Skip to content

Commit 862c341

Browse files
dregaddregad
committed
Clear GitHub token if Client ID or Secret changed
For consistency, whenever the GitHub authentication keys change, we should invalidate (delete) the token. Fixes #301
1 parent 1ab2d33 commit 862c341

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

SourceGithub/SourceGithub.php

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -206,6 +206,13 @@ public function update_repo( $p_repo ) {
206206
$f_hub_webhook_secret = gpc_get_string( 'hub_webhook_secret' );
207207
$f_master_branch = gpc_get_string( 'master_branch' );
208208

209+
# Clear the access token if client id and secret changed
210+
if( $p_repo->info['hub_app_client_id'] != $f_hub_app_client_id
211+
|| $p_repo->info['hub_app_secret'] != $f_hub_app_secret
212+
) {
213+
unset($p_repo->info['hub_app_access_token']);
214+
}
215+
209216
$this->validate_branch_list( $f_master_branch );
210217

211218
$p_repo->info['hub_username'] = $f_hub_username;

0 commit comments

Comments
 (0)