Merge branch 'master' of https://github.com/defunkt/gist into read-gist

Author: rajasegar

README.md

@@ -84,9 +84,26 @@ To read a gist and print it to STDOUT
 
 ## Login
 
-If you want to associate your gists with your GitHub account, you need to login
-with gist. It doesn't store your username and password, it just uses them to get
-an OAuth2 token (with the "gist" permission).
+Before you use `gist` for the first time you will need to log in. There are two supported login flows:
+
+1. The Github device-code Oauth flow. This is the default for authenticating to github.com, and can be enabled for Github Enterprise by creating an Oauth app, and exporting the environment variable `GIST_CLIENT_ID` with the client id of the Oauth app.
+2. The (deprecated) username and password token exchange flow. This is the default for GitHub Enterprise, and can be used to log into github.com by exporting the environment variable `GIST_USE_USERNAME_AND_PASSWORD`.
+
+### The device-code flow
+
+This flow allows you to obtain a token by logging into GitHub in the browser and typing a verification code. This is the preferred mechanism.
+
+    gist --login
+    Requesting login parameters...
+    Please sign in at https://github.com/login/device
+      and enter code: XXXX-XXXX
+    Success! https://github.com/settings/connections/applications/4f7ec0d4eab38e74384e
+
+The returned access_token is stored in `~/.gist` and used for all future gisting.  If you need to you can revoke access from  https://github.com/settings/connections/applications/4f7ec0d4eab38e74384e.
+
+### The username-password flow
+
+This flow asks for your GitHub username and password (and 2FA code), and exchanges them for a token with the "gist" permission (your username and password are not stored). This mechanism is deprecated by GitHub, but may still work with GitHub Enterprise.
 
     gist --login
     Obtaining OAuth2 access_token from GitHub.
@@ -102,8 +119,9 @@ file.
 #### Password-less login
 
 If you have a complicated authorization requirement you can manually create a
-token file by pasting a GitHub token with only the `gist` permission into a
-file called `~/.gist`. You can create one from https://github.com/settings/tokens
+token file by pasting a GitHub token with `gist` scope (and maybe the `user:email`
+for GitHub Enterprise) into a file called `~/.gist`. You can create one from
+https://github.com/settings/tokens
 
 This file should contain only the token (~40 hex characters), and to make it
 easier to edit, can optionally have a final newline (`\n` or `\r\n`).
@@ -156,7 +174,7 @@ If you need more advanced features you can also pass:
 * `:copy` to copy the resulting URL to the clipboard (default is false).
 * `:open` to open the resulting URL in a browser (default is false).
 
-NOTE: The access_token must have the "gist" scope.
+NOTE: The access_token must have the `gist` scope and may also require the `user:email` scope.
 
 ‌If you want to upload multiple files in the same gist, you can:
 

build/gist

@@ -1318,7 +1318,7 @@ end
 module Gist
   extend self
 
-  VERSION = '5.0.0'
+  VERSION = '6.0.0'
 
   # A list of clipboard commands with copy and paste support.
   CLIPBOARD_COMMANDS = {
@@ -1329,12 +1329,16 @@ module Gist
   }
 
   GITHUB_API_URL   = URI("https://api.github.com/")
+  GITHUB_URL       = URI("https://github.com/")
   GIT_IO_URL       = URI("https://git.io")
 
   GITHUB_BASE_PATH = ""
   GHE_BASE_PATH    = "/api/v3"
 
+  GITHUB_CLIENT_ID = '4f7ec0d4eab38e74384e'
+
   URL_ENV_NAME     = "GITHUB_URL"
+  CLIENT_ID_ENV_NAME = "GIST_CLIENT_ID"
 
   USER_AGENT       = "gist/#{VERSION} (Net::HTTP, #{RUBY_DESCRIPTION})"
 
