From 8ccf997e85f652ba8c4d382a857af1a053489a0d Mon Sep 17 00:00:00 2001
From: Stanley Goldman <Stanley.Goldman@gmail.com>
Date: Tue, 27 Mar 2018 10:02:19 -0400
Subject: [PATCH 1/2] Fixing logic error in NeedsLoad

Credential might be null and we should be loading if there is no token
---
 src/GitHub.Api/Authentication/Keychain.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/GitHub.Api/Authentication/Keychain.cs b/src/GitHub.Api/Authentication/Keychain.cs
index 5e93f488c..69605e747 100644
--- a/src/GitHub.Api/Authentication/Keychain.cs
+++ b/src/GitHub.Api/Authentication/Keychain.cs
@@ -323,6 +323,6 @@ private void UpdateConnections(Connection[] conns)
         public Connection[] Connections => connections.Values.ToArray();
         public IList<UriString> Hosts => connections.Keys.ToArray();
         public bool HasKeys => connections.Any();
-        public bool NeedsLoad => HasKeys && !string.IsNullOrEmpty(FindOrCreateAdapter(connections.First().Value.Host).Credential.Token);
+        public bool NeedsLoad => HasKeys && string.IsNullOrEmpty(FindOrCreateAdapter(connections.First().Value.Host).Credential?.Token);
     }
 }
\ No newline at end of file

From 6ac6be4b2415eb132f4685ee9e4949fc7e486b84 Mon Sep 17 00:00:00 2001
From: Stanley Goldman <Stanley.Goldman@gmail.com>
Date: Tue, 27 Mar 2018 10:03:38 -0400
Subject: [PATCH 2/2] Throwing exception from LoadKeychainInternal

- LoadKeychainInternal is only called from ValidateKeychain
- ValidateKeychain should throw a TokenUsernameMismatchException if it
can see the user does not match
---
 src/GitHub.Api/Application/ApiClient.cs | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/GitHub.Api/Application/ApiClient.cs b/src/GitHub.Api/Application/ApiClient.cs
index 10a01e0f3..21b047ea1 100644
--- a/src/GitHub.Api/Application/ApiClient.cs
+++ b/src/GitHub.Api/Application/ApiClient.cs
@@ -379,12 +379,19 @@ private async Task<bool> LoadKeychainInternal()
                 logger.Trace("LoadKeychainInternal: Loading");
 
                 //TODO: ONE_USER_LOGIN This assumes only ever one user can login
-                var uriString = keychain.Connections.First().Host;
+                var connection = keychain.Connections.First();
+                var uriString = connection.Host;
 
                 var keychainAdapter = await keychain.Load(uriString);
                 logger.Trace("LoadKeychainInternal: Loaded");
 
-                return keychainAdapter.Credential.Token != null;
+                var keychainUsername = keychainAdapter.Credential?.Username;
+                if (keychainUsername == null || connection.Username != keychainUsername)
+                {
+                    throw new TokenUsernameMismatchException(connection.Username, keychainUsername);
+                }
+
+                return keychainAdapter.Credential?.Token != null;
             }
 
             logger.Trace("LoadKeychainInternal: No keys to load");