Mirroring for external CI/CD repositories should not store OAuth token
From https://gitlab.com/gitlab-org/gitlab-ce/issues/55729, I'm not quite sure if external CI/CD repositories are storing the right credentials.
When I created a CI/CD repo, I noticed project.import_url
looked like:
https://RANDOM-40-CHARACTERS@github.com/stanhu/project.git
Note that the username
was RANDOM-40-CHARACTERS
and password was nil
:
[ gprd ] production> proj.import_data.credentials
=> {:user=>"RANDOM-40-CHARACTERS", :password=>nil}
This appears to be the OAuth2 token, which has an indefinite expiration date BUT will go invalid if more than 10 tokens are created (https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/#creating-multiple-tokens-for-oauth-apps). This means if a user attempts to import enough repositories, mirroring will fail for some repositories.
Workaround: Go into the Repository settings, delete the pull mirror, and re-add credentials with a personal access token.
Solution
inject an additional step to ask for the PAT instead of the Oauth screen we currently use.
- limited container width
container-fluid container-limited limit-container-width
- breadcrumb
Authenticate with GitHub
- title
Authenticate with GitHub
- description
This will enable you to select repositories for mirroring.
- field
560px width
- field help text
560px width
Create a personal access token and provide it for authentication
links to https://help.github.com/en/articles/creating-a-personal-access-token-for-the-command-line - action bar
Cancel
andAuthenticate
note: We are keeping the first paragraph closer to the original text already inside of the existing page. @shampton Will take the first stab at that and put it up for merge request review. Otherwise, the changes are mostly centered around bringing it closer to be inline with other UI and the design system. The oauth section will be deleted.