authentication fails with two factor auth

[grimreaper]

If github two-factor auth is enabled then hub fails to ask for the second factor, and then fails to authorize.

[mislav]

This is already in master and will be included in the next release. If you're using Homebrew on Mac, you can upgrade to the edge version:

brew upgrade hub --HEAD

See #399 #409

[grimreaper]

I use FreeBSD - thanks!

[mislav]

Then you can download the source code and run rake install, which will install /usr/local/bin/hub executable with the latest features. Remember to report any bugs you might find!

[picsoung]

Hey :) I did upgrade using the brew command.
I am prompted for a two factor auth code.
but I don't receive the code on my phone (github.com setup).

Just wanted to point it out.
thanks :)

[mislav]

@picsoung Did you expect to get the code using SMS? Are you not using a mobile app such as Google Authenticator?

Not getting the SMS is probably a bug with GitHub's API. Can you retry it a couple of times and see if you stil don't get the SMS message?

[picsoung]

I tried several times yesterday... and I did not get any text.
When I am logging on Github.com normally, I receive a text with the code without any issue.

I have a crappy old phone so it goes through SMS and not an app.

[mislav]

@picsoung OK, I want you to try something that will help us see the requests being made. If you have a debugging HTTP proxy, then you can use it, but if you don't you can download mine. Simply put the proxy script somewhere in your PATH and:

# in one terminal tab
$ proxy 8888

# in another terminal tab
$ https_proxy=localhost:8888 hub ...

Now all API requests will be routed through the debugging proxy and you should see the information in the proxy tab. That's the same method I use for debugging HTTP requests. Paste us the output, but remember to anonymize the encoded value in the Authorization: Basic header since it contains your password.

[picsoung]

Here is what I got

GET https://api.github.com/authorizations HTTP/1.1
accept: */*
authorization: Basic blablabla==
user-agent: Hub 1.10.6
HTTP/1.1 401 Unauthorized
content-type: application/json; charset=utf-8
content-length: 159
access-control-allow-credentials: true
access-control-expose-headers: ETag, Link, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes
access-control-allow-origin: *
{
  "message": "Must specify two-factor authentication OTP code.",
  "documentation_url": "http://developer.github.com/v3/auth#working-with-two-factor-authentication"
}

[mislav]

@picsoung Thanks for trying this. I just realized I was stupid and in my proxy script I stripped the X-* headers, and the x-github-otp header is the one we're mostly interested in :( Can you edit the proxy script and in the silence_header? method, edit the regex to remove | ^x- from the end? Then try again. Thanks! Sorry that I'm making you do this :(

[picsoung]

No worries ;)

GET https://api.github.com/authorizations HTTP/1.1
user-agent: Hub 1.10.6
accept: */*
authorization: Basic blablabla==
HTTP/1.1 401 Unauthorized
content-type: application/json; charset=utf-8
x-github-otp: required; sms
x-github-media-type: github.beta
x-content-type-options: nosniff
content-length: 159
access-control-allow-credentials: true
access-control-expose-headers: ETag, Link, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes
access-control-allow-origin: *
x-github-request-id: 501E7C7D:42EA:25DE07:526F9ACE
{
  "message": "Must specify two-factor authentication OTP code.",
  "documentation_url": "http://developer.github.com/v3/auth#working-with-two-factor-authentication"
}

[mislav]

@picsoung OK, thanks to that I've found a bug in GitHub's API. I don't know when we can get it fixed, but until then you're stuck. You can try create a token manually from the site https://github.com/settings/tokens/new and save it in ~/.config/hub:

---
github.com:
- oauth_token: TOKEN
  user: USERNAME

[picsoung]

yeah bug found ! 👍 thanks for your help :)