Accept admin:public_key scope.

Steven Kirk · Steven Kirk · commit 7c75c8e3d72b · 2017-12-19T13:05:02.000Z
When checking scopes use some simple logic to allow `admin:public_key` instead of just `write:public_key`. Note that this logic won't account for all the peculiarities of GitHub's scopes but it works for what we need now.
diff --git a/src/GitHub.Api/LoginManager.cs b/src/GitHub.Api/LoginManager.cs
@@ -194,6 +194,38 @@ public async Task Logout(HostAddress hostAddress, IGitHubClient client)
             await keychain.Delete(hostAddress);
         }
 
+        /// <summary>
+        /// Tests if received API scopes match the required API scopes.
+        /// </summary>
+        /// <param name="required">The required API scopes.</param>
+        /// <param name="received">The received API scopes.</param>
+        /// <returns>True if all required scopes are present, otherwise false.</returns>
+        public static bool ScopesMatch(IReadOnlyList<string> required, IReadOnlyList<string> received)
+        {
+            foreach (var scope in required)
+            {
+                var found = received.Contains(scope);
+
+                if (!found && (scope.StartsWith("read:") || scope.StartsWith("write:")))
+                {
+                    // NOTE: Scopes are actually more complex than this, for example
+                    // `user` encompasses `read:user` and `user:email` but just use
+                    // this simple rule for now as it works for the scopes we require.
+                    var adminScope = scope
+                        .Replace("read:", "admin:")
+                        .Replace("write:", "admin:");
+                    found = received.Contains(adminScope);
+                }
+
+                if (!found)
+                {
+                    return false;
+                }
+            }
+
+            return true;
+        }
+
         async Task<ApplicationAuthorization> CreateAndDeleteExistingApplicationAuthorization(
             IGitHubClient client,
             NewAuthorization newAuth,
@@ -342,7 +374,7 @@ async Task<User> GetUserAndCheckScopes(IGitHubClient client)
                     .Select(x => x.Trim())
                     .ToArray();
 
-                if (scopes.Except(returnedScopes).Count() == 0)
+                if (ScopesMatch(scopes, returnedScopes))
                 {
                     return response.Body;
                 }
diff --git a/test/UnitTests/GitHub.Api/LoginManagerTests.cs b/test/UnitTests/GitHub.Api/LoginManagerTests.cs
@@ -310,4 +310,39 @@ IGitHubClient CreateClient(User user = null, string[] responseScopes = null)
             return result;
         }
     }
+
+    public class TheScopesMatchMethod
+    {
+        [Fact]
+        public void ReturnsFalseWhenMissingScopes()
+        {
+            var received = new[] { "user", "repo", "write:public_key" };
+
+            Assert.False(LoginManager.ScopesMatch(scopes, received));
+        }
+
+        [Fact]
+        public void ReturnsTrueWhenScopesEqual()
+        {
+            var received = new[] { "user", "repo", "gist", "write:public_key" };
+
+            Assert.True(LoginManager.ScopesMatch(scopes, received));
+        }
+
+        [Fact]
+        public void ReturnsTrueWhenExtraScopesReturned()
+        {
+            var received = new[] { "user", "repo", "gist", "foo", "write:public_key" };
+
+            Assert.True(LoginManager.ScopesMatch(scopes, received));
+        }
+
+        [Fact]
+        public void ReturnsTrueWhenAdminScopeReturnedInsteadOfWrite()
+        {
+            var received = new[] { "user", "repo", "gist", "foo", "admin:public_key" };
+
+            Assert.True(LoginManager.ScopesMatch(scopes, received));
+        }
+    }
 }
