From ada6ee0f2cc63e1f7f9f73db0004d857cbb9d4ab Mon Sep 17 00:00:00 2001
From: Konstantin Haase <konstantin.mailinglists@googlemail.com>
Date: Fri, 11 Jan 2013 16:20:53 +0100
Subject: [PATCH] fix scope check

---
 lib/travis/api/app/endpoint/authorization.rb | 12 +++++++++++-
 spec/spec_helper.rb                          |  2 ++
 spec/unit/endpoint/authorization_spec.rb     |  4 ++--
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/lib/travis/api/app/endpoint/authorization.rb b/lib/travis/api/app/endpoint/authorization.rb
index 305adb30..1065b4c2 100644
--- a/lib/travis/api/app/endpoint/authorization.rb
+++ b/lib/travis/api/app/endpoint/authorization.rb
@@ -243,7 +243,17 @@ class Travis::Api::App
         end
 
         def acceptable?(scopes)
-          scopes.include? 'public_repo' or scopes.include? 'repo'
+          User::Oauth.wanted_scopes.all? do |scope|
+            acceptable_scopes_for(scope).any? { |s| scopes.include? s }
+          end
+        end
+
+        def acceptable_scopes_for(scope)
+          case scope = scope.to_s
+          when /^(.+):/      then [$1, scope]
+          when 'public_repo' then [scope, 'repo']
+          else [scope]
+          end
         end
 
         def post_message(payload)
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index ce872233..af4563da 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -47,6 +47,8 @@ RSpec.configure do |c|
   c.before :each do
     DatabaseCleaner.start
     ::Redis.connect(url: Travis.config.redis.url).flushdb
+    Travis.config.oauth2 ||= {}
+    Travis.config.oauth2.scope = "user:email,public_repo"
     set_app Travis::Api::App.new
   end
 
diff --git a/spec/unit/endpoint/authorization_spec.rb b/spec/unit/endpoint/authorization_spec.rb
index f4cb39b2..3d8c52fb 100644
--- a/spec/unit/endpoint/authorization_spec.rb
+++ b/spec/unit/endpoint/authorization_spec.rb
@@ -26,8 +26,8 @@ describe Travis::Api::App::Endpoint::Authorization do
   describe 'POST /auth/github' do
     before do
       data = { 'id' => user.github_id, 'name' => user.name, 'login' => user.login, 'gravatar_id' => user.gravatar_id }
-      GH.stubs(:with).with(token: 'private repos').returns stub(:[] => user.login, :headers => {'x-oauth-scopes' => 'repo'}, :to_hash => data)
-      GH.stubs(:with).with(token: 'public repos').returns  stub(:[] => user.login, :headers => {'x-oauth-scopes' => 'public_repo'}, :to_hash => data)
+      GH.stubs(:with).with(token: 'private repos').returns stub(:[] => user.login, :headers => {'x-oauth-scopes' => 'user,repo'}, :to_hash => data)
+      GH.stubs(:with).with(token: 'public repos').returns  stub(:[] => user.login, :headers => {'x-oauth-scopes' => 'user,public_repo'}, :to_hash => data)
       GH.stubs(:with).with(token: 'no repos').returns      stub(:[] => user.login, :headers => {'x-oauth-scopes' => 'user'}, :to_hash => data)
       GH.stubs(:with).with(token: 'invalid token').raises(Faraday::Error::ClientError, 'CLIENT ERROR!')
     end