git-ecosystem
diff --git a/‎Git-Credential-Manager.sln‎
Lines changed: 22 additions & 0 deletions b/‎Git-Credential-Manager.sln‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎common/src/Git-Credential-Manager/Git-Credential-Manager.csproj‎
Lines changed: 1 addition & 0 deletions b/‎common/src/Git-Credential-Manager/Git-Credential-Manager.csproj‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎common/src/Git-Credential-Manager/Program.cs‎
Lines changed: 2 additions & 0 deletions b/‎common/src/Git-Credential-Manager/Program.cs‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎common/src/GitHub/AuthenticationResult.cs‎
Lines changed: 33 additions & 0 deletions b/‎common/src/GitHub/AuthenticationResult.cs‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎common/src/GitHub/GitHub.csproj‎
Lines changed: 15 additions & 0 deletions b/‎common/src/GitHub/GitHub.csproj‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎common/src/GitHub/GitHubAuthentication.cs‎
Lines changed: 69 additions & 0 deletions b/‎common/src/GitHub/GitHubAuthentication.cs‎
Lines changed: 69 additions & 0 deletions
diff --git a/‎common/src/GitHub/GitHubConstants.cs‎
Lines changed: 22 additions & 0 deletions b/‎common/src/GitHub/GitHubConstants.cs‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎common/src/GitHub/GitHubHostProvider.cs‎
Lines changed: 145 additions & 0 deletions b/‎common/src/GitHub/GitHubHostProvider.cs‎
Lines changed: 145 additions & 0 deletions
@@ -27,6 +27,10 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "tests", "tests", "{DD8B847B
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "TestInfrastructure", "common\tests\TestInfrastructure\TestInfrastructure.csproj", "{5A7D9E8B-C1D2-4C5C-BE98-648C41D1F8BD}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GitHub", "common\src\GitHub\GitHub.csproj", "{3C840B06-A595-4FD9-9A76-56CD45B14780}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GitHub.Tests", "common\tests\GitHub.Tests\GitHub.Tests.csproj", "{03B9B82B-7DCA-4554-97AB-C98FF18FB385}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -83,6 +87,22 @@ Global
 		{5A7D9E8B-C1D2-4C5C-BE98-648C41D1F8BD}.WindowsDebug|Any CPU.Build.0 = Debug|Any CPU
 		{5A7D9E8B-C1D2-4C5C-BE98-648C41D1F8BD}.WindowsRelease|Any CPU.ActiveCfg = Release|Any CPU
 		{5A7D9E8B-C1D2-4C5C-BE98-648C41D1F8BD}.WindowsRelease|Any CPU.Build.0 = Release|Any CPU
+		{3C840B06-A595-4FD9-9A76-56CD45B14780}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{3C840B06-A595-4FD9-9A76-56CD45B14780}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{3C840B06-A595-4FD9-9A76-56CD45B14780}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{3C840B06-A595-4FD9-9A76-56CD45B14780}.Release|Any CPU.Build.0 = Release|Any CPU
+		{3C840B06-A595-4FD9-9A76-56CD45B14780}.WindowsDebug|Any CPU.ActiveCfg = Debug|Any CPU
+		{3C840B06-A595-4FD9-9A76-56CD45B14780}.WindowsDebug|Any CPU.Build.0 = Debug|Any CPU
+		{3C840B06-A595-4FD9-9A76-56CD45B14780}.WindowsRelease|Any CPU.ActiveCfg = Release|Any CPU
+		{3C840B06-A595-4FD9-9A76-56CD45B14780}.WindowsRelease|Any CPU.Build.0 = Release|Any CPU
+		{03B9B82B-7DCA-4554-97AB-C98FF18FB385}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{03B9B82B-7DCA-4554-97AB-C98FF18FB385}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{03B9B82B-7DCA-4554-97AB-C98FF18FB385}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{03B9B82B-7DCA-4554-97AB-C98FF18FB385}.Release|Any CPU.Build.0 = Release|Any CPU
