Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for SAML tokens #67

Open
pelikhan opened this issue Jan 21, 2021 · 7 comments
Open

Support for SAML tokens #67

pelikhan opened this issue Jan 21, 2021 · 7 comments

Comments

@pelikhan
Copy link
Contributor

Organization may requires SAML token (like Microsoft) and it seems that the fork bailout does not detect this properly.
Would it be possible force a fork -- or -- support SAML token?

Thanks for this tool, it's great.
@gr2m
Copy link
Owner

gr2m commented Jan 21, 2021

I think supporting SAML tokens would be great! I don't have a way to test it myself, I'd need your help. What's the error message you are currently getting? Could you log the error object and share the output here? Just make sure to remove sensitive information from the output first

@pelikhan
Copy link
Contributor Author

Console shows this:
image

@pelikhan
Copy link
Contributor Author

Response is 403

{
  "message": "Resource protected by organization SAML enforcement. You must grant your Personal Access token access to this organization.",
  "documentation_url": "https://docs.github.com/articles/authenticating-to-a-github-organization-with-saml-single-sign-on/"
}

@gr2m
Copy link
Owner

gr2m commented Jan 22, 2021

My guess is that the GET /repos/{owner}/{repo} request fails

octokit-plugin-create-pull-request/src/compose-create-pull-request.ts

Lines 32 to 39 in f2abf7f

// https://developer.github.com/v3/repos/#get-a-repository
const { data: repository, headers } = await octokit.request(
"GET /repos/{owner}/{repo}",
{
owner,
repo,
}
);

We should catch the error and check if its message includes /\bSAML\b. If it does, we have to run the same code that we currently run when the user does not have write access to the repository

octokit-plugin-create-pull-request/src/compose-create-pull-request.ts

Lines 55 to 78 in f2abf7f

if (isUser && !repository.permissions.push) {
// https://developer.github.com/v3/users/#get-the-authenticated-user
const user = await octokit.request("GET /user");
// https://developer.github.com/v3/repos/forks/#list-forks
const forks = await octokit.request("GET /repos/{owner}/{repo}/forks", {
owner,
repo,
});
const hasFork = forks.data.find(
/* istanbul ignore next - fork owner can be null, but we don't test that */
(fork) => fork.owner?.login === user.data.login
);
if (!hasFork) {
// https://developer.github.com/v3/repos/forks/#create-a-fork
await octokit.request("POST /repos/{owner}/{repo}/forks", {
owner,
repo,
});
}
state.fork = user.data.login;
}

Would you like to send a pull request with the required change? It'd be easier for you as you can test it against a real SAML protected repository. I can help you through the process if you have any questions

@pelikhan
Copy link
Contributor Author

how do you test locally? npm link?

@gr2m
Copy link
Owner

gr2m commented Jan 22, 2021

Yes. After you checkout this repository, you need to run npm install and npm build. After each change, you need to run npm build again. Then link the pkg/ subfolder, which will have the contents that is usually published to npm, it will look like this: https://unpkg.com/browse/[email protected]

@pelikhan
Copy link
Contributor Author

pelikhan commented Feb 8, 2021

I'll get to it eventually...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gr2m @pelikhan