** Description changed: - Please update the `gist` package to the latest version in the - repositories for 18.04 and 20.04. The current versions in those releases - have a `gist-paste` command that can no longer authenticate to GitHub, - making the package useless. + [Impact] - I believe Ubuntu 21.04 uses a working version. + * Gist upload (arguable as the core function of the package) is not + functioning. Package versions prior to 5.1.0 provide user's access token + as a query (URL) parameter, however GitHub changes now require it to be + provided as a HTTP(S) header: + https://developer.github.com/changes/2019-11-05-deprecated-passwords- + and-authorizations-api/#authenticating-using-query-parameters - $ gist-paste -f Test.java -t java -p -d 'Fast method tester' -R Test.java - Error: Got Net::HTTPBadRequest from gist: {"message":"Must specify access token via Authorization header. ht - tps://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param","documentation_url":"htt - ps://docs.github.com/v3/#oauth2-token-sent-in-a-header"} + * --login is not functioning. Package versions prior to 6.0.0 use an + authentication endpoint that has been shut down since November 2020: + https://developer.github.com/changes/2020-02-14-deprecating-oauth-auth- + endpoint/ - $ lsb_release -a - No LSB modules are available. - Distributor ID: Ubuntu - Description: Ubuntu 20.04.2 LTS - Release: 20.04 - Codename: focal + [Test Plan] - $ apt-cache policy gist - gist: - Installed: 5.0.0-4 - Candidate: 5.0.0-4 - Version table: - *** 5.0.0-4 500 - 500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages - 500 http://archive.ubuntu.com/ubuntu focal/universe i386 Packages - 100 /var/lib/dpkg/status + * rm ~/.gist # stored credentials + * gist-paste --login - ProblemType: Bug - DistroRelease: Ubuntu 20.04 - Package: gist 5.0.0-4 - ProcVersionSignature: Ubuntu 5.4.0-77.86-generic 5.4.119 - Uname: Linux 5.4.0-77-generic x86_64 - ApportVersion: 2.20.11-0ubuntu27.18 - Architecture: amd64 - CasperMD5CheckResult: skip - Date: Tue Aug 24 04:42:58 2021 - InstallationDate: Installed on 2021-05-19 (96 days ago) - InstallationMedia: Ubuntu-Server 20.04 LTS "Focal Fossa" - Beta amd64 (20200401) - PackageArchitecture: all - ProcEnviron: - TERM=tmux-256color - PATH=(custom, no user) - XDG_RUNTIME_DIR=<set> - LANG=en_US.UTF-8 - SHELL=/bin/bash - SourcePackage: gist - UpgradeStatus: No upgrade log present (probably fresh install) + Currently (5.0.0-4 focal) fails; output: + Obtaining OAuth2 access_token from github. + GitHub username: username + GitHub password: + RuntimeError: Got Net::HTTPNotFound from gist: {"message":"Not Found","documentation_url":"https://docs.github.com/rest"} + + Expected web-based OAuth; output: + Requesting login parameters... + Please sign in at https://github.com/login/device + and enter code: DEAD-BEEF + Success! https://github.com/settings/connections/applications/402bac389df41f24c62f + + * echo 'class Test {}' > Test.java + * gist-paste -f Test.java -t java -p -d 'Fast method tester' -R Test.java + + Currently (5.0.0-4 focal) fails; output: + Error: Got Net::HTTPBadRequest from gist: {"message":"Must specify access token via Authorization header. https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param","documentation_url":"https://docs.github.com/v3/#oauth2-token-sent-in-a-header"} + + Expected randomly-generated Gist link; output: + https://gist.github.com/username/eed178872769488d84378b13de8bb698/raw + + [Where problems could occur] + + * The SRU requires a rewrite of authentication workflow, with a new + OAuth (web-based) approach. + + The `--login` invocation previously accepted two inputs over stdin, + however it now waits for user to do carry out manual steps based on + instructions displayed (opening a page in web browser, and entering a + code, as visible in Test Plan above). Although automated scripts should + not be invoking `--login`, as the relevant token is stored persistently + in user's home, if in any case they do so then it could halt further + processing of the script. + + [Other Info] + + * These changes have been tested as part of package release on prior Ubuntu versions, as well as landing in Debian stable: + - Gist 5.1.0-1 was published in Groovy (20.10) with relevant HTTP(S) header change. + - Gist 6.0.0-1 was published in Hirsute (21.04) with relevant changes for OAuth workflow (--login).
** Summary changed: - gist-paste command is too old and can no longer authenticate + [SRU] Authentication/Authorization broken due to GitHub platform changes ** Patch added: "gist_5.0.0-4ubuntu1.debdiff" https://bugs.launchpad.net/ubuntu/+source/gist/+bug/1940907/+attachment/5525898/+files/gist_5.0.0-4ubuntu1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940907 Title: [SRU] Authentication/Authorization broken due to GitHub platform changes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gist/+bug/1940907/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
