From cc2a1cd50e1ee28dc966829466ad1911905e7982 Mon Sep 17 00:00:00 2001
From: Konstantin Haase <konstantin.mailinglists@googlemail.com>
Date: Fri, 11 Jan 2013 17:42:01 +0100
Subject: [PATCH] do not require user scope for /auth/github

---
 lib/travis/api/app/endpoint/authorization.rb | 3 ++-
 spec/unit/endpoint/authorization_spec.rb     | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/travis/api/app/endpoint/authorization.rb b/lib/travis/api/app/endpoint/authorization.rb
index 0393bf54..eb5a1e57 100644
--- a/lib/travis/api/app/endpoint/authorization.rb
+++ b/lib/travis/api/app/endpoint/authorization.rb
@@ -220,7 +220,7 @@ class Travis::Api::App
         def user_for_github_token(token, drop_token = false)
           data   = GH.with(token: token.to_s) { GH['user'] }
           scopes = parse_scopes data.headers['x-oauth-scopes']
-          halt 403, 'insufficient access' unless acceptable? scopes
+          halt 403, 'insufficient access: %p' unless acceptable? scopes
 
           user   = UserManager.new(data, token, drop_token).fetch
           halt 403, 'not a Travis user' if user.nil?
@@ -251,6 +251,7 @@ class Travis::Api::App
 
         def acceptable_scopes_for(scope)
           case scope = scope.to_s
+          when /^user/       then ['user', scope, 'public_repo', 'repo']
           when /^(.+):/      then [$1, scope]
           when 'public_repo' then [scope, 'repo']
           else [scope]
diff --git a/spec/unit/endpoint/authorization_spec.rb b/spec/unit/endpoint/authorization_spec.rb
index f931af72..2f84ad19 100644
--- a/spec/unit/endpoint/authorization_spec.rb
+++ b/spec/unit/endpoint/authorization_spec.rb
@@ -26,8 +26,8 @@ describe Travis::Api::App::Endpoint::Authorization do
   describe 'POST /auth/github' do
     before do
       data = { 'id' => user.github_id, 'name' => user.name, 'login' => user.login, 'gravatar_id' => user.gravatar_id }
-      GH.stubs(:with).with(token: 'private repos').returns stub(:[] => user.login, :headers => {'x-oauth-scopes' => 'user,repo'}, :to_hash => data)
-      GH.stubs(:with).with(token: 'public repos').returns  stub(:[] => user.login, :headers => {'x-oauth-scopes' => 'user,public_repo'}, :to_hash => data)
+      GH.stubs(:with).with(token: 'private repos').returns stub(:[] => user.login, :headers => {'x-oauth-scopes' => 'repo'}, :to_hash => data)
+      GH.stubs(:with).with(token: 'public repos').returns  stub(:[] => user.login, :headers => {'x-oauth-scopes' => 'public_repo'}, :to_hash => data)
       GH.stubs(:with).with(token: 'no repos').returns      stub(:[] => user.login, :headers => {'x-oauth-scopes' => 'user'}, :to_hash => data)
       GH.stubs(:with).with(token: 'invalid token').raises(Faraday::Error::ClientError, 'CLIENT ERROR!')
     end