@@ -1350,7 +1354,7 @@ module Gist
   module AuthTokenFile
     def self.filename
       if ENV.key?(URL_ENV_NAME)
-        File.expand_path "~/.gist.#{ENV[URL_ENV_NAME].gsub(/:/, '.').gsub(/[^a-z0-9.]/, '')}"
+        File.expand_path "~/.gist.#{ENV[URL_ENV_NAME].gsub(/:/, '.').gsub(/[^a-z0-9.-]/, '')}"
       else
         File.expand_path "~/.gist"
       end
@@ -1416,7 +1420,7 @@ module Gist
   def multi_gist(files, options={})
     if options[:anonymous]
       raise 'Anonymous gists are no longer supported. Please log in with `gist --login`. ' \
-        '(Github now requires credentials to gist https://bit.ly/2GBBxKw)'
+        '(GitHub now requires credentials to gist https://bit.ly/2GBBxKw)'
     else
       access_token = (options[:access_token] || auth_token())
     end
@@ -1442,9 +1446,9 @@ module Gist
 
     url = "#{base_path}/gists"
     url << "/" << CGI.escape(existing_gist) if existing_gist.to_s != ''
-    url << "?access_token=" << CGI.escape(access_token) if access_token.to_s != ''
 
     request = Net::HTTP::Post.new(url)
+    request['Authorization'] = "token #{access_token}" if access_token.to_s != ''
     request.body = JSON.dump(json)
     request.content_type = 'application/json'
 
@@ -1480,9 +1484,10 @@ module Gist
     if user == ""
       access_token = auth_token()
       if access_token.to_s != ''
-        url << "/gists?access_token=" << CGI.escape(access_token)
+        url << "/gists"
 
         request = Net::HTTP::Get.new(url)
+        request['Authorization'] = "token #{access_token}"
         response = http(api_url, request)
 
         pretty_gist(response)
@@ -1505,30 +1510,21 @@ module Gist
     url = "#{base_path}"
 
     if user == ""
-      access_token = auth_token()
-      if access_token.to_s != ''
-        url << "/gists?per_page=100&access_token=" << CGI.escape(access_token)
-        get_gist_pages(url)
-      else
-        raise Error, "Not authenticated. Use 'gist --login' to login or 'gist -l username' to view public gists."
-      end
-
+      url << "/gists?per_page=100"
     else
       url << "/users/#{user}/gists?per_page=100"
-      get_gist_pages(url)
     end
 
+    get_gist_pages(url, auth_token())
   end
 
   def read_gist(id, file_name=nil)
     url = "#{base_path}/gists/#{id}"
 
     access_token = auth_token()
-    if access_token.to_s != ''
-      url << "?access_token=" << CGI.escape(access_token)
-    end
 
     request = Net::HTTP::Get.new(url)
+    request['Authorization'] = "token #{access_token}" if access_token.to_s != ''
     response = http(api_url, request)
 
     if response.code == '200'
@@ -1554,9 +1550,8 @@ module Gist
 
     access_token = auth_token()
     if access_token.to_s != ''
-      url << "?access_token=" << CGI.escape(access_token)
-
       request = Net::HTTP::Delete.new(url)
+      request["Authorization"] = "token #{access_token}"
       response = http(api_url, request)
     else
       raise Error, "Not authenticated. Use 'gist --login' to login."
@@ -1569,17 +1564,18 @@ module Gist
     end
   end
 
-  def get_gist_pages(url)
+  def get_gist_pages(url, access_token = "")
 
     request = Net::HTTP::Get.new(url)
+    request['Authorization'] = "token #{access_token}" if access_token.to_s != ''
     response = http(api_url, request)
     pretty_gist(response)
 
     link_header = response.header['link']
 
     if link_header
       links = Hash[ link_header.gsub(/(<|>|")/, "").split(',').map { |link| link.split('; rel=') } ].invert
-      get_gist_pages(links['next']) if links['next']
+      get_gist_pages(links['next'], access_token) if links['next']
     end
 
   end
@@ -1643,16 +1639,72 @@ module Gist
 
   # Log the user into gist.
   #
+  def login!(credentials={})
+    if (login_url == GITHUB_URL || ENV.key?(CLIENT_ID_ENV_NAME)) && credentials.empty? && !ENV.key?('GIST_USE_USERNAME_AND_PASSWORD')
+      device_flow_login!
+    else
+      access_token_login!(credentials)
+    end
+  end
+
+  def device_flow_login!
+    puts "Requesting login parameters..."
+    request = Net::HTTP::Post.new("/login/device/code")
+    request.body = JSON.dump({
+      :scope => 'gist',
+      :client_id => client_id,
+    })
+    request.content_type = 'application/json'
+    request['accept'] = "application/json"
+    response = http(login_url, request)
+
+    if response.code != '200'
+      raise Error, "HTTP #{response.code}: #{response.body}"
+    end
+
+    body = JSON.parse(response.body)
+
+    puts "Please sign in at #{body['verification_uri']}"
+    puts "  and enter code: #{body['user_code']}"
+    device_code = body['device_code']
+    interval = body['interval']
+
+    loop do
+      sleep(interval.to_i)
+      request = Net::HTTP::Post.new("/login/oauth/access_token")
+      request.body = JSON.dump({
+        :client_id => client_id,
+        :grant_type => 'urn:ietf:params:oauth:grant-type:device_code',
+        :device_code => device_code
+      })
+      request.content_type = 'application/json'
+      request['Accept'] = 'application/json'
+      response = http(login_url, request)
+      if response.code != '200'
+        raise Error, "HTTP #{response.code}: #{response.body}"
+      end
+      body = JSON.parse(response.body)
+      break unless body['error'] == 'authorization_pending'
+    end
+
+    if body['error']
+      raise Error, body['error_description']
+    end
+
+    AuthTokenFile.write JSON.parse(response.body)['access_token']
+
+    puts "Success! #{ENV[URL_ENV_NAME] || "https://github.com/"}settings/connections/applications/#{client_id}"
+  end
+
+  # Logs the user into gist.
+  #
   # This method asks the user for a username and password, and tries to obtain
   # and OAuth2 access token, which is then stored in ~/.gist
   #
   # @raise [Gist::Error]  if something went wrong
-  # @param [Hash] credentials  login details
-  # @option credentials [String] :username
-  # @option credentials [String] :password
   # @see http://developer.github.com/v3/oauth/
-  def login!(credentials={})
-    puts "Obtaining OAuth2 access_token from github."
+  def access_token_login!(credentials={})
+    puts "Obtaining OAuth2 access_token from GitHub."
     loop do
       print "GitHub username: "
       username = credentials[:username] || $stdin.gets.strip
@@ -1708,7 +1760,11 @@ module Gist
     env = ENV['http_proxy'] || ENV['HTTP_PROXY']
     connection = if env
                    proxy = URI(env)
-                   Net::HTTP::Proxy(proxy.host, proxy.port).new(uri.host, uri.port)
+                   if proxy.user
+                     Net::HTTP::Proxy(proxy.host, proxy.port, proxy.user, proxy.password).new(uri.host, uri.port)
+                   else
+                     Net::HTTP::Proxy(proxy.host, proxy.port).new(uri.host, uri.port)
+                   end
                  else
                    Net::HTTP.new(uri.host, uri.port)
                  end
@@ -1862,11 +1918,19 @@ Could not find copy command, tried:
     ENV.key?(URL_ENV_NAME) ? GHE_BASE_PATH : GITHUB_BASE_PATH
   end
 
+  def login_url
+    ENV.key?(URL_ENV_NAME) ? URI(ENV[URL_ENV_NAME]) : GITHUB_URL
+  end
+
   # Get the API URL
   def api_url
     ENV.key?(URL_ENV_NAME) ? URI(ENV[URL_ENV_NAME]) : GITHUB_API_URL
   end
 
+  def client_id
+    ENV.key?(CLIENT_ID_ENV_NAME) ? URI(ENV[CLIENT_ID_ENV_NAME]) : GITHUB_CLIENT_ID
+  end
+
   def legacy_private_gister?
     return unless which('git')
     `git config --global gist.private` =~ /\Ayes|1|true|on\z/i
@@ -1906,7 +1970,7 @@ filenames can be overridden by repeating the "-f" flag. The most useful reason
 to do this is to change the syntax highlighting.
 
 All gists must to be associated with a GitHub account, so you will need to login with
-`gist --login` to obtain an Oauth2 access token. This is stored and used by gist in the future.
+`gist --login` to obtain an OAuth2 access token. This is stored and used by gist in the future.
 
 Private gists do not have guessable URLs and can be created with "-p", you can
 also set the description at the top of the gist by passing "-d".
@@ -2023,7 +2087,7 @@ end.parse!
 begin
   if Gist.auth_token.nil?
     puts 'Please log in with `gist --login`. ' \
-      '(Github now requires credentials to gist https://bit.ly/2GBBxKw)'
+      '(GitHub now requires credentials to gist https://bit.ly/2GBBxKw)'
     exit(1)
   end