reset_agent
+      @manage_ghes_username = value
+    end
+
+    # Set Manage GHES API password
+    #
+    # @param value [String] Manage GHES API password
+    def manage_ghes_password=(value)
+      reset_agent
+      @manage_ghes_password = value
+    end
+  end
+end

data/lib/octokit/middleware/follow_redirects.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'faraday'
 require 'set'
 
@@ -7,15 +9,13 @@ require 'set'
 # https://github.com/lostisland/faraday_middleware/blob/138766e/lib/faraday_middleware/response/follow_redirects.rb
 
 module Octokit
-
   module Middleware
-
     # Public: Exception thrown when the maximum amount of requests is exceeded.
-    class RedirectLimitReached < Faraday::Error::ClientError
+    class RedirectLimitReached < Faraday::ClientError
       attr_reader :response
 
       def initialize(response)
-        super "too many redirects; last one to: #{response['location']}"
+        super("too many redirects; last one to: #{response['location']}")
         @response = response
       end
     end
@@ -30,13 +30,13 @@ module Octokit
     # doesn't support parallelism.
     class FollowRedirects < Faraday::Middleware
       # HTTP methods for which 30x redirects can be followed
-      ALLOWED_METHODS = Set.new [:head, :options, :get, :post, :put, :patch, :delete]
+      ALLOWED_METHODS = Set.new %i[head options get post put patch delete]
 
       # HTTP redirect status codes that this middleware implements
       REDIRECT_CODES  = Set.new [301, 302, 303, 307]
 
       # Keys in env hash which will get cleared between requests
-      ENV_TO_CLEAR    = Set.new [:status, :response, :response_headers]
+      ENV_TO_CLEAR    = Set.new %i[status response response_headers]
 
       # Default value for max redirects followed
       FOLLOW_LIMIT = 3
@@ -44,12 +44,12 @@ module Octokit
       # Regex that matches characters that need to be escaped in URLs, sans
       # the "%" character which we assume already represents an escaped
       # sequence.
-      URI_UNSAFE = /[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,\[\]%]/
+      URI_UNSAFE = %r{[^\-_.!~*'()a-zA-Z\d;/?:@&=+$,\[\]%]}.freeze
 
       # Public: Initialize the middleware.
       #
       # options - An options Hash (default: {}):
-      #           :limit               - A Fixnum redirect limit (default: 3).
+      #           :limit               - A Integer redirect limit (default: 3).
       def initialize(app, options = {})
         super(app)
         @options = options
@@ -64,7 +64,7 @@ module Octokit
       private
 
       def convert_to_get?(response)
-        ![:head, :options].include?(response.env[:method]) &&
+        !%i[head options].include?(response.env[:method]) &&
           @convert_to_get.include?(response.status)
       end
 
@@ -75,6 +75,7 @@ module Octokit
         response.on_complete do |response_env|
           if follow_redirect?(response_env, response)
             raise(RedirectLimitReached, response) if follows.zero?
+
             new_request_env = update_env(response_env, request_body, response)
             response = perform_with_redirection(new_request_env, follows - 1)
           end
@@ -84,9 +85,12 @@ module Octokit
 
       def update_env(env, request_body, response)
         original_url = env[:url]
-        env[:url] += safe_escape(response["location"])
+        env[:url] += safe_escape(response['location'])
         unless same_host?(original_url, env[:url])
-          env[:request_headers].delete("Authorization")
+          # HACK: Faraday’s Authorization middlewares don’t touch the request if the `Authorization` header is set.
+          #       This is a workaround to drop authentication info.
+          #       See https://github.com/octokit/octokit.rb/pull/1359#issuecomment-925609697
+          env[:request_headers]['Authorization'] = 'dummy'
         end
 
         if convert_to_get?(response)
@@ -122,9 +126,9 @@ module Octokit
       # URI:HTTP using the `+` operator. Doesn't escape "%" characters so to not
       # risk double-escaping.
       def safe_escape(uri)
-        uri.to_s.gsub(URI_UNSAFE) { |match|
-          "%" + match.unpack("H2" * match.bytesize).join("%").upcase
-        }
+        uri.to_s.gsub(URI_UNSAFE) do |match|
+          "%#{match.unpack('H2' * match.bytesize).join('%').upcase}"
+        end
       end
     end
   end

data/lib/octokit/organization.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Octokit
   # GitHub organization class to generate API path urls
   class Organization
@@ -5,7 +7,7 @@ module Octokit
     #
     # @param org [String, Integer] GitHub organization login or id
     # @return [String] Organization Api path
-    def self.path org
+    def self.path(org)
       case org
       when String
         "orgs/#{org}"