https-github-com-bit
diff --git a/‎api/client.go‎
Lines changed: 28 additions & 18 deletions b/‎api/client.go‎
Lines changed: 28 additions & 18 deletions
diff --git a/‎command/root.go‎
Lines changed: 5 additions & 0 deletions b/‎command/root.go‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎internal/config/config_setup.go‎
Lines changed: 4 additions & 2 deletions b/‎internal/config/config_setup.go‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎pkg/cmd/auth/auth.go‎
Lines changed: 18 additions & 0 deletions b/‎pkg/cmd/auth/auth.go‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎pkg/cmd/auth/login/client.go‎
Lines changed: 48 additions & 0 deletions b/‎pkg/cmd/auth/login/client.go‎
Lines changed: 48 additions & 0 deletions
@@ -3,6 +3,7 @@ package api
 import (
 	"bytes"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -195,19 +196,18 @@ func (err HTTPError) Error() string {
 	return fmt.Sprintf("HTTP %d (%s)", err.StatusCode, err.RequestURL)
 }
 
-// Returns whether or not scopes are present, appID, and error
-func (c Client) HasScopes(wantedScopes ...string) (bool, string, error) {
-	url := "https://api.github.com/user"
-	req, err := http.NewRequest("GET", url, nil)
+func (c Client) HasMinimumScopes(hostname string) (bool, error) {
+	apiEndpoint := ghinstance.RESTPrefix(hostname)
+
+	req, err := http.NewRequest("GET", apiEndpoint, nil)
 	if err != nil {
-		return false, "", err
+		return false, err
 	}
 
 	req.Header.Set("Content-Type", "application/json; charset=utf-8")
-
 	res, err := c.http.Do(req)
 	if err != nil {
-		return false, "", err
+		return false, err
 	}
 
 	defer func() {
@@ -218,26 +218,36 @@ func (c Client) HasScopes(wantedScopes ...string) (bool, string, error) {
 	}()
 
 	if res.StatusCode != 200 {
-		return false, "", handleHTTPError(res)
+		return false, handleHTTPError(res)
 	}
 
-	appID := res.Header.Get("X-Oauth-Client-Id")
 	hasScopes := strings.Split(res.Header.Get("X-Oauth-Scopes"), ",")
 
-	found := 0
+	search := map[string]bool{
+		"repo":      false,
+		"read:org":  false,
+		"admin:org": false,
+	}
+
 	for _, s := range hasScopes {
-		for _, w := range wantedScopes {
-			if w == strings.TrimSpace(s) {
-				found++
-			}
-		}
+		search[strings.TrimSpace(s)] = true
 	}
 
-	if found == len(wantedScopes) {
-		return true, appID, nil
+	errorMsgs := []string{}
+	if !search["repo"] {
+		errorMsgs = append(errorMsgs, "missing required scope 'repo'")
 	}
 
-	return false, appID, nil
+	if !search["read:org"] && !search["admin:org"] {
+		errorMsgs = append(errorMsgs, "missing required scope 'read:org'")
+	}
+
+	if len(errorMsgs) > 0 {
+		return false, errors.New(strings.Join(errorMsgs, ";"))
+	}
+
+	return true, nil
+
 }
 
 // GraphQL performs a GraphQL request and parses the response
 
@@ -22,6 +22,8 @@ import (
 	"github.com/cli/cli/internal/ghrepo"
 	"github.com/cli/cli/internal/run"
 	apiCmd "github.com/cli/cli/pkg/cmd/api"
+	authCmd "github.com/cli/cli/pkg/cmd/auth"
+	authLoginCmd "github.com/cli/cli/pkg/cmd/auth/login"
 	gistCreateCmd "github.com/cli/cli/pkg/cmd/gist/create"
 	prCheckoutCmd "github.com/cli/cli/pkg/cmd/pr/checkout"
 	prDiffCmd "github.com/cli/cli/pkg/cmd/pr/diff"
@@ -134,6 +136,9 @@ func init() {
 	RootCmd.AddCommand(gistCmd)
 	gistCmd.AddCommand(gistCreateCmd.NewCmdCreate(cmdFactory, nil))
 
+	RootCmd.AddCommand(authCmd.Cmd)
+	authCmd.Cmd.AddCommand(authLoginCmd.NewCmdLogin(cmdFactory, nil))
+
 	resolvedBaseRepo := func() (ghrepo.Interface, error) {
 		httpClient, err := cmdFactory.HttpClient()
 		if err != nil {
 
