Merge branch 'fixes/1332-validate-scopes' into feature/sso

 Conflicts:
	src/DesignTimeStyleHelper/App.config
	src/GitHub.Api/ApiClientConfiguration.cs
	src/GitHub.Api/LoginManager.cs
	src/GitHub.StartPage/app.config
	src/GitHub.VisualStudio/app.config
	test/UnitTests/GitHub.Api/LoginManagerTests.cs

Author: grokys

appveyor.yml

@@ -1,4 +1,4 @@
-version: '2.3.5.{build}'
+version: '2.3.6.{build}'
 skip_tags: true
 install:
 - ps: |

nuget.config

@@ -7,4 +7,7 @@
   <activePackageSource>
     <add key="All" value="(Aggregate source)" />
   </activePackageSource>
-</configuration>
+  <bindingRedirects>
+    <add key="skip" value="True" />
+  </bindingRedirects>  
+</configuration>

src/DesignTimeStyleHelper/App.config

@@ -49,6 +49,10 @@
         <assemblyIdentity name="Microsoft.VisualStudio.ComponentModelHost" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-14.0.0.0" newVersion="14.0.0.0" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Microsoft.VisualStudio.Validation" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-14.0.0.0" newVersion="14.0.0.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
 </configuration>

src/GitHub.Api/ApiClientConfiguration.cs

@@ -35,7 +35,7 @@ static ApiClientConfiguration()
         /// <summary>
         /// Gets the scopes required by the application.
         /// </summary>
-        public static IReadOnlyList<string> Scopes { get; } = new[] { "user", "repo", "gist", "write:public_key" };
+        public static IReadOnlyList<string> RequiredScopes { get; } = new[] { "user", "repo", "gist", "write:public_key" };
 
         /// <summary>
         /// Gets a note that will be stored with the OAUTH token.

src/GitHub.Api/GitHub.Api.csproj

@@ -46,6 +46,10 @@
   </PropertyGroup>
   <Import Project="$(SolutionDir)\src\common\signing.props" />
   <ItemGroup>
+    <Reference Include="Serilog, Version=2.0.0.0, Culture=neutral, PublicKeyToken=24c2f752a8e58a10, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Serilog.2.5.0\lib\net46\Serilog.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
     <Reference Include="System" />
     <Reference Include="System.ComponentModel.Composition" />
     <Reference Include="System.Core" />
@@ -65,6 +69,7 @@
     <Compile Include="IKeychain.cs" />
     <Compile Include="ILoginManager.cs" />
     <Compile Include="IOAuthCallbackListener.cs" />
+    <Compile Include="IncorrectScopesException.cs" />
     <Compile Include="ITwoFactorChallengeHandler.cs" />
     <Compile Include="LoginManager.cs" />
     <Compile Include="KeychainCredentialStore.cs" />
@@ -100,6 +105,9 @@
       <Name>GitHub.Logging</Name>
     </ProjectReference>
   </ItemGroup>
+  <ItemGroup>
+    <None Include="packages.config" />
+  </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.

src/GitHub.Api/IncorrectScopesException.cs

@@ -0,0 +1,32 @@
+using System;
+using System.Runtime.Serialization;
+
+namespace GitHub.Api
+{
+    /// <summary>
+    /// Thrown when the login for a user does not have the required scopes.
+    /// </summary>
+    [Serializable]
+    public class IncorrectScopesException : Exception
+    {
+        public IncorrectScopesException()
+            : this("You need to sign out and back in.")
+        {
+        }
+
+        public IncorrectScopesException(string message)
+            : base(message)
+        {
+        }
+
+        public IncorrectScopesException(string message, Exception innerException)
+            : base(message, innerException)
+        {
+        }
+
+        protected IncorrectScopesException(SerializationInfo info, StreamingContext context) 
+            : base(info, context)
+        {
+        }
+    }
+}

src/GitHub.Api/LoginManager.cs

@@ -1,10 +1,14 @@
 using System;
+using System.Collections.Generic;
+using System.Linq;
 using System.Net;
 using System.Threading;
 using System.Threading.Tasks;
 using GitHub.Extensions;
+using GitHub.Logging;
 using GitHub.Primitives;
 using Octokit;
+using Serilog;
 