+		{03B9B82B-7DCA-4554-97AB-C98FF18FB385}.WindowsDebug|Any CPU.ActiveCfg = Debug|Any CPU
+		{03B9B82B-7DCA-4554-97AB-C98FF18FB385}.WindowsDebug|Any CPU.Build.0 = Debug|Any CPU
+		{03B9B82B-7DCA-4554-97AB-C98FF18FB385}.WindowsRelease|Any CPU.ActiveCfg = Release|Any CPU
+		{03B9B82B-7DCA-4554-97AB-C98FF18FB385}.WindowsRelease|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -98,6 +118,8 @@ Global
 		{1229E443-E66C-402F-8AA4-5AE6A207D3C7} = {66722747-1B61-40E4-A89B-1AC8E6D62EA9}
 		{DD8B847B-286B-4928-867B-E09C6C90DA1F} = {66722747-1B61-40E4-A89B-1AC8E6D62EA9}
 		{5A7D9E8B-C1D2-4C5C-BE98-648C41D1F8BD} = {4B305AC9-153F-4EA3-822F-3E5023BABAF1}
+		{3C840B06-A595-4FD9-9A76-56CD45B14780} = {A7FC1234-95E3-4496-B5F7-4306F41E6A0E}
+		{03B9B82B-7DCA-4554-97AB-C98FF18FB385} = {4B305AC9-153F-4EA3-822F-3E5023BABAF1}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {0EF9FC65-E6BA-45D4-A455-262A9EA4366B}
 
@@ -11,6 +11,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <ProjectReference Include="..\GitHub\GitHub.csproj" />
     <ProjectReference Include="..\Microsoft.AzureRepos\Microsoft.AzureRepos.csproj" />
     <ProjectReference Include="..\Microsoft.Git.CredentialManager\Microsoft.Git.CredentialManager.csproj" />
   </ItemGroup>
 
@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT license.
 using System;
+using GitHub;
 using Microsoft.AzureRepos;
 
 namespace Microsoft.Git.CredentialManager
@@ -15,6 +16,7 @@ public static void Main(string[] args)
                 // Register all supported host providers
                 app.ProviderRegistry.Register(
                     new AzureReposHostProvider(context),
+                    new GitHubHostProvider(context),
                     new GenericHostProvider(context)
                 );
 
 
@@ -0,0 +1,33 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license.
+using Microsoft.Git.CredentialManager;
+
+namespace GitHub
+{
+    public struct AuthenticationResult
+    {
+        public AuthenticationResult(GitHubAuthenticationResultType type)
+        {
+            Type = type;
+            Token = null;
+        }
+
+        public AuthenticationResult(GitHubAuthenticationResultType type, GitCredential token)
+        {
+            Type = type;
+            Token = token;
+        }
+
+        public GitHubAuthenticationResultType Type { get; }
+
+        public GitCredential Token { get; }
+    }
+
+    public enum GitHubAuthenticationResultType
+    {
+        Success,
+        Failure,
+        TwoFactorApp,
+        TwoFactorSms,
+    }
+}
@@ -0,0 +1,15 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+    <PropertyGroup>
+        <TargetFramework>netstandard2.0</TargetFramework>
+        <RootNamespace>GitHub</RootNamespace>
+        <AssemblyName>GitHub</AssemblyName>
+        <IsTestProject>false</IsTestProject>
+        <LangVersion>latest</LangVersion>
+    </PropertyGroup>
+
+    <ItemGroup>
+      <ProjectReference Include="..\Microsoft.Git.CredentialManager\Microsoft.Git.CredentialManager.csproj" />
+    </ItemGroup>
+
+</Project>
@@ -0,0 +1,69 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license.
