Vscode-pull-request-github: Clarify usage with Enterprise instances

Having similar issue, though our github instance also has SSO enabled, which also seems to throw the extension through a loop.

The normal signin won't work because the update to enable it in enterprise instances is going to be shipped this week so it won't be on your instance until your admin updates it (once it's available) - unfortunately we couldn't align those schedules nicely.

Manually setting the token should work though. What scopes are you selecting for the personal auth token?

I'm having the same problem. Also have SSO enabled on our instance. On my personal auth token I have read:user, user:email, repo and write:discussion checked, as per your comment https://github.com/Microsoft/vscode-pull-request-github/issues/384#issuecomment-419993453

I've tried it with more permissions as well. When I save the User Settings file I get a popup saying "Fetching pull requests failed: Not authenticated" and my settings are reset to only contain the "host" section.

Weeeeird. What does the log show in the Output tab, GitHub Pull Requests dropdown option?

Also, what are you using as the url for the host? Is it just https://your-domain?

Yes I am just using https://my-domain for the host url.

Output of GitHub Pull requests below:

> git config --local --get branch.master.github-pr-owner-number
> git symbolic-ref --short HEAD
> git rev-parse master
> git rev-parse --symbolic-full-name master@{u}
> git rev-list --left-right master...refs/remotes/origin/master
> git for-each-ref --format %(refname) %(objectname) --sort -committerdate
> git remote --verbose
> git config --local --get remote.origin.github-pr-remote
GitHubRepository> Fetching all pull requests failed: Error: Not authenticated.
> git branch
> git config --local --get remote.origin.github-pr-remote
> git config --local --get remote.origin.github-pr-remote
> git config --local --get remote.origin.github-pr-remote
GitHubRepository> Fetching all pull requests failed: Error: Not authenticated.
> git config --local --get branch.MM-1954.github-pr-owner-number
> git config --local --get branch.MM-2023.github-pr-owner-number
> git config --local --get branch.MM-962.github-pr-owner-number
> git config --local --get branch.dev.github-pr-owner-number
> git config --local --get branch.master.github-pr-owner-number
> git config --local --get branch.qa.github-pr-owner-number
> git config --local --get branch.staging.github-pr-owner-number
GitHubRepository> Fetching all pull requests failed: Error: Not authenticated.
GitHubRepository> Fetching all pull requests failed: Error: Not authenticated.
> git branch
> git config --local --get remote.origin.github-pr-remote
> git config --local --get remote.origin.github-pr-remote
> git config --local --get remote.origin.github-pr-remote
GitHubRepository> Fetching all pull requests failed: Error: Not authenticated.
> git config --local --get branch.MM-1954.github-pr-owner-number
> git config --local --get branch.MM-2023.github-pr-owner-number
> git config --local --get branch.MM-962.github-pr-owner-number
> git config --local --get branch.dev.github-pr-owner-number
> git config --local --get branch.master.github-pr-owner-number
> git config --local --get branch.qa.github-pr-owner-number
> git config --local --get branch.staging.github-pr-owner-number
GitHubRepository> Fetching all pull requests failed: Error: Not authenticated.
GitHubRepository> Fetching all pull requests failed: Error: Not authenticated.

I’m away from the computer so I can’t check the output, but my experience was the same as TeamTeaTime’s. And just to be sure I granted all available permissions.

The URL for the host I’ve put is https://github.ourdomain.com

Thanks for the info, I'll try to repro internally and get a fix going for y'all. Sorry for the trouble!

@shana I believe this might be happening because our GitHub Enterprise instance does not have rate limiting enabled which makes GET /api/v3/rate_limit return a 404 error with this error:

{
    "message": "Rate limiting is not enabled.",
    "documentation_url": "https://developer.github.com/enterprise/2.13/v3/rate_limit/#get-your-current-rate-limit-status"
}

That API is used to validate the provided credentials on start-up and the validation fails because of the 404:
https://github.com/Microsoft/vscode-pull-request-github/blob/cd5f1dd04e90655409765ee973ac4db611392431/src/authentication/githubServer.ts#L210

If the credentials for the request however were actually bad, GHE would respond with a 401 error and

{
    "message": "Bad credentials",
    "documentation_url": "https://developer.github.com/enterprise/2.13/v3"
}

I just opened https://github.com/Microsoft/vscode-pull-request-github/pull/397 with a suggested fix that locally made the extension work for me ✨

@TeamTeaTime @cederfjard Could you try to run this curl request and see if you also get a 404 response?

curl -X GET -H 'Authorization: token $TOKEN' https://$DOMAIN/api/v3/rate_limit

@lumaxis Aaaaah, darn it, you might be right, good catch. I was suspecting that the credential validation was failing, and that makes total sense. 😢

