development/vscode
development/vscode
1
0
Fork 0
mirror of https://github.com/Microsoft/vscode synced 2024-08-27 04:49:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix scope checking mismatch (#109665)

Browse source
This commit is contained in:
Alex Ross 2020-10-30 01:05:21 +01:00 committed by GitHub
parent 47bbc2f8e7
commit 04863391e9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
extensions/github-authentication/src/githubServer.ts
View file

@ -56,9 +56,18 @@ export class GitHubServer {
const token = await vscode.window.showInputBox({ prompt: 'GitHub Personal Access Token', ignoreFocusOut: true });
if (!token) { throw new Error('Sign in failed: No token provided'); }
const tokenScopes = await this.getScopes(token);
const scopesList = scopes.split(' ');
if (!scopesList.every(scope => tokenScopes.includes(scope))) {
const tokenScopes = await this.getScopes(token); // Example: ['repo', 'user']
const scopesList = scopes.split(' '); // Example: 'read:user repo user:email'
if (!scopesList.every(scope => {
const included = tokenScopes.includes(scope);
if (included || !scope.includes(':')) {
return included;
}
return scope.split(':').some(splitScopes => {
return tokenScopes.includes(splitScopes);
});
})) {
throw new Error(`The provided token is does not match the requested scopes: ${scopes}`);
}