search

pwntester / octo.nvim

Edit and review GitHub issues and pull requests from the comfort of your favorite editor
MIT License
2.24k stars 124 forks source link

gh token scopes errors on `:Octo pr list` and opening a PR #473

Closed mmirus closed 5 months ago

mmirus commented 5 months ago

Issue Description

Type: bug report

Describe what happened (or what feature you want)

Upon running :Octo pr list, I now receive the below error messages.

After dismissing them, the PR list does actually load.

When I select a PR from the list and open it, I receive the same errors, and the PR details fail to load.

gh: Your token has not been granted the required scopes to execute this query. The 'id' field requires one of the following scopes: ['read:project'], but your token has only been granted the: ['gist', 'read:org', 'repo'] scopes. Please modify your token's scopes at: https://github.com/settings/tokens.                                                                                                                                                            
Your token has not been granted the required scopes to execute this query. The 'id' field requires one of the following scopes: ['read:project'], but your token has only been granted the: ['gist', 'read:org', 'repo'] scopes. Please modify your token's scopes at: https://github.com/settings/tokens.                                                                                                                                                                
Your token has not been granted the required scopes to execute this query. The 'title' field requires one of the following scopes: ['read:project'], but your token has only been granted the: ['gist', 'read:org', 'repo'] scopes. Please modify your token's scopes at: https://github.com/settings/tokens.                                                                                                                                                             
Your token has not been granted the required scopes to execute this query. The 'name' field requires one of the following scopes: ['read:project'], but your token has only been granted the: ['gist', 'read:org', 'repo'] scopes. Please modify your token's scopes at: https://github.com/settings/tokens.                                                                                                                                                              
Your token has not been granted the required scopes to execute this query. The 'optionId' field requires one of the following scopes: ['read:project'], but your token has only been granted the: ['gist', 'read:org', 'repo'] scopes. Please modify your token's scopes at: https://github.com/settings/tokens.                                                                                                                                                          
Your token has not been granted the required scopes to execute this query. The 'name' field requires one of the following scopes: ['read:project'], but your token has only been granted the: ['gist', 'read:org', 'repo'] scopes. Please modify your token's scopes at: https://github.com/settings/tokens.

image

Describe what you expected to happen

How to reproduce it (as minimally and precisely as possible)

  1. Run :Octo pr list
  2. Error!
  3. Open a PR from the list
  4. Error!

Tell us your environment

Neovim 0.9.5 gh 2.42.0 Arch btw

Anything else we need to know?

I think this problem was introduced between b5371003f209764c9d1cc43cf20b6dc52961f0e8 and 051b633edaf7ce7bf885fe809782c433386b5e6f.

I'm assuming these errors would go away if I had the expected token scopes. But should project scopes be required for listing and viewing PRs? Also, I don't think I'm using a token with Octo/gh.

Thanks for the plugin and for taking a look at this issue!

mmirus commented 5 months ago

Confirmed that reverting from 051b633edaf7ce7bf885fe809782c433386b5e6f to b5371003f209764c9d1cc43cf20b6dc52961f0e8 fixes the problem.

milogert commented 5 months ago

fwiw, if you run gh auth login --scopes read:project it will add the proper scopes. This should probably be added to the documentation if that's an acceptable workaround.

@pwntester thoughts on this?

milogert commented 5 months ago

I'm assuming these errors would go away if I had the expected token scopes. But should project scopes be required for listing and viewing PRs? Also, I don't think I'm using a token with Octo/gh.

I didn't read this far into your issue. You bring up an interesting point. Perhaps a revert might be in order and projects v2 (which is what needs that scope) could be opt in. I'm good with whatever path we want

pwntester commented 5 months ago

I dont want to force everyone to add the project:read scope, especially if they are not going to use projects v2 so we either check the token scopes (maybe with a probe request) and disable projects v2 support if scope is missing, or make the v2 support opt-in and state that it requires the additional scope. I probably prefer the later. Thoughts?

(In the meantime, I will revert the PR)

milogert commented 5 months ago

I like the probe request idea. That'd probably be the most seamless

Sorry for the trouble! I can start working on a Take 2 this weekend. Hopefully it'd look very similar

mmirus commented 5 months ago

Thanks, both!

For what it's worth, I think from a user standpoint, the best experience would be to wait until I attempt to use a feature that requires that scope before making any calls that require me to have it, and then inform me in a friendly way if I'm missing the required access. This could be with a notification saying something like "You must add the 'read:project' scope to use this feature. See <url>.".

This approach keeps plugin functionality discoverable for users, so they can more easily find features they may wish to use, but it provides a good experience for users who need to take an extra step to unlock that functionality.

pwntester commented 5 months ago

All the PR info is retrieved from the GraphQL endpoint when opening the PR (including the project info). Thats why Octo is failing when previewing or editing a PR since the GraphQL query requires the project:read scope to get the new v2 attributes. Unfortunately, that info is required to print the PR header with info such as what project the PR is assigned to so we cannot postpone those calls for when the user invokes project related actions.

mmirus commented 5 months ago

Makes sense!

joshmedeski commented 5 months ago

Running the following command and authenticating again worked for me, thanks @milogert 👏

gh auth login --scopes read:project
mmirus commented 5 months ago

I think with the revert and then take 2, we can probably close this. I now get a notification about the missing scope, and everything works correctly as far as I've seen. Thank you for the quick help!