search

hedyhli / starcli

:sparkles: Browse trending GitHub projects from your command line
https://pypi.org/project/starcli/
MIT License
550 stars 50 forks source link

Add --auth to allow GH personal tokens. #75

Closed jSadoski closed 4 years ago

jSadoski commented 4 years ago

Context

Resolves #68

Description

Allows personal token using starcli --auth *username:password*. Validates option & provides a message if submitted in the wrong format. The status_action for http_code_handling['401'] was changed to a new status_action: unauthorized. DEBUG output was also added for the option šŸ‘

P.S. I ran the tests with this and I was able to complete them all! It seems the auth + the new retry technique is working.

hedyhli commented 4 years ago

The code good, there are some lines which has a very wide width, could you please run black . or is it pipenv run black .? Iā€™m not familiar with pipenv

jSadoski commented 4 years ago

I switched back to virtualenv so my env is more in line with the other development here.

hedyhli commented 4 years ago

Also, did you have a go with storing the credentials in a file? Maybe authenticating using token will be safer because this is using username and password.

jSadoski commented 4 years ago

I did not go with storing the credentials in a file, yet. That's a feature I'd like to do soon, but I submitted this because it allows the full testing suite to run so we can get cli() tests up ASAP.

I agree tokens are better. Right now, GitHub allows authentication using 'username:token' OR 'username:password' in the request header. GitHub is deprecating 'username:password' on November 13 of this year. This code was intended to be used with a personal access token, but since GitHub allows the password in the header, the request is being authenticated when the password is used, too. I think we could sort of check to make sure the token is being used by checking the length of the the string passed, unless of course their password were the same length as a token.

Otherwise, instead of basic authentication, we could go straight to implementing OAuth2 Device Flow instead. This would save users the step of generating a personal token and would be more secure.

hedyhli commented 4 years ago

@allcontributors please add @jSadoski for code

allcontributors[bot] commented 4 years ago

@hedythedev

I've put up a pull request to add @jSadoski! :tada: