Skip to content

Handle GitHub token revocation failures #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
cursor wants to merge 1 commit into
base: main
Choose a base branch
from
+55 −4
Draft

Handle GitHub token revocation failures #101

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 11 additions & 4 deletions src/github_app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,15 @@
from __future__ import annotations

import contextlib
import logging
import time
from typing import Generator

import jwt
import requests

logger = logging.getLogger(__name__)


class GithubAppToken:
def __init__(self, private_key, app_id) -> None:
Expand All @@ -29,10 +32,14 @@ def get_token(self, installation_id: int) -> Generator[str, None, None]:
# This token expires in an hour
yield resp["token"]
finally:
requests.delete(
"https://api.github.com/installation/token",
headers={"Authorization": f"token {resp['token']}"},
)
try:
revoke_req = requests.delete(
"https://api.github.com/installation/token",
headers={"Authorization": f"token {resp['token']}"},
)
revoke_req.raise_for_status()
except requests.RequestException:
logger.warning("Failed to revoke GitHub App installation token.", exc_info=True)

def get_jwt_token(self, private_key, app_id):
payload = {
Expand Down
44 changes: 44 additions & 0 deletions tests/test_github_app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
from __future__ import annotations

import pytest
import requests

from src.github_app import GithubAppToken


def test_get_token_ignores_revocation_request_failure(monkeypatch):
token = "github-token"
app_token = GithubAppToken.__new__(GithubAppToken)
app_token.headers = {"Authorization": "Bearer jwt-token"}

class TokenResponse:
def raise_for_status(self):
pass

def json(self):
return {"token": token}

monkeypatch.setattr(requests, "post", lambda **kwargs: TokenResponse())

def fail_revocation(*args, **kwargs):
raise requests.ConnectionError("remote disconnected")

monkeypatch.setattr(requests, "delete", fail_revocation)

with app_token.get_token(123) as returned_token:
assert returned_token == token


def test_get_token_raises_when_token_request_fails(monkeypatch):
app_token = GithubAppToken.__new__(GithubAppToken)
app_token.headers = {"Authorization": "Bearer jwt-token"}

class TokenResponse:
def raise_for_status(self):
raise requests.HTTPError("server error")

monkeypatch.setattr(requests, "post", lambda **kwargs: TokenResponse())

with pytest.raises(requests.HTTPError):
with app_token.get_token(123):
pass
Loading