Refactor to support two-factor authentication

6e48d54a · David Baumgold · d49c97bd · 6e48d54a
Commit 6e48d54a authored May 07, 2014 by David Baumgold
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 16 deletions

scripts/release.py
+34 -16

No files found.
--- a/scripts/release.py
+++ b/scripts/release.py
@@ -125,6 +125,31 @@ def get_github_creds():
    return None


+def create_github_creds():
+    headers = {"User-Agent": "edx-release"}
+    payload = {"note": "edx-release"}
+    username = raw_input("Github username: ")
+    password = getpass.getpass("Github password: ")
+    response = requests.post(
+        "https://api.github.com/authorizations",
+        auth=(username, password),
+        headers=headers, data=json.dumps(payload),
+    )
+    # is the user using two-factor authentication?
+    otp_header = response.headers.get("X-GitHub-OTP")
+    if not response.ok and otp_header and otp_header.startswith("required;"):
+        # get two-factor code, redo the request
+        headers["X-GitHub-OTP"] = raw_input("Two-factor authentication code: ")
+        response = requests.post(
+            "https://api.github.com/authorizations",
+            auth=(username, password),
+            headers=headers, data=json.dumps(payload),
+        )
+    if not response.ok:
+        raise requests.exceptions.RequestException(response.json()["message"])
+    return (username, response.json()["token"])
+
+
 def ensure_github_creds(attempts=3):
    """
    Make sure that we have Github OAuth credentials. This will check the user's
@@ -140,32 +165,25 @@ def ensure_github_creds(attempts=3):
    # Looks like we need to create the OAuth creds
    # https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization
    print("We need to set up OAuth authentication with Github's API. "
-          "Your credentials will not be stored.", file=sys.stderr)
-    headers = {"User-Agent": "edx-release"}
-    payload = {"note": "edx-release"}
+          "Your password will not be stored.", file=sys.stderr)
+    token = None
    for _ in range(attempts):
-        username = raw_input("Github username: ")
-        password = getpass.getpass("Github password: ")
-        response = requests.post(
-            "https://api.github.com/authorizations",
-            auth=(username, password),
-            headers=headers, data=json.dumps(payload),
-        )
-        if not response.ok:
+        try:
+            username, token = create_github_creds()
+        except requests.exceptions.RequestException as e:
            print(
-                "Invalid authentication: {}".format(response.json()["message"]),
+                "Invalid authentication: {}".format(e.message),
                file=sys.stderr,
            )
            continue
        else:
            break
-    if not response.ok:
+    if token:
+        print("Successfully authenticated to Github", file=sys.stderr)
+    if not token:
        print("Too many invalid authentication attempts.", file=sys.stderr)
        return False

-    # got the token!
-    token = response.json()["token"]
-
    config_file = path("~/.config/edx-release").expand()
    # make sure parent directory exists
    config_file.parent.makedirs_p()