+using System;
+using Microsoft.Git.CredentialManager;
+
+namespace GitHub
+{
+    public interface IGitHubAuthentication
+    {
+        bool TryGetCredentials(Uri targetUri, out string userName, out string password);
+
+        bool TryGetAuthenticationCode(Uri targetUri, bool isSms, out string authenticationCode);
+    }
+
+    public class TtyGitHubPromptAuthentication : IGitHubAuthentication
+    {
+        private readonly ICommandContext _context;
+
+        public TtyGitHubPromptAuthentication(ICommandContext context)
+        {
+            EnsureArgument.NotNull(context, nameof(context));
+
+            _context = context;
+        }
+
+        public bool TryGetCredentials(Uri targetUri, out string userName, out string password)
+        {
+            EnsureTerminalPromptsEnabled();
+
+            _context.StdError.WriteLine("Enter credentials for '{0}'...", targetUri);
+
+            userName = _context.Prompt("Username");
+            password = _context.PromptSecret("Password");
+
+            return !string.IsNullOrWhiteSpace(userName) && !string.IsNullOrWhiteSpace(password);
+        }
+
+        public bool TryGetAuthenticationCode(Uri targetUri, bool isSms, out string authenticationCode)
+        {
+            EnsureTerminalPromptsEnabled();
+
+            _context.StdError.WriteLine("Two-factor authentication is enabled and an authentication code is required.");
+
+            if (isSms)
+            {
+                _context.StdError.WriteLine("An SMS containing the authentication code has been sent to your registered device.");
+            }
+            else
+            {
+                _context.StdError.WriteLine("Use your registered authentication app to generate an authentication code.");
+            }
+
+            authenticationCode = _context.Prompt("Authentication code");
+            return !string.IsNullOrWhiteSpace(authenticationCode);
+        }
+
+        private void EnsureTerminalPromptsEnabled()
+        {
+            if (_context.TryGetEnvironmentVariable(
+                    Constants.EnvironmentVariables.GitTerminalPrompts, out string envarPrompts)
+                && envarPrompts == "0")
+            {
+                _context.Trace.WriteLine($"{Constants.EnvironmentVariables.GitTerminalPrompts} is 0; terminal prompts have been disabled.");
+
+                throw new InvalidOperationException("Cannot show GitHub credential prompt because terminal prompts have been disabled.");
+            }
+        }
+    }
+}
@@ -0,0 +1,22 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license.
+namespace GitHub
+{
+    public static class GitHubConstants
+    {
+        public const string GitHubBaseUrlHost = "github.com";
+        public const string GistBaseUrlHost = "gist." + GitHubBaseUrlHost;
+
+        /// <summary>
+        /// The GitHub required HTTP accepts header value
+        /// </summary>
+        public const string GitHubApiAcceptsHeaderValue = "application/vnd.github.v3+json";
+        public const string GitHubOptHeader = "X-GitHub-OTP";
+
+        public static class TokenScopes
+        {
+            public const string Gist = "gist";
+            public const string Repo = "repo";
+        }
+    }
+}
@@ -0,0 +1,145 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license.
+using System;
+using System.Threading.Tasks;
+using Microsoft.Git.CredentialManager;
+
+namespace GitHub
+{
+    public class GitHubHostProvider : HostProvider
+    {
+        private static readonly string[] GitHubCredentialScopes =
+        {
+            GitHubConstants.TokenScopes.Gist,
+            GitHubConstants.TokenScopes.Repo
+        };
+
+        private readonly IGitHubRestApi _gitHubApi;
+        private readonly IGitHubAuthentication _gitHubAuth;
+
+        public GitHubHostProvider(ICommandContext context)
+            : this(context, new GitHubRestApi(context), new TtyGitHubPromptAuthentication(context)) { }
+
+        public GitHubHostProvider(ICommandContext context, IGitHubRestApi gitHubApi, IGitHubAuthentication gitHubAuth)
+            : base(context)
+        {
+            EnsureArgument.NotNull(gitHubApi, nameof(gitHubApi));
+            EnsureArgument.NotNull(gitHubAuth, nameof(gitHubAuth));
+
+            _gitHubApi = gitHubApi;
+            _gitHubAuth = gitHubAuth;
+        }
+
+        public override string Name => "GitHub";
+
+        public override bool IsSupported(InputArguments input)
+        {
+            // We do not support unencrypted HTTP communications to GitHub,
+            // but we report `true` here for HTTP so that we can show a helpful
+            // error message for the user in `CreateCredentialAsync`.
