From fb67f735447801c4f2fea0f50774d1fa27de2c58 Mon Sep 17 00:00:00 2001
From: Niels Braczek <nbraczek@bsds.de>
Date: Mon, 30 Nov 2020 00:04:38 +0100
Subject: [PATCH 1/2] Refactoring - Prevent fetching a URL from changing the
 HTTP client

---
 Tests/GithubObjectTest.php   |  3 ++-
 src/AbstractGithubObject.php | 18 ++++++------------
 2 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/Tests/GithubObjectTest.php b/Tests/GithubObjectTest.php
index 4d75ff4b..85b5632c 100755
--- a/Tests/GithubObjectTest.php
+++ b/Tests/GithubObjectTest.php
@@ -143,9 +143,10 @@ public function testFetchUrlBasicAuth()
 	public function testFetchUrlToken()
 	{
 		$this->options->set('api.url', 'https://api.github.com');
-
 		$this->options->set('gh.token', 'MyTestToken');
 
+		$this->object = new ObjectMock($this->options, $this->client);
+
 		self::assertEquals(
 			'https://api.github.com/gists',
 			(string) $this->object->fetchUrl('/gists', 0, 0),
diff --git a/src/AbstractGithubObject.php b/src/AbstractGithubObject.php
index 0b22dd33..dee5fee7 100644
--- a/src/AbstractGithubObject.php
+++ b/src/AbstractGithubObject.php
@@ -103,6 +103,11 @@ public function __construct(Registry $options = null, BaseHttp $client = null)
 			$this->options['timeout'] = 120;
 		}
 
+		if ($this->options->get('gh.token', false))
+		{
+			$this->client->setOption('headers', array('Authorization' => 'token ' . $this->options->get('gh.token')));
+		}
+
 		$this->package = \get_class($this);
 		$this->package = substr($this->package, strrpos($this->package, '\\') + 1);
 	}
@@ -126,18 +131,7 @@ protected function fetchUrl($path, $page = 0, $limit = 0)
 		// Get a new Uri object focusing the api url and given path.
 		$uri = new Uri($this->options->get('api.url') . $path);
 
-		if ($this->options->get('gh.token', false))
-		{
-			// Use oAuth authentication
-			$headers = $this->client->getOption('headers', array());
-
-			if (!isset($headers['Authorization']))
-			{
-				$headers['Authorization'] = 'token ' . $this->options->get('gh.token');
-				$this->client->setOption('headers', $headers);
-			}
-		}
-		else
+		if (!$this->options->get('gh.token', false))
 		{
 			// Use basic authentication
 			if ($this->options->get('api.username', false))

From 7a3ccd094fb1dae05da387358ee379b6d2e869ce Mon Sep 17 00:00:00 2001
From: Niels Braczek <nbraczek@bsds.de>
Date: Mon, 30 Nov 2020 00:30:14 +0100
Subject: [PATCH 2/2] Test - Ensure unchanged HTTP client after fetching a URL

---
 Tests/GithubObjectTest.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Tests/GithubObjectTest.php b/Tests/GithubObjectTest.php
index 85b5632c..3106dcaf 100755
--- a/Tests/GithubObjectTest.php
+++ b/Tests/GithubObjectTest.php
@@ -147,12 +147,20 @@ public function testFetchUrlToken()
 
 		$this->object = new ObjectMock($this->options, $this->client);
 
+		$clientBeforeFetchUrl = clone $this->client;
+
 		self::assertEquals(
 			'https://api.github.com/gists',
 			(string) $this->object->fetchUrl('/gists', 0, 0),
 			'URL is not as expected.'
 		);
 
+		self::assertEquals(
+			$clientBeforeFetchUrl,
+			$this->client,
+			'HTTP client should not have changed'
+		);
+
 		self::assertEquals(
 			array('Authorization' => 'token MyTestToken'),
 			$this->client->getOption('headers'),