@lumaxis FWIW, there should be double quote to get $TOKEN substituted

curl -X GET -H "Authorization: token $TOKEN" https://$DOMAIN/api/v3/rate_limit

(It took for me some time to figure out why my token returns "Bad credentials" and not anything else)

@tsafin Yea, sorry I didn't mean those as literal bash variables, more like figurative placeholders 😅

Looks like you are right.
Response below:

{
  "message": "Rate limiting is not enabled.",
  "documentation_url": "https://developer.github.com/enterprise/2.14/v3/rate_limit/#get-your-current-rate-limit-status"
}

can confirm this fixes it for me https://github.com/Microsoft/vscode-pull-request-github/pull/397

@lumaxis Yep, same for me:

{
  "message": "Rate limiting is not enabled.",
  "documentation_url": "https://developer.github.com/enterprise/2.12/v3/rate_limit/#get-your-current-rate-limit-status"
}

:wave: I have an alternate patch in #411 with some extra benefits in the long run (and some other fixes to issues I stumbled upon along the way). Could you check whether it fixes things for you?

@shana https://github.com/Microsoft/vscode-pull-request-github/pull/411 works for me. Thank you 👍

My GitHub Enterprise instance uses SSO. When I attempt to sign in from VSCode, I get a page with a "Continue" button. When I click that button, I get a 404 (URL = https:///login/oauth/authorize?state=action%3Acode%3Bguid%3A6652a2c3-3f81-46bb-bda8-dcb61b94e933&scope=read...). The plugin is configured with host, username, and token.

@thorntonrose Sign in via the web browser in enterprise instances won't work until the latest hotfix release of GitHub Enterprise ships out this week (and then after your enterprise admin applies the update). Until your enterprise instance supports it, you'll need to create a personal auth token and manually configure it in the user settings in vscode, as explained above in the issue body. In SSO instances, you then have to click the SSO "button" in the personal auth token list in order to authorize it for SSO, as explained in https://help.github.com/articles/authorizing-a-personal-access-token-for-use-with-a-saml-single-sign-on-organization/

If it still doesn't work for you, most likely you're also affected by the bug that this issue is talking about. There's a patch for it which we'll get out to the marketplace asap.

@shana I can't get it to work with #411 either, same issue, but I concede that I might be doing something wrong. I'll wait for when the new version is out and see. Thank you for getting round to this so quickly!

@cederfjard For what it's worth these are the settings I had to use to get it working with #411:

 "github.hosts": [
        {
            "host": "https://domain",
            "username": "oauth",
            "token": "token"
        }
    ]

@TeamTeaTime Cheers, I'm still having the same issues though. The username and token are stripped from my settings, and the output says GitHubRepository> Fetching all pull requests failed: Error: Not authenticated.. The stripping happens at different times, but right now I'm it's as soon as I save my settings. This at commit 4d60958a35112c6af5175cbe1f0d26a8e1764f68.

@shana Is there perhaps something else that our admins might have turned off that could prevent the extension from authenticating?

This isn't fixed, what I'm seeing is this:

In Githubserver.ts you are explicitly setting username and token ("oauth" and undefined respectively). And, only passing host.

Changing the GitHubServer constructore to something like this:

public constructor(host: string, username: string = "oauth", token: string = undefined)

And then passing token and username if they exist (or not oauth) and then adding a check to short circuit things if token != undefined just returning the hostConfiguration

Additionally you are setting the wrong Auth header string it should be Authorization: Bearer $token not Authorization: token $token

I just installed a new version (0.1.3, which should have this fix right?) and tried again, and I'm having the same problems. The username and token are stripped, either straight away when I save them, or when I go to the SCM viewlet and click anywhere on the pull request treeview (as well as when I click on the popup to sign in).

Obviously it works for some people, I'm wondering if I'm doing it the wrong way then? Or like I said above, if our instance may be configured in some other way that prevents this from working. I know this way of authenticating isn't officially supported, so I understand if you don't want to put too much effort into solving this, but I'd love to get it working.

This is the output I get:

Looking for git repository
> git symbolic-ref --short HEAD
> git rev-parse cc/12433
> git rev-parse --symbolic-full-name cc/12433@{u}
> git for-each-ref --format %(refname) %(objectname) --sort -committerdate
> git remote --verbose
Git repository found, initializing review manager and pr tree view.
> git config --local --get remote.origin.github-pr-remote
Unable to resolve remote: Error: Not authenticated.
> git config --local --get branch.cc/12433.github-pr-owner-number
Review> no matching pull request metadata found for current branch cc/12433
> git config --local --get branch.cc/12433.github-pr-owner-number
> git symbolic-ref --short HEAD
> git rev-parse cc/12433
> git rev-parse --symbolic-full-name cc/12433@{u}
> git for-each-ref --format %(refname) %(objectname) --sort -committerdate
> git remote --verbose
> git config --local --get remote.origin.github-pr-remote
> git symbolic-ref --short HEAD
> git rev-parse cc/12433
> git rev-parse --symbolic-full-name cc/12433@{u}
> git for-each-ref --format %(refname) %(objectname) --sort -committerdate
> git remote --verbose
> git config --local --get remote.origin.github-pr-remote
Unable to resolve remote: Error: Not authenticated.
> git config --local --get branch.cc/12433.github-pr-owner-number
Review> no matching pull request metadata found for current branch cc/12433
> git config --local --get branch.cc/12433.github-pr-owner-number
> git config --local --get branch.cc/12433.github-pr-owner-number
GitHubRepository> Fetching all pull requests failed: Error: Not authenticated.
> git config --local --get remote.origin.github-pr-remote
> git config --local --get remote.origin.github-pr-remote
> git config --local --get remote.origin.github-pr-remote
GitHubRepository> Fetching all pull requests failed: Error: Not authenticated.
GitHubRepository> Fetching all pull requests failed: Error: Not authenticated.
GitHubRepository> Fetching all pull requests failed: Error: Not authenticated.
> git config --local --get branch.cc/12433.github-pr-owner-number

I notice it says Unable to resolve remote: Error: Not authenticated. in there - just wanna note that I'm a hundred percent certain that the host URL is correct. I was also able to run the curl command that @lumaxis posted above (see https://github.com/Microsoft/vscode-pull-request-github/issues/382#issuecomment-420187460)
```

I'm seeing a similar issue, in that I immediately get an immediate failed to sign in, and the user/token are stripped from the settings.json file. I noted that when I set the values and reload the window, the settings are only stripped _after_ attempting to authenticate:

Looking for git repository
> git symbolic-ref --short HEAD
> git rev-parse XXXX-branch name-XXXX
> git rev-parse --symbolic-full-name XXXX-branch name-XXXX@{u}
> git rev-list --left-right XXXX-branch name-XXXX...refs/remotes/origin/XXXX-branch name-XXXX
> git for-each-ref --format %(refname) %(objectname) --sort -committerdate
> git remote --verbose
Git repository found, initializing review manager and pr tree view.
> git symbolic-ref --short HEAD
> git config --local --get remote.origin.github-pr-remote # <----- somewhere around here the settings get deleted
> git rev-parse XXXX-branch name-XXXX
> git rev-parse --symbolic-full-name XXXX-branch name-XXXX@{u}
> git rev-list --left-right XXXX-branch name-XXXX...refs/remotes/origin/XXXX-branch name-XXXX
> git for-each-ref --format %(refname) %(objectname) --sort -committerdate
> git remote --verbose

Click "Sign in":

Error signing in to github.XXXX.com: Error: read ECONNRESET
Error: read ECONNRESET
    at _errnoException (util.js:1024:11)
    at TLSWrap.onread (net.js:615:25)

I will note that I frequently get ECONNRESET with npm, etc., which I suspect is a side-effect of network "security" measures implemented here (proxy/proxies, one or more AV products, one or more "endpoint protection" products, etc.). What I'm saying is the ECONNRESET may be a local feature, but it would be nice if the settings.json wasn't getting automatically edited.

The odd thing is, I'm pretty sure things were working yesterday, in that I wasn't getting sign-in errors, although I never got as far as creating a PR to test with.

Release 0.1.6 has fixes for the stripping of tokens from the configuration file. It also has fixes for the scopes for older versions of GitHub Enterprise, and a fix for some proxying issues (not all). This should make most things work with versions of enterprise that don't support the easy sign in.

GHE versions that support the easy sign in are:

• 2.14.5+ and above
• 2.13.11+
• 2.12.19+
• 2.11.25

The user being hardcoded to oauth is because the username information is never used in login by the server. It's useful information on other levels (like confirming that the token matches the user we expect, if we originally save the username, for instance), but it's not really needed for sign in. I'm sorry if that's making things confusing, in hindsight it probably shouldn't have been in there at all.

This issue shouldn't have been closed, sorry about that, I mentioned it in a commit and automation auto-closed it.

The docs have been updated with information on how to login to GitHub Enterprise - https://github.com/Microsoft/vscode-pull-request-github/wiki#2-is-github-enterprise-supported

A lot of the bugs reported in this issue have been fixed and shipped - the personal access token not working, questions on how to configure things, the settings file being edited. I'll close this one now, please file new issues if you run into trouble!