+            return input != null &&
+                   (StringComparer.OrdinalIgnoreCase.Equals(input.Protocol, "http") ||
+                    StringComparer.OrdinalIgnoreCase.Equals(input.Protocol, "https")) &&
+                   (StringComparer.OrdinalIgnoreCase.Equals(input.Host, GitHubConstants.GitHubBaseUrlHost) ||
+                    StringComparer.OrdinalIgnoreCase.Equals(input.Host, GitHubConstants.GistBaseUrlHost));
+        }
+
+        public override string GetCredentialKey(InputArguments input)
+        {
+            string url = GetTargetUri(input).AbsoluteUri;
+
+            // Trim trailing slash
+            if (url.EndsWith("/"))
+            {
+                return url.Substring(0, url.Length - 1);
+            }
+
+            return url;
+        }
+
+        public override async Task<GitCredential> CreateCredentialAsync(InputArguments input)
+        {
+            // We should not allow unencrypted communication and should inform the user
+            if (StringComparer.OrdinalIgnoreCase.Equals(input.Protocol, "http"))
+            {
+                throw new Exception("Unencrypted HTTP is not supported for GitHub. Ensure the repository remote URL is using HTTPS.");
+            }
+
+            Uri targetUri = GetTargetUri(input);
+
+            if (_gitHubAuth.TryGetCredentials(targetUri, out string username, out string password))
+            {
+                AuthenticationResult result = await _gitHubApi.AcquireTokenAsync(
+                    targetUri, username, password, null, GitHubCredentialScopes);
+
+                if (result.Type == GitHubAuthenticationResultType.Success)
+                {
+                    Context.Trace.WriteLine($"Token acquisition for '{targetUri}' succeeded");
+
+                    return result.Token;
+                }
+
+                if (result.Type == GitHubAuthenticationResultType.TwoFactorApp ||
+                    result.Type == GitHubAuthenticationResultType.TwoFactorSms)
+                {
+                    bool isSms = result.Type == GitHubAuthenticationResultType.TwoFactorSms;
+
+                    if (_gitHubAuth.TryGetAuthenticationCode(targetUri, isSms, out string authenticationCode))
+                    {
+                        result = await _gitHubApi.AcquireTokenAsync(
+                            targetUri, username, password, authenticationCode, GitHubCredentialScopes);
+
+                        if (result.Type == GitHubAuthenticationResultType.Success)
+                        {
+                            Context.Trace.WriteLine($"Token acquisition for '{targetUri}' succeeded.");
+
+                            return result.Token;
+                        }
+                    }
+                }
+            }
+
+            throw new Exception($"Interactive logon for '{targetUri}' failed.");
+        }
+
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing)
+            {
+                _gitHubApi.Dispose();
+            }
+
+            base.Dispose(disposing);
+        }
+
+        #region Private Methods
+
+        private static Uri NormalizeUri(Uri targetUri)
+        {
+            if (targetUri is null)
+                throw new ArgumentNullException(nameof(targetUri));
+
+            // Special case for gist.github.com which are git backed repositories under the hood.
+            // Credentials for these repositories are the same as the one stored with "github.com"
+            if (targetUri.DnsSafeHost.Equals(GitHubConstants.GistBaseUrlHost, StringComparison.OrdinalIgnoreCase))
+            {
+                return new Uri("https://" + GitHubConstants.GitHubBaseUrlHost);
+            }
+
+            return targetUri;
+        }
+
+        private static Uri GetTargetUri(InputArguments input)
+        {
+            Uri uri = new UriBuilder
+            {
+                Scheme = input.Protocol,
+                Host = input.Host,
+            }.Uri;
+
+            return NormalizeUri(uri);
+        }
+
+        #endregion
+    }
+}