Fix server error upon processing user with revoked github token #783
Conversation
Is this certainly the case for things like email? Or does the response differ a bit |
|
From https://docs.github.com/en/rest/users/users?apiVersion=2022-11-28#get-a-user, the
The waters are muddied slightly by the fact we're using an undocumented version of the endpoint ( |
|
in the process of looking that up, I did stumble across this: https://docs.github.com/en/rest/overview/resources-in-the-rest-api?apiVersion=2022-11-28#rate-limiting
That would be down from 15,000 an hour per user for a token-authenticated request - this one may need to go back to the drawing board for a bit |
There was a problem hiding this comment.
Looks good. Might be worth changing __str__ to not call details given that its more liable to fail with a timeout exception now. It was stupid of me to have __str__ possibly make a network request in the first place tbh.
decomp.me/backend/coreapp/models/github.py
Lines 95 to 96 in 4106e8c
|
I'm cool with merging this after that last comment is addressed |
|
I think itd be fine to just report the user id |
|
Good to merge once tests pass ✅ |
|
The 8 tests that failed are the new compilers which will be fixed in #800 . merging |
Fixes the root cause behind #782.
Right now,
GitHubUser.detailsuses the user's authentication token to fetch their own details. In doing so, it doesn't check if the token's been revoked by its owner, and errors out if it has.As all the details we're looking for are publicly available, this PR switches to fetching the user's details sans an authentication token. Insofar as I can tell, this is the only such place we're using an auth token unnecessarily.
This is a little bit of a band-aid fix because it ignores the fact there are still other ways fetching a user's information can fail (although they're rarer still). Happy for greater error checking to be included in this PR, or to leave it as a future issue.