Cache token scope check failures

[smashwilson]

Please be sure to read the contributor's guide to the GitHub package before submitting any pull requests.

Requirements

• Filling out the template is required. Any pull request that does not include enough information to be reviewed in a timely manner may be closed at the maintainers' discretion.
• Suggestion: You can use checklists to keep track of progress for the sections on metrics, tests, documentation, and user research.

Description of the Change

I've changed GithubLoginModel to cache not just the set of successfully authenticated tokens, but also tokens that have resulted in authentication failures or those that don't have sufficient OAuth scopes to be used.

I did not cache tokens that fail the scope-check because the fetch call raised an error, to prevent us from remembering the failure from a transient network error (or a GitHub outage).

Alternate Designs

We may also be able to address this with careful handling of how GithubLoginModel::getToken() is called, ensuring that it's only ever retried when the token has actually changed. Fixing it within getToken() feels more robust.

Benefits

We will no longer lock users out with rate-limit errors when the token stored in your OS keychain is revoked or older than the last time that we've changed the required OAuth scopes.

Possible Drawbacks

The Map of checked tokens could, theoretically, grow without bound. For it to be an issue you'd need to revoke and regenerate tokens millions of times. I'm guessing that the GitHub API would become unhappy with you long before your RAM started to noticeably bloat.

Applicable Issues

Fixes #1868.

Metrics

N/A

Tests

I've added unit tests to GithubLoginModel to test the caching of various kinds of failures.

To test it manually, I'll:

1. Add a console.log to trace each time we're doing the scope check.
2. Generate a personal access token without the OAuth scopes that we need.
3. Log out of the GitHub package.
4. Log back in with the PAT.
5. Verify that the "insufficient scopes" message shows up in the GitHub tab, but that the scope check only happens once.
6. Revoke the PAT.
7. Reload Atom.
8. Verify that the "log in" message shows up in the GitHub tab, but that the scope check only happens once.

Documentation

N/A

Release Notes

• Fixed an issue where the GitHub package would check your OAuth token scopes repeatedly if the token was invalid or had insufficient scopes.

User Experience Research (Optional)

N/A

[codecov]

Codecov Report

Merging #1871 into master will increase coverage by 0.06%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #1871      +/-   ##
==========================================
+ Coverage   91.14%   91.21%   +0.06%     
==========================================
  Files         196      196              
  Lines       10745    10745              
  Branches     1575     1574       -1     
==========================================
+ Hits         9794     9801       +7     
+ Misses        951      944       -7

Impacted Files	Coverage Δ
lib/shared/keytar-strategy.js	58.13% <100%> (+0.32%)	⬆️
lib/models/github-login-model.js	89.83% <100%> (+11.49%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c2da601...e8f41f1. Read the comment docs.

[smashwilson]

From manual testing - here's the call log from master:

And here's the call log from this branch:

We still have two duplicated HEAD requests; that's because we have two calls to getToken that are asynchronously interleaved, so the second doesn't see the cached result from the first. Two hits per Atom launch are still much better than two hits per any render whatsoever 😅

[vanessayuenn]

@annthurium and I discussed to implement a mentionable user fallback for an insufficient token scope by loading the authors from last n commits instead of just showing nothing. But I would be happy to address this in another PR so we don't hold up release.

I left a question, but this otherwise LGTM 👍 .

[smashwilson]

@annthurium and I discussed to implement a mentionable user fallback for an insufficient token scope by loading the authors from last n commits instead of just showing nothing. But I would be happy to address this in another PR so we don't hold up release.

Yeah, this is kind of what I was thinking 😄 I'll file another issue for that so we don't lose track of it.

[smashwilson]

Filed as #1872. ✨