From 3832c2eeb87e0b099d50d63cfbfd19327c6b5bc1 Mon Sep 17 00:00:00 2001
From: gabriel-arc <gabriel@travis-ci.org>
Date: Thu, 10 Sep 2020 13:32:13 +0200
Subject: [PATCH 1/2] workaround for gh token verification

skipping verification for tokens requiring new verification api
when using old gh gem version.
---
 lib/travis/config/defaults.rb |  2 +-
 lib/travis/github.rb          | 18 +++++++++++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/lib/travis/config/defaults.rb b/lib/travis/config/defaults.rb
index d12dd2911f..981d2d9405 100644
--- a/lib/travis/config/defaults.rb
+++ b/lib/travis/config/defaults.rb
@@ -40,7 +40,7 @@ def logs_api_auth_token
             sidekiq:       { namespace: 'sidekiq', pool_size: 1 },
             smtp:          {},
             email:         {},
-            github:        { api_url: 'https://api.github.com', token: 'travisbot-token' },
+            github:        { api_url: 'https://api.github.com', token: 'travisbot-token', enterprise_legacy_oauth: true },
             async:         {},
             notifications: [], # TODO rename to event.handlers
             metrics:       { reporter: 'librato' },
diff --git a/lib/travis/github.rb b/lib/travis/github.rb
index a2fd9ad2eb..7081c03820 100644
--- a/lib/travis/github.rb
+++ b/lib/travis/github.rb
@@ -1,6 +1,17 @@
 require 'gh'
 require 'core_ext/hash/compact'
 
+GH::TokenCheck.class_eval do
+  def setup(backend, options)
+      puts "called!"
+      @client_secret = options[:client_secret]
+      @client_id     = options[:client_id]
+      @token         = options[:token]
+      @check_token   = options[:check_token]
+      super
+  end
+end
+
 module Travis
   module Github
     class << self
@@ -11,7 +22,8 @@ def setup
           user_agent:     "GH/#{GH::VERSION}",
           origin:         Travis.config.host,
           api_url:        Travis.config.github.api_url,
-          ssl:            Travis.config.ssl.to_h.merge(Travis.config.github.ssl.to_h || {}).to_h.compact
+          ssl:            Travis.config.ssl.to_h.merge(Travis.config.github.ssl.to_h || {}).to_h.compact,
+          check_token:    !is_legacy?
         )
       end
 
@@ -19,6 +31,10 @@ def authenticated(user, &block)
         fail "we don't have a github token for #{user.inspect}" if user.github_oauth_token.blank?
         GH.with(:token => user.github_oauth_token, &block)
       end
+
+      def is_legacy?
+        Travis.config.github.enterprise_legacy_oauth
+      end
     end
 
     require 'travis/github/education'

From 91bf92386dd15ab6f8a443b59025b64f841ee422 Mon Sep 17 00:00:00 2001
From: gabriel-arc <gabriel@travis-ci.org>
Date: Mon, 14 Sep 2020 13:06:28 +0200
Subject: [PATCH 2/2] token verification for legacy/new

---
 lib/travis/github.rb | 43 +++++++++++++++++++++++++++++--------------
 1 file changed, 29 insertions(+), 14 deletions(-)

diff --git a/lib/travis/github.rb b/lib/travis/github.rb
index 7081c03820..ae60812d20 100644
--- a/lib/travis/github.rb
+++ b/lib/travis/github.rb
@@ -1,17 +1,37 @@
 require 'gh'
 require 'core_ext/hash/compact'
 
-GH::TokenCheck.class_eval do
-  def setup(backend, options)
-      puts "called!"
-      @client_secret = options[:client_secret]
-      @client_id     = options[:client_id]
-      @token         = options[:token]
-      @check_token   = options[:check_token]
-      super
+GH::Remote.class_eval do
+  def http(verb, url, headers = {}, &block)
+    body = headers.delete :body
+    connection.run_request(verb, url, body, headers, &block)
+  rescue Exception => error
+    raise Error.new(error, nil, :verb => verb, :url => url, :headers => headers)
   end
 end
 
+GH::TokenCheck.class_eval do
+
+    def check_token
+      return unless @check_token and client_id and client_secret and token
+      @check_token = false
+      auth_header = "Basic %s" % Base64.encode64("#{client_id}:#{client_secret}").gsub("\n", "")
+
+      if is_legacy?
+        http :head, path_for("/applications/#{client_id}/tokens/#{token}?client_id=#{client_id}&client_secret=#{client_secret}"), "Authorization" => auth_header
+      else
+        http :post, path_for("/applications/#{client_id}/token"), :body => "{\"access_token\": \"#{token}\"}", "Authorization" => auth_header
+      end
+    rescue GH::Error(:response_status => 404) => error
+      raise GH::TokenInvalid, error
+    end
+
+    def is_legacy?
+      Travis.config.github.enterprise_legacy_oauth
+    end
+
+end
+
 module Travis
   module Github
     class << self
@@ -22,8 +42,7 @@ def setup
           user_agent:     "GH/#{GH::VERSION}",
           origin:         Travis.config.host,
           api_url:        Travis.config.github.api_url,
-          ssl:            Travis.config.ssl.to_h.merge(Travis.config.github.ssl.to_h || {}).to_h.compact,
-          check_token:    !is_legacy?
+          ssl:            Travis.config.ssl.to_h.merge(Travis.config.github.ssl.to_h || {}).to_h.compact
         )
       end
 
@@ -31,10 +50,6 @@ def authenticated(user, &block)
         fail "we don't have a github token for #{user.inspect}" if user.github_oauth_token.blank?
         GH.with(:token => user.github_oauth_token, &block)
       end
-
-      def is_legacy?
-        Travis.config.github.enterprise_legacy_oauth
-      end
     end
 
     require 'travis/github/education'