 namespace GitHub.Api
 {
@@ -13,10 +17,14 @@ namespace GitHub.Api
     /// </summary>
     public class LoginManager : ILoginManager
     {
+        const string ScopesHeader = "X-OAuth-Scopes";
+        static readonly ILogger log = LogManager.ForContext<LoginManager>();
+        static readonly Uri UserEndpoint = new Uri("user", UriKind.Relative);
         readonly IKeychain keychain;
         readonly ITwoFactorChallengeHandler twoFactorChallengeHandler;
         readonly string clientId;
         readonly string clientSecret;
+        readonly IReadOnlyList<string> scopes;
         readonly string authorizationNote;
         readonly string fingerprint;
         IOAuthCallbackListener oauthListener;
@@ -36,6 +44,7 @@ public LoginManager(
             IOAuthCallbackListener oauthListener,
             string clientId,
             string clientSecret,
+            IReadOnlyList<string> scopes,
             string authorizationNote = null,
             string fingerprint = null)
         {
@@ -49,6 +58,7 @@ public LoginManager(
             this.oauthListener = oauthListener;
             this.clientId = clientId;
             this.clientSecret = clientSecret;
+            this.scopes = scopes;
             this.authorizationNote = authorizationNote;
             this.fingerprint = fingerprint;
         }
@@ -71,7 +81,7 @@ public async Task<User> Login(
 
             var newAuth = new NewAuthorization
             {
-                Scopes = ApiClientConfiguration.Scopes,
+                Scopes = scopes,
                 Note = authorizationNote,
                 Fingerprint = fingerprint,
             };
@@ -147,7 +157,7 @@ public Task<User> LoginFromCache(HostAddress hostAddress, IGitHubClient client)
             Guard.ArgumentNotNull(hostAddress, nameof(hostAddress));
             Guard.ArgumentNotNull(client, nameof(client));
 
-            return client.User.Current();
+            return ReadUserWithRetry(client);
         }
 
         /// <inheritdoc/>
@@ -282,7 +292,7 @@ async Task<User> ReadUserWithRetry(IGitHubClient client)
             {
                 try
                 {
-                    return await client.User.Current().ConfigureAwait(false);
+                    return await GetUserAndCheckScopes(client).ConfigureAwait(false);
                 }
                 catch (AuthorizationException)
                 {
@@ -295,13 +305,42 @@ async Task<User> ReadUserWithRetry(IGitHubClient client)
             }
         }
 
-        static Uri GetLoginUrl(IOauthClient client, string state)
+        async Task<User> GetUserAndCheckScopes(IGitHubClient client)
+        {
+            var response = await client.Connection.Get<User>(
+                UserEndpoint, null, null).ConfigureAwait(false);
+
+            if (response.HttpResponse.Headers.ContainsKey(ScopesHeader))
+            {
+                var returnedScopes = response.HttpResponse.Headers[ScopesHeader]
+                    .Split(',')
+                    .Select(x => x.Trim())
+                    .ToArray();
+
+                if (scopes.Except(returnedScopes).Count() == 0)
+                {
+                    return response.Body;
+                }
+                else
+                {
+                    log.Error("Incorrect API scopes: require {RequiredScopes} but got {Scopes}", scopes, returnedScopes);
+                }
+            }
+            else
+            {
+                log.Error("Error reading scopes: /user succeeded but scopes header was not present");
+            }
+
+            throw new IncorrectScopesException();
+        }
+
+        Uri GetLoginUrl(IOauthClient client, string state)
         {
             var request = new OauthLoginRequest(ApiClientConfiguration.ClientId);
 
             request.State = state;
 
-            foreach (var scope in ApiClientConfiguration.Scopes)
+            foreach (var scope in scopes)
             {
                 request.Scopes.Add(scope);
             }

src/GitHub.Api/packages.config

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<packages>
+  <package id="Serilog" version="2.5.0" targetFramework="net461" />
+</packages>

