Enhance GitHub token input validation and confirmation (#207)

Cyber-Syntax · web-flow · commit fca8610e2536 · 2025-09-19T13:21:25.000+03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,7 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## v1.7.3-alpha
 ## v1.7.2-alpha
 ## v1.7.1-alpha
 ## v1.7.0-alpha
diff --git a/my_unicorn/auth.py b/my_unicorn/auth.py
@@ -107,19 +107,41 @@ def save_token() -> None:
         """Prompt user for GitHub token and save it securely."""
         try:
             token: str = getpass.getpass(prompt="Enter your GitHub token (input hidden): ")
-            if not token.strip():
+            if token is None:
+                logger.error("No input received for GitHub token.")
+                raise ValueError("Token cannot be empty")
+
+            # Normalize input by stripping surrounding whitespace so accidental
+            # spaces don't cause validation/confirmation mismatches. GitHub
+            # tokens do not include leading/trailing whitespace in normal use.
+            token = token.strip()
+            if not token:
                 logger.error("Attempted to save an empty GitHub token.")
                 raise ValueError("Token cannot be empty")
 
+            # Confirm token input
+            confirm_token: str = getpass.getpass(prompt="Confirm your GitHub token: ")
+            if confirm_token is None:
+                logger.error("No input received for GitHub token confirmation.")
+                raise ValueError("Token confirmation does not match")
+
+            confirm_token = confirm_token.strip()
+            if token != confirm_token:
+                logger.error("GitHub token confirmation does not match.")
+                raise ValueError("Token confirmation does not match")
+
             # Validate token format before saving
             if not validate_github_token(token):
                 logger.error("Invalid GitHub token format provided.")
                 raise ValueError("Invalid GitHub token format. Must be a valid GitHub token.")
 
             keyring.set_password(GitHubAuthManager.GITHUB_KEY_NAME, "token", token)
             logger.info("GitHub token saved successfully.")
+        except (EOFError, KeyboardInterrupt) as e:
+            logger.error("GitHub token input aborted: %s", e)
+            raise ValueError("Token input aborted by user") from e
         except Exception as e:
-            logger.error(f"Failed to save GitHub token to keyring: {e}")
+            logger.error("Failed to save GitHub token to keyring: %s", e)
             raise
 
     @staticmethod
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = 'my-unicorn'
-version = '1.7.2-alpha'
+version = '1.7.3-alpha'
 maintainers = [{ name = "Cyber-Syntax" }]
 license = { text = "GPL-3.0-or-later" }
 description = 'My Unicorn is a command-line tool to manage AppImages on Linux. It allows users to install, update, and manage AppImages from GitHub repositories easily. It is designed to simplify the process of handling AppImages, making it more convenient for users to keep their applications up-to-date.'
