From ca56a4a943d2aaba7a58442e31915582504391af Mon Sep 17 00:00:00 2001
From: Emma Triphora <emma@modrinth.com>
Date: Sun, 10 Sep 2023 11:53:27 -0400
Subject: [PATCH] Update token validation to make more sense for the new system

---
 .github/workflows/build.yml                   |  2 --
 README.md                                     |  3 ---
 build.gradle                                  |  2 +-
 .../minotaur/TaskModrinthSyncBody.java        |  3 +--
 src/main/java/com/modrinth/minotaur/Util.java | 23 ++++++-------------
 5 files changed, 9 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 71fd48f..3cd4de8 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -40,5 +40,3 @@ jobs:
       - name: Test with Gradle
         run: ./gradlew fg:modrinth loom:modrinth
         if: ${{ !contains(github.event.head_commit.message, 'skip test') }}
-        env:
-          MODRINTH_TOKEN: dummy_token_for_CI
diff --git a/README.md b/README.md
index 85ebc84..46560e6 100644
--- a/README.md
+++ b/README.md
@@ -4,14 +4,11 @@ A Gradle plugin for interfacing directly with Modrinth, through uploading build
 
 Want to use a GitHub Action instead of a Gradle plugin? Check out [Kir-Antipov/mc-publish](https://github.com/Kir-Antipov/mc-publish), but note that Modrinth does not give support for `mc-publish` where we do for Minotaur.
 
-Still using Minotaur v1? You should switch as soon as possible, because it uses the deprecated API v1. Migration instructions can be found [on the Modrinth documentation page](https://docs.modrinth.com/docs/migrations/v1-to-v2/#minotaur-v1-to-v2).
-
 ## Usage Guide
 
 To use this plugin you must add it to your Gradle build script. After that, you can use the `modrinth` task to upload the version to Modrinth.
 
 Minotaur requires a personal access token with the following scopes:
-- `USER_READ`
 - `CREATE_VERSION` (if running the `modrinth` task)
 - `PROJECT_WRITE` (if running the `modrinthSyncBody` task)
 
diff --git a/build.gradle b/build.gradle
index 3592d3e..7bedb18 100644
--- a/build.gradle
+++ b/build.gradle
@@ -2,7 +2,7 @@ plugins {
 	id 'com.gradle.plugin-publish' version '1.2.0'
 }
 
-version = '2.8.3'
+version = '2.8.4'
 group = 'com.modrinth.minotaur'
 archivesBaseName = 'Minotaur'
 description = 'Modrinth plugin for publishing builds to the website!'
diff --git a/src/main/java/com/modrinth/minotaur/TaskModrinthSyncBody.java b/src/main/java/com/modrinth/minotaur/TaskModrinthSyncBody.java
index fd73d8f..baebccd 100644
--- a/src/main/java/com/modrinth/minotaur/TaskModrinthSyncBody.java
+++ b/src/main/java/com/modrinth/minotaur/TaskModrinthSyncBody.java
@@ -10,8 +10,7 @@
 import java.util.Objects;
 import java.util.regex.Pattern;
 
-import static com.modrinth.minotaur.Util.api;
-import static com.modrinth.minotaur.Util.ext;
+import static com.modrinth.minotaur.Util.*;
 
 /**
  * A task used to communicate with Modrinth for the purpose of syncing project body with, for example, a README.
diff --git a/src/main/java/com/modrinth/minotaur/Util.java b/src/main/java/com/modrinth/minotaur/Util.java
index 0d266f0..16fe99f 100644
--- a/src/main/java/com/modrinth/minotaur/Util.java
+++ b/src/main/java/com/modrinth/minotaur/Util.java
@@ -1,9 +1,7 @@
 package com.modrinth.minotaur;
 
 import masecla.modrinth4j.client.agent.UserAgent;
-import masecla.modrinth4j.exception.EndpointException;
 import masecla.modrinth4j.main.ModrinthAPI;
-import masecla.modrinth4j.model.user.ModrinthUser;
 import org.gradle.api.Project;
 import org.gradle.api.file.RegularFile;
 import org.gradle.api.provider.Provider;
@@ -13,7 +11,6 @@
 import org.jetbrains.annotations.Nullable;
 
 import java.io.File;
-import java.util.Objects;
 
 /**
  * Internal utility methods to make things easier and deduplicated
@@ -23,9 +20,8 @@ class Util {
 	/**
 	 * @param project Gradle project for getting various info from
 	 * @return A valid {@link ModrinthAPI} instance
-	 * @throws EndpointException when the request to validate the token fails
 	 */
-	static ModrinthAPI api(Project project) throws EndpointException, NullPointerException {
+	static ModrinthAPI api(Project project) {
 		ModrinthExtension ext = ext(project);
 		String url = ext.getApiUrl().get();
 		if (url.endsWith("/")) {
@@ -39,19 +35,14 @@ static ModrinthAPI api(Project project) throws EndpointException, NullPointerExc
 			.contact(ext.getProjectId().get() + "/" + resolveVersionNumber(project))
 			.build();
 
-		String token = ext(project).getToken().get();
-		ModrinthAPI api = ModrinthAPI.rateLimited(agent, url, token);
-
-		// Ensure validity of token unless in Minotaur CI
-		if (token.equals("dummy_token_for_CI")) {
-			project.getLogger().info("Skipping token validation (GitHub repo {})", System.getenv("GITHUB_REPOSITORY"));
-		} else {
-			ModrinthUser user = api.users().getSelf().join();
-			String username = Objects.requireNonNull(user.getUsername(), "Failed to resolve username from token");
-			project.getLogger().debug("Signed in as user {}", username);
+		String token = ext.getToken().get();
+		if (token.startsWith("mra")) {
+			throw new RuntimeException("Token must be a personal-access token, not a session token!");
+		} else if (!token.startsWith("mrp")) {
+			project.getLogger().warn("Using GitHub tokens for authentication is deprecated. Please begin to use personal-access tokens.");
 		}
 
-		return api;
+		return ModrinthAPI.rateLimited(agent, url, token);
 	}
 
 	/**