diff --git a/src/auth-flows.spec.ts b/src/auth-flows.spec.ts index af2c59d..566a06c 100644 --- a/src/auth-flows.spec.ts +++ b/src/auth-flows.spec.ts @@ -35,6 +35,9 @@ vi.mock('@octokit/rest', () => ({ id: 'id1', login: 'user1', }, + headers: { + 'x-oauth-scopes': 'admin:org, read:user, read:project', + }, })), }, }, @@ -116,18 +119,20 @@ test('deviceFlow user canceled', async () => { test('PATFlow', async () => { const sessionIdBeforeCall = sessionId; vi.mocked(extensionApi.window.showInputBox).mockResolvedValue('PATtoken1234'); + const consoleWarn = vi.spyOn(console, 'warn'); const inputBoxOptions = { title: 'Authenticate to GitHub with Personal Access Token', - prompt: 'Enter you GitHub Personal Access Token in the input box below. Make sure that this PAT has all the necessary permissions: scope1, scope_2', + prompt: 'Enter you GitHub Personal Access Token in the input box. Make sure that this PAT has all the necessary permissions: read:user, write:org, some scope', placeHolder: 'Enter PAT', password: true, }; - const newPATSession = await PATFlow(['scope1', 'scope_2']); + const newPATSession = await PATFlow(['read:user', 'write:org', 'some scope']); expect(extensionApi.window.showInputBox).toBeCalledWith(inputBoxOptions); expect(Octokit).toHaveBeenCalledWith({auth: 'PATtoken1234'}); + expect(consoleWarn).toHaveBeenCalledWith('Some required permission scopes are missing from the PAT scopes: some scope. Please check and update the token as necessary.'); expect(newPATSession).toEqual({ id: `github-PAT-${sessionIdBeforeCall}`, @@ -136,7 +141,7 @@ test('PATFlow', async () => { id: 'id1', label: 'user1', }, - scopes: ['scope1', 'scope_2'], + scopes: ['admin:org', 'write:org', 'read:org', 'read:user', 'read:project'], }); }); @@ -145,7 +150,7 @@ test('PATFlow error', async () => { const inputBoxOptions = { title: 'Authenticate to GitHub with Personal Access Token', - prompt: 'Enter you GitHub Personal Access Token in the input box below. Make sure that this PAT has all the necessary permissions: scope1, scope_2', + prompt: 'Enter you GitHub Personal Access Token in the input box. Make sure that this PAT has all the necessary permissions: scope1, scope_2', placeHolder: 'Enter PAT', password: true, }; diff --git a/src/auth-flows.ts b/src/auth-flows.ts index 5d53c93..081f386 100644 --- a/src/auth-flows.ts +++ b/src/auth-flows.ts @@ -21,6 +21,7 @@ import * as extensionApi from '@podman-desktop/api'; import { waitForDeviceCodeAccessToken } from './auth-flows-helpers'; import { config } from './config'; +import { GITHUB_SCOPES } from './github-scopes'; export let sessionId = 1; @@ -83,7 +84,7 @@ export async function deviceFlow(scopes: string[]): Promise { const inputBoxOptions: extensionApi.InputBoxOptions = { title: 'Authenticate to GitHub with Personal Access Token', - prompt: `Enter you GitHub Personal Access Token in the input box below. Make sure that this PAT has all the necessary permissions: ${scopes.join(', ')}`, + prompt: `Enter you GitHub Personal Access Token in the input box. Make sure that this PAT has all the necessary permissions: ${scopes.join(', ')}`, placeHolder: 'Enter PAT', password: true, }; @@ -99,6 +100,13 @@ export async function PATFlow(scopes: string[]): Promise GITHUB_SCOPES[scope] ? [scope, ...GITHUB_SCOPES[scope]] : [scope]); + + const missingScopes = scopes.filter(scope => !authorizedScopes?.includes(scope)); + if (missingScopes.length > 0) { + console.warn(`Some required permission scopes are missing from the PAT scopes: ${missingScopes.join(', ')}. Please check and update the token as necessary.`); + } + return { id: `github-PAT-${sessionId++}`, accessToken: PATToken, @@ -106,6 +114,6 @@ export async function PATFlow(scopes: string[]): Promise