src/GitHub.App/GitHub.App.csproj

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="..\..\packages\LibGit2Sharp.NativeBinaries.1.0.185\build\LibGit2Sharp.NativeBinaries.props" Condition="Exists('..\..\packages\LibGit2Sharp.NativeBinaries.1.0.185\build\LibGit2Sharp.NativeBinaries.props')" />
+  <Import Project="..\..\packages\LibGit2Sharp.NativeBinaries.1.0.164\build\LibGit2Sharp.NativeBinaries.props" Condition="Exists('..\..\packages\LibGit2Sharp.NativeBinaries.1.0.164\build\LibGit2Sharp.NativeBinaries.props')" />
   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
   <PropertyGroup>
     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
@@ -16,6 +16,8 @@
     <CodeAnalysisRuleSet>..\common\GitHubVS.ruleset</CodeAnalysisRuleSet>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
     <CodeAnalysisIgnoreGeneratedCode>true</CodeAnalysisIgnoreGeneratedCode>
+    <NuGetPackageImportStamp>
+    </NuGetPackageImportStamp>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <DebugSymbols>true</DebugSymbols>
@@ -48,8 +50,8 @@
   </PropertyGroup>
   <Import Project="$(SolutionDir)\src\common\signing.props" />
   <ItemGroup>
-    <Reference Include="LibGit2Sharp, Version=0.24.0.0, Culture=neutral, PublicKeyToken=7cbde695407f0333, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\LibGit2Sharp.0.24.0\lib\net40\LibGit2Sharp.dll</HintPath>
+    <Reference Include="LibGit2Sharp, Version=0.23.1.0, Culture=neutral, PublicKeyToken=7cbde695407f0333, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\LibGit2Sharp.0.23.1\lib\net40\LibGit2Sharp.dll</HintPath>
       <Private>True</Private>
     </Reference>
     <Reference Include="Microsoft.VisualStudio.ComponentModelHost, Version=14.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
@@ -229,9 +231,6 @@
     <Resource Include="Images\default_user_avatar.png" />
   </ItemGroup>
   <ItemGroup>
-    <None Include="app.config">
-      <SubType>Designer</SubType>
-    </None>
     <None Include="packages.config">
       <SubType>Designer</SubType>
     </None>
@@ -316,7 +315,7 @@
       <ErrorText>This project references NuGet package(s) that are missing on this computer. Enable NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
     </PropertyGroup>
     <Error Condition="!Exists('..\..\packages\SQLitePCL.raw_basic.0.7.3.0-vs2012\build\net45\SQLitePCL.raw_basic.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\..\packages\SQLitePCL.raw_basic.0.7.3.0-vs2012\build\net45\SQLitePCL.raw_basic.targets'))" />
-    <Error Condition="!Exists('..\..\packages\LibGit2Sharp.NativeBinaries.1.0.185\build\LibGit2Sharp.NativeBinaries.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\packages\LibGit2Sharp.NativeBinaries.1.0.185\build\LibGit2Sharp.NativeBinaries.props'))" />
+    <Error Condition="!Exists('..\..\packages\LibGit2Sharp.NativeBinaries.1.0.164\build\LibGit2Sharp.NativeBinaries.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\packages\LibGit2Sharp.NativeBinaries.1.0.164\build\LibGit2Sharp.NativeBinaries.props'))" />
   </Target>
   <Import Project="..\..\packages\SQLitePCL.raw_basic.0.7.3.0-vs2012\build\net45\SQLitePCL.raw_basic.targets" Condition="Exists('..\..\packages\SQLitePCL.raw_basic.0.7.3.0-vs2012\build\net45\SQLitePCL.raw_basic.targets')" />
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 

src/GitHub.App/SampleData/PullRequestListViewModelDesigner.cs

@@ -53,6 +53,8 @@ public PullRequestListViewModelDesigner()
             Authors = new ObservableCollection<IAccount>(prs.Select(x => x.Author));
             SelectedAssignee = Assignees.ElementAt(1);
             SelectedAuthor = Authors.ElementAt(1);
+
+            IsLoaded = true;
         }
 
         public IReadOnlyList<IRemoteRepositoryModel> Repositories { get; }
@@ -68,6 +70,8 @@ public PullRequestListViewModelDesigner()
         public IAccount SelectedAuthor { get; set; }
         public bool RepositoryIsFork { get; set; } = true;
         public bool ShowPullRequestsForFork { get; set; }
+        public string SearchQuery { get; set; }
+        public bool IsLoaded { get; }
 
         public ObservableCollection<IAccount> Assignees { get; set; }
         public IAccount SelectedAssignee { get; set; }