From 7797e8b7f9b8ad8939671b82eb02d27f094bd399 Mon Sep 17 00:00:00 2001
From: Tamir Duberstein <tamird@gmail.com>
Date: Tue, 21 Jun 2016 21:17:03 -0400
Subject: [PATCH] allow username-based authentication

Updates #99 (it fixes the issue, but we should really get someone from
GitHub to comment on our use of the API, so I'd like to leave it open).
---
 github.js | 28 +++++++++++++++++++++-------
 test.js   |  4 ++--
 2 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/github.js b/github.js
index decab50..67331b7 100644
--- a/github.js
+++ b/github.js
@@ -195,12 +195,25 @@ function configureCredentials(config, ui) {
 
   return Promise.resolve()
   .then(function() {
-    ui.log('info', 'You can generate an access token at %https://' + (config.hostname || 'github.com') + '/settings/tokens%.');
-    return ui.input('Enter your GitHub access token');
+    ui.log('info', 'If using two-factor authentication or to avoid using your password you can generate an access token at %https://' + (config.hostname || 'github.com') + '/settings/tokens%.');
+    return ui.input('Enter your GitHub username or access token');
   })
-  .then(function(token) {
-    auth.token = token;
-    if (auth.token) {
+  .then(function(entered) {
+    if (!entered) {
+      return false;
+    } else if (isGithubToken(entered)) {
+      auth.token = entered;
+    } else {
+      auth.username = entered;
+      return ui.input('Enter your GitHub password', null, true);
+    }
+  })
+  .then(function(password) {
+    if (password) {
+      auth.password = password;
+    }
+
+    if (auth.username || auth.token) {
       return ui.confirm('Would you like to test these credentials?', true);
     }
   })
@@ -225,7 +238,7 @@ function configureCredentials(config, ui) {
     })
     .then(function(res) {
       if (res.statusCode == 401) {
-        ui.log('warn', 'Provided GitHub credentials are not authorized, try re-entering your access token.');
+        ui.log('warn', 'Provided GitHub credentials are not authorized, try re-entering your password or access token.');
       }
       else if (res.statusCode != 200) {
         ui.log('warn', 'Invalid response code, %' + res.statusCode + '%');
@@ -344,7 +357,8 @@ GithubLocation.prototype = {
       execGit('ls-remote ' + remoteString.replace(/(['"()])/g, '\\\$1') + repo + '.git refs/tags/* refs/heads/*', execOpt, function(err, stdout, stderr) {
         if (err) {
           if (err.toString().indexOf('not found') == -1) {
-            var error = new Error(stderr);
+            // dont show plain text passwords in error
+            var error = new Error(stderr.toString().replace(remoteString, ''));
             error.hideStack = true;
             error.retriable = true;
             reject(error);
diff --git a/test.js b/test.js
index 1dc8c8c..6ed821a 100644
--- a/test.js
+++ b/test.js
@@ -4,8 +4,8 @@ github = new github({
   baseDir: '.',
   log: true,
   tmpDir: '.',
-  auth: '',
-  token: ''
+  username: '',
+  password: ''
 });
 
 github.lookup('angular/bower-angular')