projects / GitHub / WoltLab / WCF.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aa2fba4)
Update GitHub authorization to use headers instead of query parameters
authorNiklas (Krymonota) <Krymonota@users.noreply.github.com>
Thu, 6 Feb 2020 16:36:13 +0000 (17:36 +0100)
committerNiklas (Krymonota) <Krymonota@users.noreply.github.com>
Thu, 6 Feb 2020 16:36:13 +0000 (17:36 +0100)
Using query parameters for access_token has been deprecated.

For further information, check out:
- https://community.woltlab.com/thread/281366-github-api-deprecation-notice-for-authentication-via-url-query-parameters/
- https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters

wcfsetup/install/files/lib/action/GithubAuthAction.class.php patch | blob | blame | history

diff --git a/wcfsetup/install/files/lib/action/GithubAuthAction.class.php b/wcfsetup/install/files/lib/action/GithubAuthAction.class.php
index e1a59d31a59e20abc1d4951cbffac3c0afe17279..123e427bb7378955442bf5a44b393524c007511c 100644 (file)
--- a/wcfsetup/install/files/lib/action/GithubAuthAction.class.php
+++ b/wcfsetup/install/files/lib/action/GithubAuthAction.class.php
@@ -63,7 +63,8 @@ class GithubAuthAction extends AbstractAction {
                        
                        try {
                                // fetch userdata
-                               $request = new HTTPRequest('https://api.github.com/user?access_token='.$data['access_token']);
+                               $request = new HTTPRequest('https://api.github.com/user');
+                               $request->addHeader('Authorization', 'token '.$data['access_token']);
                                $request->execute();
                                $reply = $request->getReply();
                                $userData = JSON::decode(StringUtil::trim($reply['body']));
@@ -119,7 +120,8 @@ class GithubAuthAction extends AbstractAction {
                                        WCF::getSession()->register('__username', $userData['login']);
                                        
                                        try {
-                                               $request = new HTTPRequest('https://api.github.com/user/emails?access_token='.$data['access_token']);
+                                               $request = new HTTPRequest('https://api.github.com/user/emails');
+                                               $request->addHeader('Authorization', 'token '.$data['access_token']);
                                                $request->execute();
                                                $reply = $request->getReply();
                                                $emails = JSON::decode(StringUtil::trim($reply['body']));
WoltLab Suite Core (previously WoltLab Community Framework)