Merge branch '4-stable' into rzhade3/update-migration-docs

Author: Heather Harvey

lib/octokit/client.rb

@@ -238,11 +238,11 @@ def client_without_redirects(options = {})
       conn_opts[:ssl] = { :verify_mode => @ssl_verify_mode } if @ssl_verify_mode
       conn = Faraday.new(conn_opts) do |http|
         if basic_authenticated?
-          http.basic_auth(@login, @password)
+          http.request :basic_auth, @login, @password
         elsif token_authenticated?
-          http.authorization 'token', @access_token
+          http.request :authorization, 'token', @access_token
         elsif bearer_authenticated?
-          http.authorization 'Bearer', @bearer_token
+          http.request :authorization, 'Bearer', @bearer_token
         end
         http.headers['accept'] = options[:accept] if options.key?(:accept)
       end

lib/octokit/client/pub_sub_hubbub.rb

@@ -91,9 +91,9 @@ def pub_sub_hubbub_request(options = {})
         conn = Faraday.new(:url => @api_endpoint) do |http|
           http.headers[:user_agent] = user_agent
           if basic_authenticated?
-            http.basic_auth(@login, @password)
+            http.request :basic_auth, @login, @password
           elsif token_authenticated?
-            http.authorization 'token', @access_token
+            http.request :authorization, 'token', @access_token
           end
           http.request  :url_encoded
           http.use Octokit::Response::RaiseError

lib/octokit/connection.rb

@@ -107,13 +107,13 @@ def agent
         http.headers[:content_type] = "application/json"
         http.headers[:user_agent] = user_agent
         if basic_authenticated?
-          http.basic_auth(@login, @password)
+          http.request :basic_auth, @login, @password
         elsif token_authenticated?
-          http.authorization 'token', @access_token
+          http.request :authorization, 'token', @access_token
         elsif bearer_authenticated?
-          http.authorization 'Bearer', @bearer_token
+          http.request :authorization, 'Bearer', @bearer_token
         elsif application_authenticated?
-          http.basic_auth(@client_id, @client_secret)
+          http.request :basic_auth, @client_id, @client_secret
         end
       end
     end
@@ -176,7 +176,7 @@ def sawyer_options
         :links_parser => Sawyer::LinkParsers::Simple.new
       }
       conn_opts = @connection_options
-      conn_opts[:builder] = @middleware if @middleware
+      conn_opts[:builder] = @middleware.dup if @middleware
       conn_opts[:proxy] = @proxy if @proxy
       if conn_opts[:ssl].nil?
         conn_opts[:ssl] = { :verify_mode => @ssl_verify_mode } if @ssl_verify_mode

lib/octokit/middleware/follow_redirects.rb

@@ -86,7 +86,10 @@ def update_env(env, request_body, response)
         original_url = env[:url]
         env[:url] += safe_escape(response["location"])
         unless same_host?(original_url, env[:url])
-          env[:request_headers].delete("Authorization")
+          # HACK: Faraday’s Authorization middlewares don’t touch the request if the `Authorization` header is set.
+          #       This is a workaround to drop authentication info.
+          #       See https://github.com/octokit/octokit.rb/pull/1359#issuecomment-925609697
+          env[:request_headers]["Authorization"] = "dummy"
         end
 
         if convert_to_get?(response)

spec/helper.rb

@@ -9,7 +9,10 @@
 require 'webmock/rspec'
 require 'base64'
 require 'jwt'
-require 'pry-byebug'
+# latest version of pry-byebug is not compatible with Ruby 3.2.0
+if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('3.2.0')
+  require 'pry-byebug'
+end
 
 WebMock.disable_net_connect!()
 

spec/octokit/client_spec.rb

@@ -599,7 +599,7 @@
 
       assert_requested original_request
       assert_requested(:get, "https://example.com/bar") { |req|
-        req.headers["Authorization"].nil?
+        req.headers["Authorization"] == "dummy"
       }
     end