@@ -9,6 +9,7 @@ import (
 
 	"github.com/cli/cli/api"
 	"github.com/cli/cli/auth"
+	"github.com/cli/cli/utils"
 )
 
 var (
@@ -67,7 +68,7 @@ func authFlow(oauthHost, notice string) (string, string, error) {
 	}
 
 	fmt.Fprintln(os.Stderr, notice)
-	fmt.Fprintf(os.Stderr, "Press Enter to open %s in your browser... ", flow.Hostname)
+	fmt.Fprintf(os.Stderr, "- %s to open %s in your browser... ", utils.Bold("Press Enter"), flow.Hostname)
 	_ = waitForEnter(os.Stdin)
 	token, err := flow.ObtainAccessToken()
 	if err != nil {
@@ -83,7 +84,8 @@ func authFlow(oauthHost, notice string) (string, string, error) {
 }
 
 func AuthFlowComplete() {
-	fmt.Fprintln(os.Stderr, "Authentication complete. Press Enter to continue... ")
+	fmt.Fprintf(os.Stderr, "%s Authentication complete. %s to continue...\n",
+		utils.GreenCheck(), utils.Bold("Press Enter"))
 	_ = waitForEnter(os.Stdin)
 }
 
 
@@ -0,0 +1,18 @@
+package auth
+
+import (
+	"github.com/spf13/cobra"
+)
+
+var Cmd = &cobra.Command{
+	Use:   "auth <command>",
+	Short: "Login, logout, and refresh your authentication",
+	Long:  `Manage gh's authentication state.`,
+	// TODO this all doesn't exist yet
+	//Example: heredoc.Doc(`
+	//	$ gh auth login
+	//	$ gh auth status
+	//	$ gh auth refresh --scopes gist
+	//	$ gh auth logout
+	//`),
+}
@@ -0,0 +1,48 @@
+package login
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/cli/cli/api"
+	"github.com/cli/cli/internal/config"
+)
+
+func validateHostCfg(hostname string, cfg config.Config) error {
+	apiClient, err := clientFromCfg(hostname, cfg)
+	if err != nil {
+		return err
+	}
+
+	_, err = apiClient.HasMinimumScopes(hostname)
+	if err != nil {
+		return fmt.Errorf("could not validate token: %w", err)
+	}
+
+	return nil
+}
+
+var clientFromCfg = func(hostname string, cfg config.Config) (*api.Client, error) {
+	var opts []api.ClientOption
+
+	token, err := cfg.Get(hostname, "oauth_token")
+	if err != nil {
+		return nil, err
+	}
+
+	if token == "" {
+		return nil, fmt.Errorf("no token found in config for %s", hostname)
+	}
+
+	opts = append(opts,
+		// no access to Version so the user agent is more generic here.
+		api.AddHeader("User-Agent", "GitHub CLI"),
+		api.AddHeaderFunc("Authorization", func(req *http.Request) (string, error) {
+			return fmt.Sprintf("token %s", token), nil
+		}),
+	)
+
+	httpClient := api.NewHTTPClient(opts...)
+
+	return api.NewClientFromHTTP(httpClient), nil
+}
Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,7 @@ import (`
`9`	`9`
`10`	`10`	`"github.com/cli/cli/api"`
`11`	`11`	`"github.com/cli/cli/auth"`
	`12`	`+ "github.com/cli/cli/utils"`
`12`	`13`	`)`
`13`	`14`
`14`	`15`	`var (`
`@@ -67,7 +68,7 @@ func authFlow(oauthHost, notice string) (string, string, error) {`
`67`	`68`	`}`
`68`	`69`
`69`	`70`	`fmt.Fprintln(os.Stderr, notice)`
`70`		`- fmt.Fprintf(os.Stderr, "Press Enter to open %s in your browser... ", flow.Hostname)`
	`71`	`+ fmt.Fprintf(os.Stderr, "- %s to open %s in your browser... ", utils.Bold("Press Enter"), flow.Hostname)`
`71`	`72`	`_ = waitForEnter(os.Stdin)`
`72`	`73`	`token, err := flow.ObtainAccessToken()`
`73`	`74`	`if err != nil {`
`@@ -83,7 +84,8 @@ func authFlow(oauthHost, notice string) (string, string, error) {`
`83`	`84`	`}`
`84`	`85`
`85`	`86`	`func AuthFlowComplete() {`
`86`		`- fmt.Fprintln(os.Stderr, "Authentication complete. Press Enter to continue... ")`
	`87`	`+ fmt.Fprintf(os.Stderr, "%s Authentication complete. %s to continue...\n",`
	`88`	`+ utils.GreenCheck(), utils.Bold("Press Enter"))`
`87`	`89`	`_ = waitForEnter(os.Stdin)`
`88`	`90`	`}`
`89`	`91`